diff --git a/hadoop-mapreduce-project/CHANGES.txt b/hadoop-mapreduce-project/CHANGES.txt index 5edf1bd2c2..82b653ebcf 100644 --- a/hadoop-mapreduce-project/CHANGES.txt +++ b/hadoop-mapreduce-project/CHANGES.txt @@ -1537,6 +1537,9 @@ Release 0.23.0 - Unreleased MAPREDUCE-2783. Fixing RM web-UI to show no tracking-URL when AM crashes. (Eric Payne via vinodkv) + MAPREDUCE-3141. Fix the broken MRAppMaster to work over YARN in security + mode.(vinodkv) + Release 0.22.0 - Unreleased INCOMPATIBLE CHANGES diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/MRAppMaster.java b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/MRAppMaster.java index be9a377611..bd1c1e7836 100644 --- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/MRAppMaster.java +++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/MRAppMaster.java @@ -131,7 +131,9 @@ public class MRAppMaster extends CompositeService { private JobEventDispatcher jobEventDispatcher; private Job job; - + private Credentials fsTokens = new Credentials(); // Filled during init + private UserGroupInformation currentUser; // Will be setup during init + public MRAppMaster(ApplicationAttemptId applicationAttemptId) { this(applicationAttemptId, new SystemClock()); } @@ -146,6 +148,9 @@ public MRAppMaster(ApplicationAttemptId applicationAttemptId, Clock clock) { @Override public void init(final Configuration conf) { + + downloadTokensAndSetupUGI(conf); + context = new RunningAppContext(conf); // Job name is the same as the app name util we support DAG of jobs @@ -226,37 +231,6 @@ public void init(final Configuration conf) { /** Create and initialize (but don't start) a single job. */ protected Job createJob(Configuration conf) { - // ////////// Obtain the tokens needed by the job. ////////// - Credentials fsTokens = new Credentials(); - UserGroupInformation currentUser = null; - - try { - currentUser = UserGroupInformation.getCurrentUser(); - - if (UserGroupInformation.isSecurityEnabled()) { - // Read the file-system tokens from the localized tokens-file. - Path jobSubmitDir = - FileContext.getLocalFSFileContext().makeQualified( - new Path(new File(MRJobConfig.JOB_SUBMIT_DIR) - .getAbsolutePath())); - Path jobTokenFile = - new Path(jobSubmitDir, MRJobConfig.APPLICATION_TOKENS_FILE); - fsTokens.addAll(Credentials.readTokenStorageFile(jobTokenFile, conf)); - LOG.info("jobSubmitDir=" + jobSubmitDir + " jobTokenFile=" - + jobTokenFile); - - for (Token tk : fsTokens.getAllTokens()) { - LOG.info(" --- DEBUG: Token of kind " + tk.getKind() - + "in current ugi in the AppMaster for service " - + tk.getService()); - currentUser.addToken(tk); // For use by AppMaster itself. - } - } - } catch (IOException e) { - throw new YarnException(e); - } - // ////////// End of obtaining the tokens needed by the job. ////////// - // create single job Job newJob = new JobImpl(appAttemptID, conf, dispatcher.getEventHandler(), taskAttemptListener, jobTokenSecretManager, fsTokens, clock, @@ -297,6 +271,42 @@ public void handle(JobFinishEvent event) { return newJob; } // end createJob() + + /** + * Obtain the tokens needed by the job and put them in the UGI + * @param conf + */ + protected void downloadTokensAndSetupUGI(Configuration conf) { + + try { + this.currentUser = UserGroupInformation.getCurrentUser(); + + if (UserGroupInformation.isSecurityEnabled()) { + // Read the file-system tokens from the localized tokens-file. + Path jobSubmitDir = + FileContext.getLocalFSFileContext().makeQualified( + new Path(new File(MRJobConfig.JOB_SUBMIT_DIR) + .getAbsolutePath())); + Path jobTokenFile = + new Path(jobSubmitDir, MRJobConfig.APPLICATION_TOKENS_FILE); + fsTokens.addAll(Credentials.readTokenStorageFile(jobTokenFile, conf)); + LOG.info("jobSubmitDir=" + jobSubmitDir + " jobTokenFile=" + + jobTokenFile); + + for (Token tk : fsTokens.getAllTokens()) { + if (LOG.isDebugEnabled()) { + LOG.debug("Token of kind " + tk.getKind() + + "in current ugi in the AppMaster for service " + + tk.getService()); + } + currentUser.addToken(tk); // For use by AppMaster itself. + } + } + } catch (IOException e) { + throw new YarnException(e); + } + } + protected void addIfService(Object object) { if (object instanceof Service) { addService((Service) object);