From 8fadd69047143c9c389cc09ca24100b5f90f79d2 Mon Sep 17 00:00:00 2001 From: Junping Du Date: Tue, 3 Jan 2017 15:03:38 -0800 Subject: [PATCH] YARN-5923. Unable to access logs for a running application if YARN_ACL_ENABLE is enabled. Contributed by Xuan Gong. --- .../server/nodemanager/webapp/WebServer.java | 35 ++++++++++++++++--- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/webapp/WebServer.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/webapp/WebServer.java index bb444db0a8..53e529bcca 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/webapp/WebServer.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/webapp/WebServer.java @@ -22,8 +22,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.security.AuthenticationFilterInitializer; import org.apache.hadoop.security.HttpCrossOriginFilterInitializer; import org.apache.hadoop.service.AbstractService; +import org.apache.hadoop.util.StringUtils; import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.exceptions.YarnRuntimeException; import org.apache.hadoop.yarn.server.nodemanager.Context; @@ -37,6 +40,8 @@ import org.apache.hadoop.yarn.webapp.util.WebAppUtils; import com.sun.jersey.guice.spi.container.servlet.GuiceContainer; +import java.util.ArrayList; +import java.util.List; public class WebServer extends AbstractService { @@ -57,10 +62,11 @@ public WebServer(Context nmContext, ResourceView resourceView, @Override protected void serviceStart() throws Exception { - String bindAddress = WebAppUtils.getWebAppBindURL(getConfig(), + Configuration conf = getConfig(); + String bindAddress = WebAppUtils.getWebAppBindURL(conf, YarnConfiguration.NM_BIND_HOST, - WebAppUtils.getNMWebAppURLWithoutScheme(getConfig())); - boolean enableCors = getConfig() + WebAppUtils.getNMWebAppURLWithoutScheme(conf)); + boolean enableCors = conf .getBoolean(YarnConfiguration.NM_WEBAPP_ENABLE_CORS_FILTER, YarnConfiguration.DEFAULT_NM_WEBAPP_ENABLE_CORS_FILTER); if (enableCors) { @@ -68,13 +74,34 @@ protected void serviceStart() throws Exception { + HttpCrossOriginFilterInitializer.ENABLED_SUFFIX, true); } + // Always load pseudo authentication filter to parse "user.name" in an URL + // to identify a HTTP request's user. + boolean hasHadoopAuthFilterInitializer = false; + String filterInitializerConfKey = "hadoop.http.filter.initializers"; + Class[] initializersClasses = + conf.getClasses(filterInitializerConfKey); + List targets = new ArrayList(); + if (initializersClasses != null) { + for (Class initializer : initializersClasses) { + if (initializer.getName().equals( + AuthenticationFilterInitializer.class.getName())) { + hasHadoopAuthFilterInitializer = true; + break; + } + targets.add(initializer.getName()); + } + } + if (!hasHadoopAuthFilterInitializer) { + targets.add(AuthenticationFilterInitializer.class.getName()); + conf.set(filterInitializerConfKey, StringUtils.join(",", targets)); + } LOG.info("Instantiating NMWebApp at " + bindAddress); try { this.webApp = WebApps .$for("node", Context.class, this.nmContext, "ws") .at(bindAddress) - .with(getConfig()) + .with(conf) .withHttpSpnegoPrincipalKey( YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY) .withHttpSpnegoKeytabKey(