MAPREDUCE-1945. The MapReduce component for HADOOP-6632. Contributed by Kan Zhang & Jitendra Pandey.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/mapreduce/trunk@965698 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/CHANGES.txt b/CHANGES.txt
index 58215ee..622d71c 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -86,6 +86,9 @@
MAPREDUCE-1935. Makes the Distcp to work in a secure environment.
(Boris Shkolnik via ddas)
+ MAPREDUCE-1945. The MapReduce component for HADOOP-6632.
+ (Kan Zhang & Jitendra Pandey via ddas)
+
OPTIMIZATIONS
MAPREDUCE-1354. Enhancements to JobTracker for better performance and
diff --git a/src/java/org/apache/hadoop/mapred/JobTracker.java b/src/java/org/apache/hadoop/mapred/JobTracker.java
index ba71907..af4c0cf 100644
--- a/src/java/org/apache/hadoop/mapred/JobTracker.java
+++ b/src/java/org/apache/hadoop/mapred/JobTracker.java
@@ -102,6 +102,7 @@
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.RefreshUserMappingsProtocol;
import org.apache.hadoop.security.Credentials;
+import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.authorize.AuthorizationException;
@@ -1372,15 +1373,14 @@
JobTracker(final JobConf conf, Clock newClock, String jobtrackerIndentifier)
throws IOException, InterruptedException {
- // find the owner of the process
- // get the desired principal to load
- String keytabFilename = conf.get(JTConfig.JT_KEYTAB_FILE);
+ // Set ports, start RPC servers, setup security policy etc.
+ InetSocketAddress addr = getAddress(conf);
+ this.localMachine = addr.getHostName();
+ this.port = addr.getPort();
UserGroupInformation.setConfiguration(conf);
- if (keytabFilename != null) {
- String desiredUser = conf.get(JTConfig.JT_USER_NAME,
- System.getProperty("user.name"));
- UserGroupInformation.loginUserFromKeytab(desiredUser,
- keytabFilename);
+ SecurityUtil.login(conf, JTConfig.JT_KEYTAB_FILE, JTConfig.JT_USER_NAME,
+ localMachine);
+ if (UserGroupInformation.isLoginKeytabBased()) {
mrOwner = UserGroupInformation.getLoginUser();
} else {
mrOwner = UserGroupInformation.getCurrentUser();
@@ -1454,11 +1454,6 @@
JobQueueTaskScheduler.class, TaskScheduler.class);
taskScheduler = (TaskScheduler) ReflectionUtils.newInstance(schedulerClass, conf);
- // Set ports, start RPC servers, setup security policy etc.
- InetSocketAddress addr = getAddress(conf);
- this.localMachine = addr.getHostName();
- this.port = addr.getPort();
-
// Set service-level authorization security policy
if (conf.getBoolean(
ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) {
@@ -4589,13 +4584,14 @@
NUM_HEARTBEATS_IN_SECOND =
conf.getInt("mapred.heartbeats.in.second", 100);
- // get the desired principal to load
- String keytabFilename = conf.get(JTConfig.JT_KEYTAB_FILE);
- if (keytabFilename != null) {
- String desiredUser = conf.get(JTConfig.JT_USER_NAME,
- System.getProperty("user.name"));
- UserGroupInformation.loginUserFromKeytab(desiredUser,
- keytabFilename);
+ // Set ports, start RPC servers, setup security policy etc.
+ InetSocketAddress addr = getAddress(conf);
+ this.localMachine = addr.getHostName();
+ this.port = addr.getPort();
+ UserGroupInformation.setConfiguration(conf);
+ SecurityUtil.login(conf, JTConfig.JT_KEYTAB_FILE, JTConfig.JT_USER_NAME,
+ localMachine);
+ if (UserGroupInformation.isLoginKeytabBased()) {
mrOwner = UserGroupInformation.getLoginUser();
} else {
mrOwner = UserGroupInformation.getCurrentUser();
@@ -4616,11 +4612,6 @@
JobQueueTaskScheduler.class, TaskScheduler.class);
taskScheduler =
(TaskScheduler)ReflectionUtils.newInstance(schedulerClass, conf);
-
- // Set ports, start RPC servers, setup security policy etc.
- InetSocketAddress addr = getAddress(conf);
- this.localMachine = addr.getHostName();
- this.port = addr.getPort();
// Create the jetty server
InetSocketAddress infoSocAddr = NetUtils.createSocketAddr(
diff --git a/src/java/org/apache/hadoop/mapred/TaskTracker.java b/src/java/org/apache/hadoop/mapred/TaskTracker.java
index c855706..f5dcdf2 100644
--- a/src/java/org/apache/hadoop/mapred/TaskTracker.java
+++ b/src/java/org/apache/hadoop/mapred/TaskTracker.java
@@ -95,6 +95,7 @@
import org.apache.hadoop.metrics.Updater;
import org.apache.hadoop.net.DNS;
import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.PolicyProvider;
import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
@@ -583,15 +584,10 @@
* close().
*/
synchronized void initialize() throws IOException, InterruptedException {
- String keytabFilename = fConf.get(TTConfig.TT_KEYTAB_FILE);
UserGroupInformation.setConfiguration(fConf);
- if (keytabFilename != null) {
- String desiredUser = fConf.get(TTConfig.TT_USER_NAME,
- System.getProperty("user.name"));
- UserGroupInformation.loginUserFromKeytab(desiredUser,
- keytabFilename);
+ SecurityUtil.login(fConf, TTConfig.TT_KEYTAB_FILE, TTConfig.TT_USER_NAME);
+ if (UserGroupInformation.isLoginKeytabBased()) {
mrOwner = UserGroupInformation.getLoginUser();
-
} else {
mrOwner = UserGroupInformation.getCurrentUser();
}
diff --git a/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java b/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java
index a290b49..7cadf2a 100644
--- a/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java
+++ b/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java
@@ -39,6 +39,7 @@
import org.apache.hadoop.mapreduce.server.jobtracker.JTConfig;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.Credentials;
+import org.apache.hadoop.security.KerberosName;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
@@ -87,7 +88,9 @@
static void obtainTokensForNamenodesInternal(Credentials credentials,
Path[] ps, Configuration conf) throws IOException {
// get jobtracker principal id (for the renewer)
- Text jtCreds = new Text(conf.get(JTConfig.JT_USER_NAME, ""));
+ KerberosName jtKrbName = new KerberosName(conf.get(JTConfig.JT_USER_NAME,
+ ""));
+ Text delegTokenRenewer = new Text(jtKrbName.getShortName());
for(Path p: ps) {
FileSystem fs = FileSystem.get(p.toUri(), conf);
@@ -104,7 +107,7 @@
continue;
}
// get the token
- token = dfs.getDelegationToken(jtCreds);
+ token = dfs.getDelegationToken(delegTokenRenewer);
if(token==null)
throw new IOException("Token from " + fs_addr + " is null");
