Example 16 with PrivilegedExceptionAction
use of java.security.PrivilegedExceptionAction in project hadoop by apache.
the class MockRM method submitApp.
public RMApp submitApp(Resource capability, String name, String user, Map<ApplicationAccessType, String> acls, boolean unmanaged, String queue, int maxAppAttempts, Credentials ts, String appType, boolean waitForAccepted, boolean keepContainers, boolean isAppIdProvided, ApplicationId applicationId, long attemptFailuresValidityInterval, LogAggregationContext logAggregationContext, boolean cancelTokensWhenComplete, Priority priority, String amLabel, Map<ApplicationTimeoutType, Long> applicationTimeouts, ByteBuffer tokensConf) throws Exception {
ApplicationId appId = isAppIdProvided ? applicationId : null;
ApplicationClientProtocol client = getClientRMService();
if (!isAppIdProvided) {
GetNewApplicationResponse resp = client.getNewApplication(Records.newRecord(GetNewApplicationRequest.class));
appId = resp.getApplicationId();
}
SubmitApplicationRequest req = Records.newRecord(SubmitApplicationRequest.class);
ApplicationSubmissionContext sub = Records.newRecord(ApplicationSubmissionContext.class);
sub.setKeepContainersAcrossApplicationAttempts(keepContainers);
sub.setApplicationId(appId);
sub.setApplicationName(name);
sub.setMaxAppAttempts(maxAppAttempts);
if (applicationTimeouts != null && applicationTimeouts.size() > 0) {
sub.setApplicationTimeouts(applicationTimeouts);
}
if (unmanaged) {
sub.setUnmanagedAM(true);
}
if (queue != null) {
sub.setQueue(queue);
}
if (priority != null) {
sub.setPriority(priority);
}
sub.setApplicationType(appType);
ContainerLaunchContext clc = Records.newRecord(ContainerLaunchContext.class);
sub.setResource(capability);
clc.setApplicationACLs(acls);
if (ts != null && UserGroupInformation.isSecurityEnabled()) {
DataOutputBuffer dob = new DataOutputBuffer();
ts.writeTokenStorageToStream(dob);
ByteBuffer securityTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
clc.setTokens(securityTokens);
clc.setTokensConf(tokensConf);
}
sub.setAMContainerSpec(clc);
sub.setAttemptFailuresValidityInterval(attemptFailuresValidityInterval);
if (logAggregationContext != null) {
sub.setLogAggregationContext(logAggregationContext);
}
sub.setCancelTokensWhenComplete(cancelTokensWhenComplete);
ResourceRequest amResourceRequest = ResourceRequest.newInstance(Priority.newInstance(0), ResourceRequest.ANY, capability, 1);
if (amLabel != null && !amLabel.isEmpty()) {
amResourceRequest.setNodeLabelExpression(amLabel.trim());
}
sub.setAMContainerResourceRequest(amResourceRequest);
req.setApplicationSubmissionContext(sub);
UserGroupInformation fakeUser = UserGroupInformation.createUserForTesting(user, new String[] { "someGroup" });
PrivilegedExceptionAction<SubmitApplicationResponse> action = new PrivilegedExceptionAction<SubmitApplicationResponse>() {
ApplicationClientProtocol client;
SubmitApplicationRequest req;
@Override
public SubmitApplicationResponse run() throws IOException, YarnException {
try {
return client.submitApplication(req);
} catch (YarnException | IOException e) {
e.printStackTrace();
throw e;
}
}
PrivilegedExceptionAction<SubmitApplicationResponse> setClientReq(ApplicationClientProtocol client, SubmitApplicationRequest req) {
this.client = client;
this.req = req;
return this;
}
}.setClientReq(client, req);
fakeUser.doAs(action);
// make sure app is immediately available after submit
if (waitForAccepted) {
waitForState(appId, RMAppState.ACCEPTED);
}
RMApp rmApp = getRMContext().getRMApps().get(appId);
// unmanaged AM won't go to RMAppAttemptState.SCHEDULED.
