You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@submarine.apache.org by li...@apache.org on 2019/11/25 14:24:17 UTC
[submarine] branch master updated: SUBMARINE-288. Set some users to
have root privilege
This is an automated email from the ASF dual-hosted git repository.
liuxun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/submarine.git
The following commit(s) were added to refs/heads/master by this push:
new 01df6c1 SUBMARINE-288. Set some users to have root privilege
01df6c1 is described below
commit 01df6c18cf076d91273d797e6d3ccd95e91bb7b6
Author: huiyangjian <97...@qq.com>
AuthorDate: Mon Nov 25 14:23:11 2019 +0800
SUBMARINE-288. Set some users to have root privilege
### What is this PR for?
Allow special users to have system installation permissions and PIP installation permissions in the container
### What type of PR is it?
[Improvement]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/SUBMARINE-288
### How should this be tested?
* [CI Pass](https://travis-ci.org/huiyangjian/submarine/builds/616599028)
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: huiyangjian <97...@qq.com>
Closes #105 from huiyangjian/SUBMARINE-288 and squashes the following commits:
861ad3a [huiyangjian] Merge branch 'SUBMARINE-288' of https://github.com/huiyangjian/submarine into SUBMARINE-288
aea3940 [huiyangjian] SUBMARINE-288.Set some users to have root privilege
47f8495 [huiyangjian] SUBMARINE-288.Set some users to have root privilege
---
.../yarnservice/utils/EnvironmentUtilities.java | 31 +++++++++++++++++++++-
.../utils/TestEnvironmentUtilities.java | 12 ++++-----
2 files changed, 36 insertions(+), 7 deletions(-)
diff --git a/submarine-server/server-submitter/submitter-yarnservice/src/main/java/org/apache/submarine/server/submitter/yarnservice/utils/EnvironmentUtilities.java b/submarine-server/server-submitter/submitter-yarnservice/src/main/java/org/apache/submarine/server/submitter/yarnservice/utils/EnvironmentUtilities.java
index aad3f64..99dc7aa 100644
--- a/submarine-server/server-submitter/submitter-yarnservice/src/main/java/org/apache/submarine/server/submitter/yarnservice/utils/EnvironmentUtilities.java
+++ b/submarine-server/server-submitter/submitter-yarnservice/src/main/java/org/apache/submarine/server/submitter/yarnservice/utils/EnvironmentUtilities.java
@@ -46,8 +46,12 @@ public final class EnvironmentUtilities {
"YARN_CONTAINER_RUNTIME_DOCKER_MOUNTS";
private static final String MOUNTS_DELIM = ",";
private static final String ENV_SEPARATOR = "=";
+ private static final String ETC_PASSWD = ":/etc/passwd";
+ private static final String ETC_GROUP = ":/etc/group";
private static final String ETC_PASSWD_MOUNT_STRING =
"/etc/passwd:/etc/passwd:ro";
+ private static final String ETC_GROUP_MOUNT_STRING =
+ "/etc/group:/etc/group:ro";
private static final String KERBEROS_CONF_MOUNT_STRING =
"/etc/krb5.conf:/etc/krb5.conf:ro";
private static final String ENV_VAR_DELIM = ":";
@@ -94,9 +98,12 @@ public final class EnvironmentUtilities {
*/
private static void appendOtherConfigs(Service service,
Configuration yarnConfig) {
- appendToEnv(service, ENV_DOCKER_MOUNTS_FOR_CONTAINER_RUNTIME,
+ etcAppendToEnv(service, ENV_DOCKER_MOUNTS_FOR_CONTAINER_RUNTIME,
ETC_PASSWD_MOUNT_STRING, MOUNTS_DELIM);
+ etcAppendToEnv(service, ENV_DOCKER_MOUNTS_FOR_CONTAINER_RUNTIME,
+ ETC_GROUP_MOUNT_STRING, MOUNTS_DELIM);
+
String authentication = yarnConfig.get(HADOOP_SECURITY_AUTHENTICATION);
if (authentication != null && authentication.equals("kerberos")) {
appendToEnv(service, ENV_DOCKER_MOUNTS_FOR_CONTAINER_RUNTIME,
@@ -120,4 +127,26 @@ public final class EnvironmentUtilities {
}
}
}
+
+ @SuppressWarnings("checkstyle:WhitespaceAround")
+ static void etcAppendToEnv(Service service, String key, String value,
+ String delim) {
+ Map<String, String> env = service.getConfiguration().getEnv();
+ if (!env.containsKey(key)) {
+ env.put(key, value);
+ } else {
+ if (!value.isEmpty()) {
