YARN-1640. Fixed manual failover of ResourceManagers to work correctly in secure clusters. Contributed by Xuan Gong.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1579510 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
44deaa8241
commit
764af69aa0
@ -520,6 +520,9 @@ Release 2.4.0 - UNRELEASED
|
||||
launched by AMs running on the same machine as the AM are correctly
|
||||
propagated. (Jian He via vinodkv)
|
||||
|
||||
YARN-1640. Fixed manual failover of ResourceManagers to work correctly in
|
||||
secure clusters. (Xuan Gong via vinodkv)
|
||||
|
||||
Release 2.3.1 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
@ -21,6 +21,7 @@
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.BlockingQueue;
|
||||
import java.util.concurrent.LinkedBlockingQueue;
|
||||
@ -164,6 +165,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
|
||||
|
||||
private Configuration conf;
|
||||
|
||||
private UserGroupInformation rmLoginUGI;
|
||||
|
||||
public ResourceManager() {
|
||||
super("ResourceManager");
|
||||
}
|
||||
@ -233,6 +236,8 @@ protected void serviceInit(Configuration conf) throws Exception {
|
||||
|
||||
webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf);
|
||||
|
||||
this.rmLoginUGI = UserGroupInformation.getCurrentUser();
|
||||
|
||||
super.serviceInit(this.conf);
|
||||
}
|
||||
|
||||
@ -859,7 +864,18 @@ synchronized void transitionToActive() throws Exception {
|
||||
}
|
||||
|
||||
LOG.info("Transitioning to active state");
|
||||
startActiveServices();
|
||||
|
||||
// use rmLoginUGI to startActiveServices.
|
||||
// in non-secure model, rmLoginUGI will be current UGI
|
||||
// in secure model, rmLoginUGI will be LoginUser UGI
|
||||
this.rmLoginUGI.doAs(new PrivilegedExceptionAction<Void>() {
|
||||
@Override
|
||||
public Void run() throws Exception {
|
||||
startActiveServices();
|
||||
return null;
|
||||
}
|
||||
});
|
||||
|
||||
rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE);
|
||||
LOG.info("Transitioned to active state");
|
||||
}
|
||||
@ -911,6 +927,11 @@ protected void doSecureLogin() throws IOException {
|
||||
InetSocketAddress socAddr = getBindAddress(conf);
|
||||
SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB,
|
||||
YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName());
|
||||
|
||||
// if security is enable, set rmLoginUGI as UGI of loginUser
|
||||
if (UserGroupInformation.isSecurityEnabled()) {
|
||||
this.rmLoginUGI = UserGroupInformation.getLoginUser();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
Loading…
Reference in New Issue
Block a user