YARN-4833. For Queue AccessControlException client retries multiple times on both RM. Contributed by Bibin A Chundatt
This commit is contained in:
parent
db719ef125
commit
874577a67d
@ -285,7 +285,7 @@ protected synchronized void checkAppNumCompletedLimit() {
|
|||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
protected void submitApplication(
|
protected void submitApplication(
|
||||||
ApplicationSubmissionContext submissionContext, long submitTime,
|
ApplicationSubmissionContext submissionContext, long submitTime,
|
||||||
String user) throws YarnException, AccessControlException {
|
String user) throws YarnException {
|
||||||
ApplicationId applicationId = submissionContext.getApplicationId();
|
ApplicationId applicationId = submissionContext.getApplicationId();
|
||||||
|
|
||||||
// Passing start time as -1. It will be eventually set in RMAppImpl
|
// Passing start time as -1. It will be eventually set in RMAppImpl
|
||||||
@ -336,8 +336,7 @@ protected void recoverApplication(ApplicationStateData appState,
|
|||||||
|
|
||||||
private RMAppImpl createAndPopulateNewRMApp(
|
private RMAppImpl createAndPopulateNewRMApp(
|
||||||
ApplicationSubmissionContext submissionContext, long submitTime,
|
ApplicationSubmissionContext submissionContext, long submitTime,
|
||||||
String user, boolean isRecovery, long startTime)
|
String user, boolean isRecovery, long startTime) throws YarnException {
|
||||||
throws YarnException, AccessControlException {
|
|
||||||
// Do queue mapping
|
// Do queue mapping
|
||||||
if (!isRecovery) {
|
if (!isRecovery) {
|
||||||
if (rmContext.getQueuePlacementManager() != null) {
|
if (rmContext.getQueuePlacementManager() != null) {
|
||||||
@ -380,9 +379,9 @@ private RMAppImpl createAndPopulateNewRMApp(
|
|||||||
SchedulerUtils.toAccessType(QueueACL.ADMINISTER_QUEUE),
|
SchedulerUtils.toAccessType(QueueACL.ADMINISTER_QUEUE),
|
||||||
applicationId.toString(), appName, Server.getRemoteAddress(),
|
applicationId.toString(), appName, Server.getRemoteAddress(),
|
||||||
null))) {
|
null))) {
|
||||||
throw new AccessControlException(
|
throw RPCUtil.getRemoteException(new AccessControlException(
|
||||||
"User " + user + " does not have permission to submit "
|
"User " + user + " does not have permission to submit "
|
||||||
+ applicationId + " to queue " + submissionContext.getQueue());
|
+ applicationId + " to queue " + submissionContext.getQueue()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -39,14 +39,18 @@
|
|||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.io.DataOutputBuffer;
|
import org.apache.hadoop.io.DataOutputBuffer;
|
||||||
|
import org.apache.hadoop.security.AccessControlException;
|
||||||
import org.apache.hadoop.security.Credentials;
|
import org.apache.hadoop.security.Credentials;
|
||||||
import org.apache.hadoop.service.Service;
|
import org.apache.hadoop.service.Service;
|
||||||
import org.apache.hadoop.yarn.MockApps;
|
import org.apache.hadoop.yarn.MockApps;
|
||||||
|
import org.apache.hadoop.yarn.api.protocolrecords.SubmitApplicationRequest;
|
||||||
import org.apache.hadoop.yarn.api.records.ApplicationAccessType;
|
import org.apache.hadoop.yarn.api.records.ApplicationAccessType;
|
||||||
import org.apache.hadoop.yarn.api.records.ApplicationId;
|
import org.apache.hadoop.yarn.api.records.ApplicationId;
|
||||||
import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext;
|
import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext;
|
||||||
import org.apache.hadoop.yarn.api.records.ContainerLaunchContext;
|
import org.apache.hadoop.yarn.api.records.ContainerLaunchContext;
|
||||||
|
import org.apache.hadoop.yarn.api.records.Priority;
|
||||||
import org.apache.hadoop.yarn.api.records.Resource;
|
import org.apache.hadoop.yarn.api.records.Resource;
|
||||||
|