+ String existingValue = env.get(key);
+ if ((existingValue.contains(ETC_PASSWD) && value.contains(ETC_PASSWD))
+ || (existingValue.contains(ETC_GROUP) && value.contains(ETC_GROUP))){
+ return;
+ }
+ if (!existingValue.endsWith(delim)) {
+ env.put(key, existingValue + delim + value);
+ } else {
+ env.put(key, existingValue + value);
+ }
+ }
+ }
+ }
}
diff --git a/submarine-server/server-submitter/submitter-yarnservice/src/test/java/org/apache/submarine/server/submitter/yarnservice/utils/TestEnvironmentUtilities.java b/submarine-server/server-submitter/submitter-yarnservice/src/test/java/org/apache/submarine/server/submitter/yarnservice/utils/TestEnvironmentUtilities.java
index 711a563..afcbb7b 100644
--- a/submarine-server/server-submitter/submitter-yarnservice/src/test/java/org/apache/submarine/server/submitter/yarnservice/utils/TestEnvironmentUtilities.java
+++ b/submarine-server/server-submitter/submitter-yarnservice/src/test/java/org/apache/submarine/server/submitter/yarnservice/utils/TestEnvironmentUtilities.java
@@ -51,7 +51,7 @@ public class TestEnvironmentUtilities {
}
private void validateDefaultEnvVars(Map<String, String> resultEnvs) {
- assertEquals("/etc/passwd:/etc/passwd:ro",
+ assertEquals("/etc/passwd:/etc/passwd:ro,/etc/group:/etc/group:ro",
resultEnvs.get(EnvironmentUtilities.ENV_DOCKER_MOUNTS_FOR_CONTAINER_RUNTIME));
}
@@ -132,7 +132,7 @@ public class TestEnvironmentUtilities {
Map<String, String> resultEnvs = service.getConfiguration().getEnv();
assertEquals(1, resultEnvs.size());
- assertEquals("/etc/passwd:/etc/passwd:ro,/etc/krb5.conf:/etc/krb5.conf:ro",
+ assertEquals("/etc/passwd:/etc/passwd:ro,/etc/group:/etc/group:ro,/etc/krb5.conf:/etc/krb5.conf:ro",
resultEnvs.get(EnvironmentUtilities.ENV_DOCKER_MOUNTS_FOR_CONTAINER_RUNTIME));
}
@@ -152,7 +152,7 @@ public class TestEnvironmentUtilities {
Map<String, String> resultEnvs = service.getConfiguration().getEnv();
assertEquals(5, resultEnvs.size());
- assertEquals("/etc/passwd:/etc/passwd:ro,/etc/krb5.conf:/etc/krb5.conf:ro",
+ assertEquals("/etc/passwd:/etc/passwd:ro,/etc/group:/etc/group:ro,/etc/krb5.conf:/etc/krb5.conf:ro",
resultEnvs.get(EnvironmentUtilities.ENV_DOCKER_MOUNTS_FOR_CONTAINER_RUNTIME));
assertEquals("1", resultEnvs.get("a"));
assertEquals("2", resultEnvs.get("b"));
@@ -176,7 +176,7 @@ public class TestEnvironmentUtilities {
Map<String, String> resultEnvs = service.getConfiguration().getEnv();
assertEquals(5, resultEnvs.size());
- assertEquals("/etc/passwd:/etc/passwd:ro,/etc/krb5.conf:/etc/krb5.conf:ro",
+ assertEquals("/etc/passwd:/etc/passwd:ro,/etc/group:/etc/group:ro,/etc/krb5.conf:/etc/krb5.conf:ro",
resultEnvs.get(EnvironmentUtilities.ENV_DOCKER_MOUNTS_FOR_CONTAINER_RUNTIME));
assertEquals("1", resultEnvs.get("a"));
assertEquals("2", resultEnvs.get("b"));
@@ -200,7 +200,7 @@ public class TestEnvironmentUtilities {
Map<String, String> resultEnvs = service.getConfiguration().getEnv();
assertEquals(4, resultEnvs.size());
- assertEquals("/etc/passwd:/etc/passwd:ro,/etc/krb5.conf:/etc/krb5.conf:ro",
+ assertEquals("/etc/passwd:/etc/passwd:ro,/etc/group:/etc/group:ro,/etc/krb5.conf:/etc/krb5.conf:ro",
resultEnvs.get(EnvironmentUtilities.ENV_DOCKER_MOUNTS_FOR_CONTAINER_RUNTIME));
assertEquals("1:33", resultEnvs.get("a"));
assertEquals("2", resultEnvs.get("b"));
@@ -223,7 +223,7 @@ public class TestEnvironmentUtilities {
Map<String, String> resultEnvs = service.getConfiguration().getEnv();
assertEquals(3, resultEnvs.size());
- assertEquals("/etc/passwd:/etc/passwd:ro,/etc/krb5.conf:/etc/krb5.conf:ro",
+ assertEquals("/etc/passwd:/etc/passwd:ro,/etc/group:/etc/group:ro,/etc/krb5.conf:/etc/krb5.conf:ro",
resultEnvs.get(EnvironmentUtilities.ENV_DOCKER_MOUNTS_FOR_CONTAINER_RUNTIME));
assertEquals("1:33:44", resultEnvs.get("a"));
assertEquals("2", resultEnvs.get("b"));
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@submarine.apache.org
For additional commands, e-mail: dev-help@submarine.apache.org