YARN-1640. Fixed manual failover of ResourceManagers to work correctly in secure clusters. Contributed by Xuan Gong.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1579510 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Vinod Kumar Vavilapalli 2014-03-20 02:40:21 +00:00
parent 44deaa8241
commit 764af69aa0
2 changed files with 25 additions and 1 deletions

View File

@ -520,6 +520,9 @@ Release 2.4.0 - UNRELEASED
launched by AMs running on the same machine as the AM are correctly
propagated. (Jian He via vinodkv)
YARN-1640. Fixed manual failover of ResourceManagers to work correctly in
secure clusters. (Xuan Gong via vinodkv)
Release 2.3.1 - UNRELEASED
INCOMPATIBLE CHANGES

View File

@ -21,6 +21,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
@ -164,6 +165,8 @@ public class ResourceManager extends CompositeService implements Recoverable {
private Configuration conf;
private UserGroupInformation rmLoginUGI;
public ResourceManager() {
super("ResourceManager");
}
@ -233,6 +236,8 @@ protected void serviceInit(Configuration conf) throws Exception {
webAppAddress = WebAppUtils.getRMWebAppURLWithoutScheme(this.conf);
this.rmLoginUGI = UserGroupInformation.getCurrentUser();
super.serviceInit(this.conf);
}
@ -859,7 +864,18 @@ synchronized void transitionToActive() throws Exception {
}
LOG.info("Transitioning to active state");
startActiveServices();
// use rmLoginUGI to startActiveServices.
// in non-secure model, rmLoginUGI will be current UGI
// in secure model, rmLoginUGI will be LoginUser UGI
this.rmLoginUGI.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
startActiveServices();
return null;
}
});
rmContext.setHAServiceState(HAServiceProtocol.HAServiceState.ACTIVE);
LOG.info("Transitioned to active state");
}
@ -911,6 +927,11 @@ protected void doSecureLogin() throws IOException {
InetSocketAddress socAddr = getBindAddress(conf);
SecurityUtil.login(this.conf, YarnConfiguration.RM_KEYTAB,
YarnConfiguration.RM_PRINCIPAL, socAddr.getHostName());
// if security is enable, set rmLoginUGI as UGI of loginUser
if (UserGroupInformation.isSecurityEnabled()) {
this.rmLoginUGI = UserGroupInformation.getLoginUser();
}
}
@Override