import org.apache.hadoop.yarn.api.records.ResourceRequest;
|
||||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||||
import org.apache.hadoop.yarn.event.AsyncDispatcher;
|
import org.apache.hadoop.yarn.event.AsyncDispatcher;
|
||||||
import org.apache.hadoop.yarn.event.Dispatcher;
|
import org.apache.hadoop.yarn.event.Dispatcher;
|
||||||
@ -69,9 +73,11 @@
|
|||||||
import org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.ContainerAllocationExpirer;
|
import org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.ContainerAllocationExpirer;
|
||||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
|
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
|
||||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.YarnScheduler;
|
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.YarnScheduler;
|
||||||
|
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler;
|
||||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM;
|
import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM;
|
||||||
import org.apache.hadoop.yarn.server.resourcemanager.timelineservice.RMTimelineCollectorManager;
|
import org.apache.hadoop.yarn.server.resourcemanager.timelineservice.RMTimelineCollectorManager;
|
||||||
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
|
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
|
||||||
|
import org.apache.hadoop.yarn.util.Records;
|
||||||
import org.apache.hadoop.yarn.util.resource.ResourceCalculator;
|
import org.apache.hadoop.yarn.util.resource.ResourceCalculator;
|
||||||
import org.apache.hadoop.yarn.util.resource.Resources;
|
import org.apache.hadoop.yarn.util.resource.Resources;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
@ -280,6 +286,43 @@ public void testRMAppRetireNone() throws Exception {
|
|||||||
isA(RMApp.class));
|
isA(RMApp.class));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testQueueSubmitWithNoPermission() throws IOException {
|
||||||
|
YarnConfiguration conf = new YarnConfiguration();
|
||||||
|
conf.set(YarnConfiguration.RM_SCHEDULER,
|
||||||
|
CapacityScheduler.class.getCanonicalName());
|
||||||
|
conf.set("yarn.scheduler.capacity.root.acl_submit_applications", " ");
|
||||||
|
conf.set("yarn.scheduler.capacity.root.acl_administer_queue", " ");
|
||||||
|
|
||||||
|
conf.set("yarn.scheduler.capacity.root.default.acl_submit_applications",
|
||||||
|
" ");
|
||||||
|
conf.set("yarn.scheduler.capacity.root.default.acl_administer_queue", " ");
|
||||||
|
conf.set(YarnConfiguration.YARN_ACL_ENABLE, "true");
|
||||||
|
MockRM mockRM = new MockRM(conf);
|
||||||
|
ClientRMService rmService = mockRM.getClientRMService();
|
||||||
|
SubmitApplicationRequest req =
|
||||||
|
Records.newRecord(SubmitApplicationRequest.class);
|
||||||
|
ApplicationSubmissionContext sub =
|
||||||
|
Records.newRecord(ApplicationSubmissionContext.class);
|
||||||
|
sub.setApplicationId(appId);
|
||||||
|
ResourceRequest resReg =
|
||||||
|
ResourceRequest.newInstance(Priority.newInstance(0),
|
||||||
|
ResourceRequest.ANY, Resource.newInstance(1024, 1), 1);
|
||||||
|
sub.setAMContainerResourceRequest(resReg);
|
||||||
|
req.setApplicationSubmissionContext(sub);
|
||||||
|
try {
|
||||||
|
rmService.submitApplication(req);
|
||||||
|
} catch (Exception e) {
|
||||||
|
if (e instanceof YarnException) {
|
||||||
|
Assert.assertTrue(e.getCause() instanceof AccessControlException);
|
||||||
|
} else {
|
||||||
|
Assert.fail("Yarn exception is expected");
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
mockRM.close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testRMAppRetireSome() throws Exception {
|
public void testRMAppRetireSome() throws Exception {
|
||||||
long now = System.currentTimeMillis();
|
long now = System.currentTimeMillis();
|
||||||
|
Loading…
Reference in New Issue
Block a user