You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-commits@hadoop.apache.org by dd...@apache.org on 2010/07/20 02:50:37 UTC
svn commit: r965698 - in /hadoop/mapreduce/trunk: CHANGES.txt
src/java/org/apache/hadoop/mapred/JobTracker.java
src/java/org/apache/hadoop/mapred/TaskTracker.java
src/java/org/apache/hadoop/mapreduce/security/TokenCache.java
Author: ddas
Date: Tue Jul 20 00:50:37 2010
New Revision: 965698
URL: http://svn.apache.org/viewvc?rev=965698&view=rev
Log:
MAPREDUCE-1945. The MapReduce component for HADOOP-6632. Contributed by Kan Zhang & Jitendra Pandey.
Modified:
hadoop/mapreduce/trunk/CHANGES.txt
hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/JobTracker.java
hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/TaskTracker.java
hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java
Modified: hadoop/mapreduce/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/CHANGES.txt?rev=965698&r1=965697&r2=965698&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/CHANGES.txt (original)
+++ hadoop/mapreduce/trunk/CHANGES.txt Tue Jul 20 00:50:37 2010
@@ -86,6 +86,9 @@ Trunk (unreleased changes)
MAPREDUCE-1935. Makes the Distcp to work in a secure environment.
(Boris Shkolnik via ddas)
+ MAPREDUCE-1945. The MapReduce component for HADOOP-6632.
+ (Kan Zhang & Jitendra Pandey via ddas)
+
OPTIMIZATIONS
MAPREDUCE-1354. Enhancements to JobTracker for better performance and
Modified: hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/JobTracker.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/JobTracker.java?rev=965698&r1=965697&r2=965698&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/JobTracker.java (original)
+++ hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/JobTracker.java Tue Jul 20 00:50:37 2010
@@ -102,6 +102,7 @@ import org.apache.hadoop.security.Access
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.RefreshUserMappingsProtocol;
import org.apache.hadoop.security.Credentials;
+import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.authorize.AuthorizationException;
@@ -1372,15 +1373,14 @@ public class JobTracker implements MRCon
JobTracker(final JobConf conf, Clock newClock, String jobtrackerIndentifier)
throws IOException, InterruptedException {
- // find the owner of the process
- // get the desired principal to load
- String keytabFilename = conf.get(JTConfig.JT_KEYTAB_FILE);
+ // Set ports, start RPC servers, setup security policy etc.
+ InetSocketAddress addr = getAddress(conf);
+ this.localMachine = addr.getHostName();
+ this.port = addr.getPort();
UserGroupInformation.setConfiguration(conf);
- if (keytabFilename != null) {
- String desiredUser = conf.get(JTConfig.JT_USER_NAME,
- System.getProperty("user.name"));
- UserGroupInformation.loginUserFromKeytab(desiredUser,
- keytabFilename);
+ SecurityUtil.login(conf, JTConfig.JT_KEYTAB_FILE, JTConfig.JT_USER_NAME,
+ localMachine);
+ if (UserGroupInformation.isLoginKeytabBased()) {
mrOwner = UserGroupInformation.getLoginUser();
} else {
mrOwner = UserGroupInformation.getCurrentUser();
@@ -1454,11 +1454,6 @@ public class JobTracker implements MRCon
JobQueueTaskScheduler.class, TaskScheduler.class);
taskScheduler = (TaskScheduler) ReflectionUtils.newInstance(schedulerClass, conf);
- // Set ports, start RPC servers, setup security policy etc.
- InetSocketAddress addr = getAddress(conf);
- this.localMachine = addr.getHostName();
- this.port = addr.getPort();
-
// Set service-level authorization security policy
if (conf.getBoolean(
ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, false)) {
@@ -4589,13 +4584,14 @@ public class JobTracker implements MRCon
NUM_HEARTBEATS_IN_SECOND =
conf.getInt("mapred.heartbeats.in.second", 100);
- // get the desired principal to load
- String keytabFilename = conf.get(JTConfig.JT_KEYTAB_FILE);
- if (keytabFilename != null) {
- String desiredUser = conf.get(JTConfig.JT_USER_NAME,
- System.getProperty("user.name"));
- UserGroupInformation.loginUserFromKeytab(desiredUser,
- keytabFilename);
+ // Set ports, start RPC servers, setup security policy etc.
