Search in sources :

Example 61 with UserGroupInformation

use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.

the class TestMiniMRProxyUser method testValidProxyUser.

@Test
public void testValidProxyUser() throws Exception {
    UserGroupInformation ugi = UserGroupInformation.createProxyUser("u1", UserGroupInformation.getLoginUser());
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            mrRun();
            return null;
        }
    });
}
Also used : RemoteException(org.apache.hadoop.ipc.RemoteException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 62 with UserGroupInformation

use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.

the class TestMRJobs method testSleepJobWithSecurityOn.

//@Test (timeout = 60000)
public void testSleepJobWithSecurityOn() throws IOException, InterruptedException, ClassNotFoundException {
    LOG.info("\n\n\nStarting testSleepJobWithSecurityOn().");
    if (!(new File(MiniMRYarnCluster.APPJAR)).exists()) {
        return;
    }
    mrCluster.getConfig().set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    mrCluster.getConfig().set(YarnConfiguration.RM_KEYTAB, "/etc/krb5.keytab");
    mrCluster.getConfig().set(YarnConfiguration.NM_KEYTAB, "/etc/krb5.keytab");
    mrCluster.getConfig().set(YarnConfiguration.RM_PRINCIPAL, "rm/sightbusy-lx@LOCALHOST");
    mrCluster.getConfig().set(YarnConfiguration.NM_PRINCIPAL, "nm/sightbusy-lx@LOCALHOST");
    UserGroupInformation.setConfiguration(mrCluster.getConfig());
    // Keep it in here instead of after RM/NM as multiple user logins happen in
    // the same JVM.
    UserGroupInformation user = UserGroupInformation.getCurrentUser();
    LOG.info("User name is " + user.getUserName());
    for (Token<? extends TokenIdentifier> str : user.getTokens()) {
        LOG.info("Token is " + str.encodeToUrlString());
    }
    user.doAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            SleepJob sleepJob = new SleepJob();
            sleepJob.setConf(mrCluster.getConfig());
            Job job = sleepJob.createJob(3, 0, 10000, 1, 0, 0);
            // //Job with reduces
            // Job job = sleepJob.createJob(3, 2, 10000, 1, 10000, 1);
            // The AppMaster jar itself.
            job.addFileToClassPath(APP_JAR);
            job.submit();
            String trackingUrl = job.getTrackingURL();
            String jobId = job.getJobID().toString();
            job.waitForCompletion(true);
            Assert.assertEquals(JobStatus.State.SUCCEEDED, job.getJobState());
            Assert.assertTrue("Tracking URL was " + trackingUrl + " but didn't Match Job ID " + jobId, trackingUrl.endsWith(jobId.substring(jobId.lastIndexOf("_")) + "/"));
            return null;
        }
    });
// TODO later:  add explicit "isUber()" checks of some sort
}
Also used : SleepJob(org.apache.hadoop.mapreduce.SleepJob) RunningJob(org.apache.hadoop.mapred.RunningJob) Job(org.apache.hadoop.mapreduce.Job) RandomTextWriterJob(org.apache.hadoop.RandomTextWriterJob) SleepJob(org.apache.hadoop.mapreduce.SleepJob) File(java.io.File) FileNotFoundException(java.io.FileNotFoundException) IOException(java.io.IOException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 63 with UserGroupInformation

use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.

the class TestJHSSecurity method getMRClientProtocol.

private MRClientProtocol getMRClientProtocol(Token token, final InetSocketAddress hsAddress, String user, final Configuration conf) {
    UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
    ugi.addToken(ConverterUtils.convertFromYarn(token, hsAddress));
    final YarnRPC rpc = YarnRPC.create(conf);
    MRClientProtocol hsWithDT = ugi.doAs(new PrivilegedAction<MRClientProtocol>() {

        @Override
        public MRClientProtocol run() {
            return (MRClientProtocol) rpc.getProxy(HSClientProtocol.class, hsAddress, conf);
        }
    });
    return hsWithDT;
}
Also used : YarnRPC(org.apache.hadoop.yarn.ipc.YarnRPC) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) MRClientProtocol(org.apache.hadoop.mapreduce.v2.api.MRClientProtocol)

Example 64 with UserGroupInformation

use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.

the class TestUmbilicalProtocolWithJobToken method testJobTokenRpc.

