YARN-5923. Unable to access logs for a running application if YARN_ACL_ENABLE is enabled. Contributed by Xuan Gong.

This commit is contained in:
Junping Du 2017-01-03 15:03:38 -08:00
parent f69a107aec
commit 8fadd69047

View File

@ -22,8 +22,11 @@
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.AuthenticationFilterInitializer;
import org.apache.hadoop.security.HttpCrossOriginFilterInitializer; import org.apache.hadoop.security.HttpCrossOriginFilterInitializer;
import org.apache.hadoop.service.AbstractService; import org.apache.hadoop.service.AbstractService;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.YarnRuntimeException; import org.apache.hadoop.yarn.exceptions.YarnRuntimeException;
import org.apache.hadoop.yarn.server.nodemanager.Context; import org.apache.hadoop.yarn.server.nodemanager.Context;
@ -37,6 +40,8 @@
import org.apache.hadoop.yarn.webapp.util.WebAppUtils; import org.apache.hadoop.yarn.webapp.util.WebAppUtils;
import com.sun.jersey.guice.spi.container.servlet.GuiceContainer; import com.sun.jersey.guice.spi.container.servlet.GuiceContainer;
import java.util.ArrayList;
import java.util.List;
public class WebServer extends AbstractService { public class WebServer extends AbstractService {
@ -57,10 +62,11 @@ public WebServer(Context nmContext, ResourceView resourceView,
@Override @Override
protected void serviceStart() throws Exception { protected void serviceStart() throws Exception {
String bindAddress = WebAppUtils.getWebAppBindURL(getConfig(), Configuration conf = getConfig();
String bindAddress = WebAppUtils.getWebAppBindURL(conf,
YarnConfiguration.NM_BIND_HOST, YarnConfiguration.NM_BIND_HOST,
WebAppUtils.getNMWebAppURLWithoutScheme(getConfig())); WebAppUtils.getNMWebAppURLWithoutScheme(conf));
boolean enableCors = getConfig() boolean enableCors = conf
.getBoolean(YarnConfiguration.NM_WEBAPP_ENABLE_CORS_FILTER, .getBoolean(YarnConfiguration.NM_WEBAPP_ENABLE_CORS_FILTER,
YarnConfiguration.DEFAULT_NM_WEBAPP_ENABLE_CORS_FILTER); YarnConfiguration.DEFAULT_NM_WEBAPP_ENABLE_CORS_FILTER);
if (enableCors) { if (enableCors) {
@ -68,13 +74,34 @@ protected void serviceStart() throws Exception {
+ HttpCrossOriginFilterInitializer.ENABLED_SUFFIX, true); + HttpCrossOriginFilterInitializer.ENABLED_SUFFIX, true);
} }
// Always load pseudo authentication filter to parse "user.name" in an URL
// to identify a HTTP request's user.
boolean hasHadoopAuthFilterInitializer = false;
String filterInitializerConfKey = "hadoop.http.filter.initializers";
Class<?>[] initializersClasses =
conf.getClasses(filterInitializerConfKey);
List<String> targets = new ArrayList<String>();
if (initializersClasses != null) {
for (Class<?> initializer : initializersClasses) {
if (initializer.getName().equals(
AuthenticationFilterInitializer.class.getName())) {
hasHadoopAuthFilterInitializer = true;
break;
}
targets.add(initializer.getName());
}
}
if (!hasHadoopAuthFilterInitializer) {
targets.add(AuthenticationFilterInitializer.class.getName());
conf.set(filterInitializerConfKey, StringUtils.join(",", targets));
}
LOG.info("Instantiating NMWebApp at " + bindAddress); LOG.info("Instantiating NMWebApp at " + bindAddress);
try { try {
this.webApp = this.webApp =
WebApps WebApps
.$for("node", Context.class, this.nmContext, "ws") .$for("node", Context.class, this.nmContext, "ws")
.at(bindAddress) .at(bindAddress)
.with(getConfig()) .with(conf)
.withHttpSpnegoPrincipalKey( .withHttpSpnegoPrincipalKey(
YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY) YarnConfiguration.NM_WEBAPP_SPNEGO_USER_NAME_KEY)
.withHttpSpnegoKeytabKey( .withHttpSpnegoKeytabKey(