YARN-9689: Support proxy user for Router to support kerberos (#1654)
This commit is contained in:
parent
6f0190d8e4
commit
7d0adddf09
@ -38,6 +38,8 @@
|
|||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
import org.apache.commons.lang3.NotImplementedException;
|
import org.apache.commons.lang3.NotImplementedException;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeys;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.yarn.api.ApplicationClientProtocol;
|
import org.apache.hadoop.yarn.api.ApplicationClientProtocol;
|
||||||
import org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest;
|
import org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest;
|
||||||
import org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenResponse;
|
import org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenResponse;
|
||||||
@ -214,8 +216,15 @@ protected ApplicationClientProtocol getClientRMProxyForSubCluster(
|
|||||||
|
|
||||||
ApplicationClientProtocol clientRMProxy = null;
|
ApplicationClientProtocol clientRMProxy = null;
|
||||||
try {
|
try {
|
||||||
|
boolean serviceAuthEnabled = getConf().getBoolean(
|
||||||
|
CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false);
|
||||||
|
UserGroupInformation realUser = user;
|
||||||
|
if (serviceAuthEnabled) {
|
||||||
|
realUser = UserGroupInformation.createProxyUser(
|
||||||
|
user.getShortUserName(), UserGroupInformation.getLoginUser());
|
||||||
|
}
|
||||||
clientRMProxy = FederationProxyProviderUtil.createRMProxy(getConf(),
|
clientRMProxy = FederationProxyProviderUtil.createRMProxy(getConf(),
|
||||||
ApplicationClientProtocol.class, subClusterId, user);
|
ApplicationClientProtocol.class, subClusterId, realUser);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
RouterServerUtil.logAndThrowException(
|
RouterServerUtil.logAndThrowException(
|
||||||
"Unable to create the interface to reach the SubCluster "
|
"Unable to create the interface to reach the SubCluster "
|
||||||
|
Loading…
Reference in New Issue
Block a user