+ InetSocketAddress addr = getAddress(conf);
+ this.localMachine = addr.getHostName();
+ this.port = addr.getPort();
+ UserGroupInformation.setConfiguration(conf);
+ SecurityUtil.login(conf, JTConfig.JT_KEYTAB_FILE, JTConfig.JT_USER_NAME,
+ localMachine);
+ if (UserGroupInformation.isLoginKeytabBased()) {
mrOwner = UserGroupInformation.getLoginUser();
} else {
mrOwner = UserGroupInformation.getCurrentUser();
@@ -4616,11 +4612,6 @@ public class JobTracker implements MRCon
JobQueueTaskScheduler.class, TaskScheduler.class);
taskScheduler =
(TaskScheduler)ReflectionUtils.newInstance(schedulerClass, conf);
-
- // Set ports, start RPC servers, setup security policy etc.
- InetSocketAddress addr = getAddress(conf);
- this.localMachine = addr.getHostName();
- this.port = addr.getPort();
// Create the jetty server
InetSocketAddress infoSocAddr = NetUtils.createSocketAddr(
Modified: hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/TaskTracker.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/TaskTracker.java?rev=965698&r1=965697&r2=965698&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/TaskTracker.java (original)
+++ hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/TaskTracker.java Tue Jul 20 00:50:37 2010
@@ -95,6 +95,7 @@ import org.apache.hadoop.metrics.Metrics
import org.apache.hadoop.metrics.Updater;
import org.apache.hadoop.net.DNS;
import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.PolicyProvider;
import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
@@ -583,15 +584,10 @@ public class TaskTracker
* close().
*/
synchronized void initialize() throws IOException, InterruptedException {
- String keytabFilename = fConf.get(TTConfig.TT_KEYTAB_FILE);
UserGroupInformation.setConfiguration(fConf);
- if (keytabFilename != null) {
- String desiredUser = fConf.get(TTConfig.TT_USER_NAME,
- System.getProperty("user.name"));
- UserGroupInformation.loginUserFromKeytab(desiredUser,
- keytabFilename);
+ SecurityUtil.login(fConf, TTConfig.TT_KEYTAB_FILE, TTConfig.TT_USER_NAME);
+ if (UserGroupInformation.isLoginKeytabBased()) {
mrOwner = UserGroupInformation.getLoginUser();
-
} else {
mrOwner = UserGroupInformation.getCurrentUser();
}
Modified: hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java?rev=965698&r1=965697&r2=965698&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java (original)
+++ hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java Tue Jul 20 00:50:37 2010
@@ -39,6 +39,7 @@ import org.apache.hadoop.mapreduce.secur
import org.apache.hadoop.mapreduce.server.jobtracker.JTConfig;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.Credentials;
+import org.apache.hadoop.security.KerberosName;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
@@ -87,7 +88,9 @@ public class TokenCache {
static void obtainTokensForNamenodesInternal(Credentials credentials,
Path[] ps, Configuration conf) throws IOException {
// get jobtracker principal id (for the renewer)
- Text jtCreds = new Text(conf.get(JTConfig.JT_USER_NAME, ""));
+ KerberosName jtKrbName = new KerberosName(conf.get(JTConfig.JT_USER_NAME,
+ ""));
+ Text delegTokenRenewer = new Text(jtKrbName.getShortName());
for(Path p: ps) {
FileSystem fs = FileSystem.get(p.toUri(), conf);
@@ -104,7 +107,7 @@ public class TokenCache {
continue;
}
// get the token
- token = dfs.getDelegationToken(jtCreds);
+ token = dfs.getDelegationToken(delegTokenRenewer);
if(token==null)
throw new IOException("Token from " + fs_addr + " is null");