YARN-1938. Added kerberos login for the Timeline Server. Contributed by Zhijie Shen.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1596710 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Vinod Kumar Vavilapalli 2014-05-21 23:20:08 +00:00
parent ac23a55547
commit fdb5870d49
4 changed files with 54 additions and 3 deletions

View File

@ -85,6 +85,9 @@ Release 2.5.0 - UNRELEASED
YARN-1981. Nodemanager version is not updated when a node reconnects (Jason
Lowe via jeagles)
YARN-1938. Added kerberos login for the Timeline Server. (Zhijie Shen via
vinodkv)
OPTIMIZATIONS
BUG FIXES

View File

@ -1196,6 +1196,14 @@ public class YarnConfiguration extends Configuration {
public static final long DEFAULT_TIMELINE_SERVICE_LEVELDB_TTL_INTERVAL_MS =
1000 * 60 * 5;
/** The Kerberos principal for the timeline server.*/
public static final String TIMELINE_SERVICE_PRINCIPAL =
TIMELINE_SERVICE_PREFIX + "principal";
/** The Kerberos keytab for the timeline server.*/
public static final String TIMELINE_SERVICE_KEYTAB =
TIMELINE_SERVICE_PREFIX + "keytab";
////////////////////////////////
// Other Configs
////////////////////////////////

View File

@ -1194,6 +1194,18 @@
<value>10</value>
</property>
<property>
<description>The Kerberos principal for the timeline server.</description>
<name>yarn.timeline-service.principal</name>
<value></value>
</property>
<property>
<description>The Kerberos keytab for the timeline server.</description>
<name>yarn.timeline-service.keytab</name>
<value>/etc/krb5.keytab</value>
</property>
<property>
<description>Indicate to ResourceManager as well as clients whether
history-service is enabled or not. If enabled, ResourceManager starts

View File

@ -18,12 +18,16 @@
package org.apache.hadoop.yarn.server.applicationhistoryservice;
import java.io.IOException;
import java.net.InetSocketAddress;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience.Private;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
import org.apache.hadoop.metrics2.source.JvmMetrics;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.service.CompositeService;
import org.apache.hadoop.service.Service;
import org.apache.hadoop.util.ExitUtil;
@ -33,8 +37,8 @@
import org.apache.hadoop.yarn.YarnUncaughtExceptionHandler;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.YarnRuntimeException;
import org.apache.hadoop.yarn.server.applicationhistoryservice.timeline.TimelineStore;
import org.apache.hadoop.yarn.server.applicationhistoryservice.timeline.LeveldbTimelineStore;
import org.apache.hadoop.yarn.server.applicationhistoryservice.timeline.TimelineStore;
import org.apache.hadoop.yarn.server.applicationhistoryservice.webapp.AHSWebApp;
import org.apache.hadoop.yarn.webapp.WebApp;
import org.apache.hadoop.yarn.webapp.WebApps;
@ -69,13 +73,19 @@ protected void serviceInit(Configuration conf) throws Exception {
addService((Service) historyManager);
timelineStore = createTimelineStore(conf);
addIfService(timelineStore);
DefaultMetricsSystem.initialize("ApplicationHistoryServer");
JvmMetrics.initSingleton("ApplicationHistoryServer", null);
super.serviceInit(conf);
}
@Override
protected void serviceStart() throws Exception {
DefaultMetricsSystem.initialize("ApplicationHistoryServer");
JvmMetrics.initSingleton("ApplicationHistoryServer", null);
try {
doSecureLogin(getConfig());
} catch(IOException ie) {
throw new YarnRuntimeException("Failed to login", ie);
}
startWebApp();
super.serviceStart();
@ -177,4 +187,22 @@ protected void startWebApp() {
public TimelineStore getTimelineStore() {
return timelineStore;
}
private void doSecureLogin(Configuration conf) throws IOException {
InetSocketAddress socAddr = getBindAddress(conf);
SecurityUtil.login(conf, YarnConfiguration.TIMELINE_SERVICE_KEYTAB,
YarnConfiguration.TIMELINE_SERVICE_PRINCIPAL, socAddr.getHostName());
}
/**
* Retrieve the timeline server bind address from configuration
*
* @param conf
* @return InetSocketAddress
*/
private static InetSocketAddress getBindAddress(Configuration conf) {
return conf.getSocketAddr(YarnConfiguration.TIMELINE_SERVICE_ADDRESS,
YarnConfiguration.DEFAULT_TIMELINE_SERVICE_ADDRESS,
YarnConfiguration.DEFAULT_TIMELINE_SERVICE_PORT);
}
}