if (waitForAccepted && !unmanaged) {
waitForState(rmApp.getCurrentAppAttempt().getAppAttemptId(), RMAppAttemptState.SCHEDULED);
}
return rmApp;
}
Also used :
RMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)
GetNewApplicationResponse(org.apache.hadoop.yarn.api.protocolrecords.GetNewApplicationResponse)
ContainerLaunchContext(org.apache.hadoop.yarn.api.records.ContainerLaunchContext)
IOException(java.io.IOException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
SubmitApplicationResponse(org.apache.hadoop.yarn.api.protocolrecords.SubmitApplicationResponse)
ApplicationClientProtocol(org.apache.hadoop.yarn.api.ApplicationClientProtocol)
ByteBuffer(java.nio.ByteBuffer)
SubmitApplicationRequest(org.apache.hadoop.yarn.api.protocolrecords.SubmitApplicationRequest)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
GetNewApplicationRequest(org.apache.hadoop.yarn.api.protocolrecords.GetNewApplicationRequest)
ApplicationSubmissionContext(org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext)
DataOutputBuffer(org.apache.hadoop.io.DataOutputBuffer)
ResourceRequest(org.apache.hadoop.yarn.api.records.ResourceRequest)
ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 17 with PrivilegedExceptionAction
use of java.security.PrivilegedExceptionAction in project hadoop by apache.
the class ClientServiceDelegate method getProxy.
private MRClientProtocol getProxy() throws IOException {
if (realProxy != null) {
return realProxy;
}
// Possibly allow nulls through the PB tunnel, otherwise deal with an exception
// and redirect to the history server.
ApplicationReport application = null;
try {
application = rm.getApplicationReport(appId);
} catch (ApplicationNotFoundException e) {
application = null;
} catch (YarnException e2) {
throw new IOException(e2);
}
if (application != null) {
trackingUrl = application.getTrackingUrl();
}
InetSocketAddress serviceAddr = null;
while (application == null || YarnApplicationState.RUNNING == application.getYarnApplicationState()) {
if (application == null) {
LOG.info("Could not get Job info from RM for job " + jobId + ". Redirecting to job history server.");
return checkAndGetHSProxy(null, JobState.NEW);
}
try {
if (application.getHost() == null || "".equals(application.getHost())) {
LOG.debug("AM not assigned to Job. Waiting to get the AM ...");
Thread.sleep(2000);
LOG.debug("Application state is " + application.getYarnApplicationState());
application = rm.getApplicationReport(appId);
continue;
} else if (UNAVAILABLE.equals(application.getHost())) {
if (!amAclDisabledStatusLogged) {
LOG.info("Job " + jobId + " is running, but the host is unknown." + " Verify user has VIEW_JOB access.");
amAclDisabledStatusLogged = true;
}
return getNotRunningJob(application, JobState.RUNNING);
}
if (!conf.getBoolean(MRJobConfig.JOB_AM_ACCESS_DISABLED, false)) {
UserGroupInformation newUgi = UserGroupInformation.createRemoteUser(UserGroupInformation.getCurrentUser().getUserName());
serviceAddr = NetUtils.createSocketAddrForHost(application.getHost(), application.getRpcPort());
if (UserGroupInformation.isSecurityEnabled()) {
org.apache.hadoop.yarn.api.records.Token clientToAMToken = application.getClientToAMToken();
Token<ClientToAMTokenIdentifier> token = ConverterUtils.convertFromYarn(clientToAMToken, serviceAddr);
newUgi.addToken(token);
}
LOG.debug("Connecting to " + serviceAddr);
final InetSocketAddress finalServiceAddr = serviceAddr;
realProxy = newUgi.doAs(new PrivilegedExceptionAction<MRClientProtocol>() {
@Override
public MRClientProtocol run() throws IOException {
return instantiateAMProxy(finalServiceAddr);
}
});
} else {
if (!amAclDisabledStatusLogged) {
LOG.info("Network ACL closed to AM for job " + jobId + ". Not going to try to reach the AM.");
amAclDisabledStatusLogged = true;
}
return getNotRunningJob(null, JobState.RUNNING);
}
return realProxy;
} catch (IOException e) {
//possibly the AM has crashed
//there may be some time before AM is restarted
//keep retrying by getting the address from RM
LOG.info("Could not connect to " + serviceAddr + ". Waiting for getting the latest AM address...");
try {
Thread.sleep(2000);
} catch (InterruptedException e1) {
LOG.warn("getProxy() call interruped", e1);
throw new YarnRuntimeException(e1);
}
try {
application = rm.getApplicationReport(appId);
} catch (YarnException e1) {
throw new IOException(e1);
}
if (application == null) {
LOG.info("Could not get Job info from RM for job " + jobId + ". Redirecting to job history server.");
return checkAndGetHSProxy(null, JobState.RUNNING);
}
} catch (InterruptedException e) {
LOG.warn("getProxy() call interruped", e);
throw new YarnRuntimeException(e);
} catch (YarnException e) {
throw new IOException(e);
}
}
/** we just want to return if its allocating, so that we don't
* block on it. This is to be able to return job status
* on an allocating Application.
