You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by be...@apache.org on 2011/06/05 10:30:23 UTC

svn commit: r1132058 - in /incubator/mesos/trunk/src: launcher/launcher.cpp launcher/launcher.hpp launcher/main.cpp slave/lxc_isolation_module.cpp slave/process_based_isolation_module.cpp slave/slave.cpp slave/solaris_project_isolation_module.cpp

Author: benh
Date: Sun Jun  5 08:30:23 2011
New Revision: 1132058

URL: http://svn.apache.org/viewvc?rev=1132058&view=rev
Log:
Added a flag that stops the launcher from trying to setuid() to the
user who submitted a framework for clusters that wish to run all tasks
as a particular user. Closes #93.

Modified:
    incubator/mesos/trunk/src/launcher/launcher.cpp
    incubator/mesos/trunk/src/launcher/launcher.hpp
    incubator/mesos/trunk/src/launcher/main.cpp
    incubator/mesos/trunk/src/slave/lxc_isolation_module.cpp
    incubator/mesos/trunk/src/slave/process_based_isolation_module.cpp
    incubator/mesos/trunk/src/slave/slave.cpp
    incubator/mesos/trunk/src/slave/solaris_project_isolation_module.cpp

Modified: incubator/mesos/trunk/src/launcher/launcher.cpp
URL: http://svn.apache.org/viewvc/incubator/mesos/trunk/src/launcher/launcher.cpp?rev=1132058&r1=1132057&r2=1132058&view=diff
==============================================================================
--- incubator/mesos/trunk/src/launcher/launcher.cpp (original)
+++ incubator/mesos/trunk/src/launcher/launcher.cpp Sun Jun  5 08:30:23 2011
@@ -40,10 +40,12 @@ ExecutorLauncher::ExecutorLauncher(Frame
                                    const string& _mesosHome,
                                    const string& _hadoopHome,
                                    bool _redirectIO,
+                                   bool _shouldSwitchUser,
                                    const map<string, string>& _params)
   : frameworkId(_frameworkId), executorUri(_executorUri), user(_user),
     workDirectory(_workDirectory), slavePid(_slavePid), mesosHome(_mesosHome),
-    hadoopHome(_hadoopHome), redirectIO(_redirectIO), params(_params)
+    hadoopHome(_hadoopHome), redirectIO(_redirectIO), 
+    shouldSwitchUser(_shouldSwitchUser), params(_params)
 {}
 
 
@@ -72,7 +74,8 @@ void ExecutorLauncher::run()
 
   setupEnvironment();
 
-  switchUser();
+  if (shouldSwitchUser)
+    switchUser();
   
   // Execute the executor
   execl(executor.c_str(), executor.c_str(), (char *) NULL);
@@ -248,4 +251,5 @@ void ExecutorLauncher::setupEnvironmentF
   setenv("MESOS_HOME", mesosHome.c_str(), 1);
   setenv("MESOS_HADOOP_HOME", hadoopHome.c_str(), 1);
   setenv("MESOS_REDIRECT_IO", redirectIO ? "1" : "0", 1);
+  setenv("MESOS_SWITCH_USER", shouldSwitchUser ? "1" : "0", 1);
 }

Modified: incubator/mesos/trunk/src/launcher/launcher.hpp
URL: http://svn.apache.org/viewvc/incubator/mesos/trunk/src/launcher/launcher.hpp?rev=1132058&r1=1132057&r2=1132058&view=diff
==============================================================================
--- incubator/mesos/trunk/src/launcher/launcher.hpp (original)
+++ incubator/mesos/trunk/src/launcher/launcher.hpp Sun Jun  5 08:30:23 2011
@@ -38,6 +38,7 @@ protected:
   string mesosHome;
   string hadoopHome;
   bool redirectIO;   // Whether to redirect stdout and stderr to files
+  bool shouldSwitchUser; // Whether to setuid to framework's user
   map<string, string> params; // Key-value params in framework's ExecutorInfo
 
 public:
@@ -45,7 +46,7 @@ public:
                    const string& _user, const string& _workDirectory,
                    const string& _slavePid, const string& _mesosHome,
                    const string& _hadoopHome, bool _redirectIO,
-                   const map<string, string>& _params);
+                   bool _shouldSwitchUser, const map<string, string>& _params);
 
   virtual ~ExecutorLauncher();
 

