You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ha...@apache.org on 2015/04/15 06:12:33 UTC
hadoop git commit: YARN-3462. Patches applied for YARN-2424 are
inconsistent between trunk and branch-2. Contributed by Naganarasimha G R.
Repository: hadoop
Updated Branches:
refs/heads/branch-2.7 50c8d0631 -> d4a462c02
YARN-3462. Patches applied for YARN-2424 are inconsistent between trunk and branch-2. Contributed by Naganarasimha G R.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/d4a462c0
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/d4a462c0
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/d4a462c0
Branch: refs/heads/branch-2.7
Commit: d4a462c02e9be1e082ef4f9c62a47cf93a5c9b7c
Parents: 50c8d06
Author: Harsh J <ha...@cloudera.com>
Authored: Wed Apr 15 09:41:43 2015 +0530
Committer: Harsh J <ha...@cloudera.com>
Committed: Wed Apr 15 09:42:20 2015 +0530
----------------------------------------------------------------------
hadoop-yarn-project/CHANGES.txt | 3 +++
.../src/main/resources/yarn-default.xml | 21 ++++++++++----------
.../nodemanager/LinuxContainerExecutor.java | 12 +++++++----
3 files changed, 22 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/d4a462c0/hadoop-yarn-project/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt
index 5e44bc3..9072edf 100644
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@@ -12,6 +12,9 @@ Release 2.7.1 - UNRELEASED
BUG FIXES
+ YARN-3462. Patches applied for YARN-2424 are inconsistent between
+ trunk and branch-2. (Naganarasimha G R via harsh)
+
Release 2.7.0 - UNRELEASED
INCOMPATIBLE CHANGES
http://git-wip-us.apache.org/repos/asf/hadoop/blob/d4a462c0/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
index a469cae..66400c8 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
@@ -1036,21 +1036,22 @@
</property>
<property>
- <description>This determines which of the two modes that LCE should use on a non-secure
- cluster. If this value is set to true, then all containers will be launched as the user
- specified in yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user. If
- this value is set to false, then containers will run as the user who submitted the
- application.
- </description>
+ <description>This determines which of the two modes that LCE should use on
+ a non-secure cluster. If this value is set to true, then all containers
+ will be launched as the user specified in
+ yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user. If
+ this value is set to false, then containers will run as the user who
+ submitted the application.</description>
<name>yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users</name>
<value>true</value>
</property>
<property>
- <description>The UNIX user that containers will run as when Linux-container-executor
- is used in nonsecure mode (a use case for this is using cgroups) if the
- yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users is set
- to true.</description>
+ <description>The UNIX user that containers will run as when
+ Linux-container-executor is used in nonsecure mode (a use case for this
+ is using cgroups) if the
+ yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users is
+ set to true.</description>
<name>yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user</name>
<value>nobody</value>
</property>
http://git-wip-us.apache.org/repos/asf/hadoop/blob/d4a462c0/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java
index 59b35ce..fac71d3 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java
@@ -59,9 +59,8 @@ public class LinuxContainerExecutor extends ContainerExecutor {
private LCEResourcesHandler resourcesHandler;
private boolean containerSchedPriorityIsSet = false;
private int containerSchedPriorityAdjustment = 0;
- private boolean containerLimitUsers = YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS;
-
-
+ private boolean containerLimitUsers;
+
@Override
public void setConf(Configuration conf) {
super.setConf(conf);
@@ -71,6 +70,7 @@ public class LinuxContainerExecutor extends ContainerExecutor {
conf.getClass(YarnConfiguration.NM_LINUX_CONTAINER_RESOURCES_HANDLER,
DefaultLCEResourcesHandler.class, LCEResourcesHandler.class), conf);
resourcesHandler.setConf(conf);
+
if (conf.get(YarnConfiguration.NM_CONTAINER_EXECUTOR_SCHED_PRIORITY) != null) {
containerSchedPriorityIsSet = true;
containerSchedPriorityAdjustment = conf
@@ -83,9 +83,13 @@ public class LinuxContainerExecutor extends ContainerExecutor {
nonsecureLocalUserPattern = Pattern.compile(
conf.get(YarnConfiguration.NM_NONSECURE_MODE_USER_PATTERN_KEY,
YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_USER_PATTERN));
- containerLimitUsers=conf.getBoolean(
+ containerLimitUsers = conf.getBoolean(
YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS,
YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS);
+ if (!containerLimitUsers) {
+ LOG.warn(YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS +
+ ": impersonation without authentication enabled");
+ }
}
void verifyUsernamePattern(String user) {