*/
String user = application.getUser();
if (user == null) {
throw new IOException("User is not set in the application report");
}
if (application.getYarnApplicationState() == YarnApplicationState.NEW || application.getYarnApplicationState() == YarnApplicationState.NEW_SAVING || application.getYarnApplicationState() == YarnApplicationState.SUBMITTED || application.getYarnApplicationState() == YarnApplicationState.ACCEPTED) {
realProxy = null;
return getNotRunningJob(application, JobState.NEW);
}
if (application.getYarnApplicationState() == YarnApplicationState.FAILED) {
realProxy = null;
return getNotRunningJob(application, JobState.FAILED);
}
if (application.getYarnApplicationState() == YarnApplicationState.KILLED) {
realProxy = null;
return getNotRunningJob(application, JobState.KILLED);
}
//succeeded.
if (application.getYarnApplicationState() == YarnApplicationState.FINISHED) {
LOG.info("Application state is completed. FinalApplicationStatus=" + application.getFinalApplicationStatus().toString() + ". Redirecting to job history server");
realProxy = checkAndGetHSProxy(application, JobState.SUCCEEDED);
}
return realProxy;
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
IOException(java.io.IOException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
ApplicationReport(org.apache.hadoop.yarn.api.records.ApplicationReport)
YarnRuntimeException(org.apache.hadoop.yarn.exceptions.YarnRuntimeException)
ClientToAMTokenIdentifier(org.apache.hadoop.yarn.security.client.ClientToAMTokenIdentifier)
ApplicationNotFoundException(org.apache.hadoop.yarn.exceptions.ApplicationNotFoundException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 18 with PrivilegedExceptionAction
use of java.security.PrivilegedExceptionAction in project hadoop by apache.
the class TestMiniMRWithDFSWithDistinctUsers method setUp.
@Before
public void setUp() throws Exception {
dfs = new MiniDFSCluster.Builder(conf).numDataNodes(4).build();
fs = DFS_UGI.doAs(new PrivilegedExceptionAction<FileSystem>() {
public FileSystem run() throws IOException {
return dfs.getFileSystem();
}
});
// Home directories for users
mkdir(fs, "/user", "nobody", "nogroup", (short) 01777);
mkdir(fs, "/user/alice", "alice", "nogroup", (short) 0755);
mkdir(fs, "/user/bob", "bob", "nogroup", (short) 0755);
// staging directory root with sticky bit
UserGroupInformation MR_UGI = UserGroupInformation.getLoginUser();
mkdir(fs, "/staging", MR_UGI.getShortUserName(), "nogroup", (short) 01777);
JobConf mrConf = new JobConf();
mrConf.set(JTConfig.JT_STAGING_AREA_ROOT, "/staging");
mr = new MiniMRCluster(0, 0, 4, dfs.getFileSystem().getUri().toString(), 1, null, null, MR_UGI, mrConf);
}
Also used :
MiniDFSCluster(org.apache.hadoop.hdfs.MiniDFSCluster)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Before(org.junit.Before)
Example 19 with PrivilegedExceptionAction
use of java.security.PrivilegedExceptionAction in project hadoop by apache.
the class TestApplicationHistoryManagerOnTimelineStore method testGetApplicationAttemptReport.