Modified: incubator/mesos/trunk/src/launcher/main.cpp
URL: http://svn.apache.org/viewvc/incubator/mesos/trunk/src/launcher/main.cpp?rev=1132058&r1=1132057&r2=1132058&view=diff
==============================================================================
--- incubator/mesos/trunk/src/launcher/main.cpp (original)
+++ incubator/mesos/trunk/src/launcher/main.cpp Sun Jun  5 08:30:23 2011
@@ -32,6 +32,7 @@ int main(int argc, char **argv)
                    getenvOrFail("MESOS_HOME"),
                    getenvOrFail("MESOS_HADOOP_HOME"),
                    lexical_cast<bool>(getenvOrFail("MESOS_REDIRECT_IO")),
+                   lexical_cast<bool>(getenvOrFail("MESOS_SWITCH_USER")),
                    params).run();
   return 0;
 }

Modified: incubator/mesos/trunk/src/slave/lxc_isolation_module.cpp
URL: http://svn.apache.org/viewvc/incubator/mesos/trunk/src/slave/lxc_isolation_module.cpp?rev=1132058&r1=1132057&r2=1132058&view=diff
==============================================================================
--- incubator/mesos/trunk/src/slave/lxc_isolation_module.cpp (original)
+++ incubator/mesos/trunk/src/slave/lxc_isolation_module.cpp Sun Jun  5 08:30:23 2011
@@ -125,6 +125,7 @@ void LxcIsolationModule::startExecutor(F
                                     slave->getConf().get("home", ""),
                                     slave->getConf().get("hadoop_home", ""),
                                     !slave->local,
+                                    slave->getConf().get("switch_user", true),
                                     fw->executorInfo.params);
     launcher->setupEnvironmentForLauncherMain();
     

Modified: incubator/mesos/trunk/src/slave/process_based_isolation_module.cpp
URL: http://svn.apache.org/viewvc/incubator/mesos/trunk/src/slave/process_based_isolation_module.cpp?rev=1132058&r1=1132057&r2=1132058&view=diff
==============================================================================
--- incubator/mesos/trunk/src/slave/process_based_isolation_module.cpp (original)
+++ incubator/mesos/trunk/src/slave/process_based_isolation_module.cpp Sun Jun  5 08:30:23 2011
@@ -117,6 +117,7 @@ ExecutorLauncher* ProcessBasedIsolationM
                               slave->getConf().get("home", ""),
                               slave->getConf().get("hadoop_home", ""),
                               !slave->local,
+                              slave->getConf().get("switch_user", true),
                               fw->executorInfo.params);
 }
 

Modified: incubator/mesos/trunk/src/slave/slave.cpp
URL: http://svn.apache.org/viewvc/incubator/mesos/trunk/src/slave/slave.cpp?rev=1132058&r1=1132057&r2=1132058&view=diff
==============================================================================
--- incubator/mesos/trunk/src/slave/slave.cpp (original)
+++ incubator/mesos/trunk/src/slave/slave.cpp Sun Jun  5 08:30:23 2011
@@ -101,6 +101,11 @@ void Slave::registerOptions(Configurator
                           "framework executors from HDFS)\n"
                           "(default: look for HADOOP_HOME environment\n"
                           "variable or find hadoop on PATH)");
+  conf->addOption<bool>("switch_user", 
+                        "Whether to run tasks as the user who\n"
+                        "submitted them rather than the user running\n"
+                        "the slave (requires setuid permission)\n",
+                        true);
 }
 
 

Modified: incubator/mesos/trunk/src/slave/solaris_project_isolation_module.cpp
URL: http://svn.apache.org/viewvc/incubator/mesos/trunk/src/slave/solaris_project_isolation_module.cpp?rev=1132058&r1=1132057&r2=1132058&view=diff
==============================================================================
--- incubator/mesos/trunk/src/slave/solaris_project_isolation_module.cpp (original)
+++ incubator/mesos/trunk/src/slave/solaris_project_isolation_module.cpp Sun Jun  5 08:30:23 2011
@@ -90,6 +90,7 @@ ExecutorLauncher* SolarisProjectIsolatio
                              slave->getConf().get("home", ""),
                              slave->getConf().get("hadoop_home", ""),
                              !slave->local,
+                             slave->getConf().get("switch_user", ""),
                              frameworkProject[fw->id]);
 }