@Test
public void testJobTokenRpc() throws Exception {
    TaskUmbilicalProtocol mockTT = mock(TaskUmbilicalProtocol.class);
    doReturn(TaskUmbilicalProtocol.versionID).when(mockTT).getProtocolVersion(anyString(), anyLong());
    doReturn(ProtocolSignature.getProtocolSignature(mockTT, TaskUmbilicalProtocol.class.getName(), TaskUmbilicalProtocol.versionID, 0)).when(mockTT).getProtocolSignature(anyString(), anyLong(), anyInt());
    JobTokenSecretManager sm = new JobTokenSecretManager();
    final Server server = new RPC.Builder(conf).setProtocol(TaskUmbilicalProtocol.class).setInstance(mockTT).setBindAddress(ADDRESS).setPort(0).setNumHandlers(5).setVerbose(true).setSecretManager(sm).build();
    server.start();
    final UserGroupInformation current = UserGroupInformation.getCurrentUser();
    final InetSocketAddress addr = NetUtils.getConnectAddress(server);
    String jobId = current.getUserName();
    JobTokenIdentifier tokenId = new JobTokenIdentifier(new Text(jobId));
    Token<JobTokenIdentifier> token = new Token<JobTokenIdentifier>(tokenId, sm);
    sm.addTokenForJob(jobId, token);
    SecurityUtil.setTokenService(token, addr);
    LOG.info("Service address for token is " + token.getService());
    current.addToken(token);
    current.doAs(new PrivilegedExceptionAction<Object>() {

        @Override
        public Object run() throws Exception {
            TaskUmbilicalProtocol proxy = null;
            try {
                proxy = (TaskUmbilicalProtocol) RPC.getProxy(TaskUmbilicalProtocol.class, TaskUmbilicalProtocol.versionID, addr, conf);
                proxy.statusUpdate(null, null);
            } finally {
                server.stop();
                if (proxy != null) {
                    RPC.stopProxy(proxy);
                }
            }
            return null;
        }
    });
}
Also used : SaslRpcServer(org.apache.hadoop.security.SaslRpcServer) Server(org.apache.hadoop.ipc.Server) InetSocketAddress(java.net.InetSocketAddress) JobTokenIdentifier(org.apache.hadoop.mapreduce.security.token.JobTokenIdentifier) Text(org.apache.hadoop.io.Text) Token(org.apache.hadoop.security.token.Token) Matchers.anyString(org.mockito.Matchers.anyString) TaskUmbilicalProtocol(org.apache.hadoop.mapred.TaskUmbilicalProtocol) JobTokenSecretManager(org.apache.hadoop.mapreduce.security.token.JobTokenSecretManager) Matchers.anyObject(org.mockito.Matchers.anyObject) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 65 with UserGroupInformation

use of org.apache.hadoop.security.UserGroupInformation in project hadoop by apache.

the class Gridmix method run.

public int run(final String[] argv) throws IOException, InterruptedException {
    int val = -1;
    final Configuration conf = getConf();
    UserGroupInformation.setConfiguration(conf);
    UserGroupInformation ugi = UserGroupInformation.getLoginUser();
    val = ugi.doAs(new PrivilegedExceptionAction<Integer>() {

        public Integer run() throws Exception {
            return runJob(conf, argv);
        }
    });
    // print the gridmix summary if the run was successful
    if (val == 0) {
        // print the run summary
        System.out.print("\n\n");
        System.out.println(summarizer.toString());
    }
    return val;
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Aggregations

UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)664 IOException (java.io.IOException)281 Test (org.junit.Test)242 Configuration (org.apache.hadoop.conf.Configuration)142 Path (org.apache.hadoop.fs.Path)105 FileSystem (org.apache.hadoop.fs.FileSystem)73 YarnException (org.apache.hadoop.yarn.exceptions.YarnException)57 AccessControlException (org.apache.hadoop.security.AccessControlException)54 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)51 FsPermission (org.apache.hadoop.fs.permission.FsPermission)49 Path (javax.ws.rs.Path)47 Token (org.apache.hadoop.security.token.Token)46 Produces (javax.ws.rs.Produces)45 ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)45 RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)43 AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)40 ArrayList (java.util.ArrayList)38 Text (org.apache.hadoop.io.Text)38 ApplicationAttemptId (org.apache.hadoop.yarn.api.records.ApplicationAttemptId)36 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)35