@Test
public void testGetApplicationAttemptReport() throws Exception {
final ApplicationAttemptId appAttemptId = ApplicationAttemptId.newInstance(ApplicationId.newInstance(0, 1), 1);
ApplicationAttemptReport appAttempt;
if (callerUGI == null) {
appAttempt = historyManager.getApplicationAttempt(appAttemptId);
} else {
try {
appAttempt = callerUGI.doAs(new PrivilegedExceptionAction<ApplicationAttemptReport>() {
@Override
public ApplicationAttemptReport run() throws Exception {
return historyManager.getApplicationAttempt(appAttemptId);
}
});
if (callerUGI != null && callerUGI.getShortUserName().equals("user3")) {
// The exception is expected
Assert.fail();
}
} catch (AuthorizationException e) {
if (callerUGI != null && callerUGI.getShortUserName().equals("user3")) {
// The exception is expected
return;
}
throw e;
}
}
Assert.assertNotNull(appAttempt);
Assert.assertEquals(appAttemptId, appAttempt.getApplicationAttemptId());
Assert.assertEquals(ContainerId.newContainerId(appAttemptId, 1), appAttempt.getAMContainerId());
Assert.assertEquals("test host", appAttempt.getHost());
Assert.assertEquals(100, appAttempt.getRpcPort());
Assert.assertEquals("test tracking url", appAttempt.getTrackingUrl());
Assert.assertEquals("test original tracking url", appAttempt.getOriginalTrackingUrl());
Assert.assertEquals("test diagnostics info", appAttempt.getDiagnostics());
Assert.assertEquals(YarnApplicationAttemptState.FINISHED, appAttempt.getYarnApplicationAttemptState());
}
Also used :
ApplicationAttemptReport(org.apache.hadoop.yarn.api.records.ApplicationAttemptReport)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Test(org.junit.Test)
Example 20 with PrivilegedExceptionAction
use of java.security.PrivilegedExceptionAction in project hadoop by apache.
the class TestApplicationHistoryManagerOnTimelineStore method testGetContainers.
@Test
public void testGetContainers() throws Exception {
final ApplicationAttemptId appAttemptId = ApplicationAttemptId.newInstance(ApplicationId.newInstance(0, 1), 1);
Collection<ContainerReport> containers;
if (callerUGI == null) {
containers = historyManager.getContainers(appAttemptId).values();
} else {
try {
containers = callerUGI.doAs(new PrivilegedExceptionAction<Collection<ContainerReport>>() {
@Override
public Collection<ContainerReport> run() throws Exception {
return historyManager.getContainers(appAttemptId).values();
}
});
if (callerUGI != null && callerUGI.getShortUserName().equals("user3")) {
// The exception is expected
Assert.fail();
}
} catch (AuthorizationException e) {
if (callerUGI != null && callerUGI.getShortUserName().equals("user3")) {
// The exception is expected
return;
}
throw e;
}
}
Assert.assertNotNull(containers);
Assert.assertEquals(SCALE, containers.size());
}
Also used :
ContainerReport(org.apache.hadoop.yarn.api.records.ContainerReport)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Test(org.junit.Test)
Aggregations
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)390
IOException (java.io.IOException)200
PrivilegedActionException (java.security.PrivilegedActionException)138
Test (org.junit.Test)104
Connection (org.apache.hadoop.hbase.client.Connection)81
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)76
Table (org.apache.hadoop.hbase.client.Table)62
TableName (org.apache.hadoop.hbase.TableName)57
Result (org.apache.hadoop.hbase.client.Result)56
Scan (org.apache.hadoop.hbase.client.Scan)55
ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)53
Delete (org.apache.hadoop.hbase.client.Delete)48
InterruptedIOException (java.io.InterruptedIOException)47
Cell (org.apache.hadoop.hbase.Cell)38
CellScanner (org.apache.hadoop.hbase.CellScanner)38
Configuration (org.apache.hadoop.conf.Configuration)36
File (java.io.File)34
AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)33
Path (org.apache.hadoop.fs.Path)23
ArrayList (java.util.ArrayList)22
