use of org.apache.hadoop.yarn.api.records.ReservationACL in project hadoop by apache.
the class ClientRMService method checkReservationACLs.
private String checkReservationACLs(String queueName, String auditConstant, ReservationId reservationId) throws YarnException, IOException {
UserGroupInformation callerUGI;
try {
callerUGI = UserGroupInformation.getCurrentUser();
} catch (IOException ie) {
RMAuditLogger.logFailure("UNKNOWN", auditConstant, queueName, "ClientRMService", "Error getting UGI");
throw RPCUtil.getRemoteException(ie);
}
if (reservationSystem == null) {
return callerUGI.getShortUserName();
}
ReservationsACLsManager manager = reservationSystem.getReservationsACLsManager();
ReservationACL reservationACL = getReservationACLFromAuditConstant(auditConstant);
if (manager == null) {
return callerUGI.getShortUserName();
}
String reservationCreatorName = "";
ReservationAllocation reservation;
// Get the user associated with the reservation.
Plan plan = reservationSystem.getPlan(queueName);
if (reservationId != null && plan != null) {
reservation = plan.getReservationById(reservationId);
if (reservation != null) {
reservationCreatorName = reservation.getUser();
}
}
// access will be given.
if (reservationCreatorName != null && !reservationCreatorName.isEmpty() && reservationCreatorName.equals(callerUGI.getUserName())) {
return callerUGI.getShortUserName();
}
// Check if the user has access to the specific ACL
if (manager.checkAccess(callerUGI, reservationACL, queueName)) {
return callerUGI.getShortUserName();
}
// If the user has Administer ACL then access is granted
if (manager.checkAccess(callerUGI, ReservationACL.ADMINISTER_RESERVATIONS, queueName)) {
return callerUGI.getShortUserName();
}
handleNoAccess(callerUGI.getShortUserName(), queueName, auditConstant, reservationACL.toString(), reservationACL.name());
throw new IllegalStateException();
}
use of org.apache.hadoop.yarn.api.records.ReservationACL in project hadoop by apache.
the class ReservationACLsTestBase method createCapacitySchedulerConfiguration.
private static Configuration createCapacitySchedulerConfiguration() {
CapacitySchedulerConfiguration csConf = new CapacitySchedulerConfiguration();
csConf.setQueues(CapacitySchedulerConfiguration.ROOT, new String[] { QUEUEA, QUEUEB, QUEUEC });
String absoluteQueueA = CapacitySchedulerConfiguration.ROOT + "." + QUEUEA;
String absoluteQueueB = CapacitySchedulerConfiguration.ROOT + "." + QUEUEB;
String absoluteQueueC = CapacitySchedulerConfiguration.ROOT + "." + QUEUEC;
csConf.setCapacity(absoluteQueueA, 50f);
csConf.setCapacity(absoluteQueueB, 20f);
csConf.setCapacity(absoluteQueueC, 30f);
csConf.setReservable(absoluteQueueA, true);
csConf.setReservable(absoluteQueueB, true);
csConf.setReservable(absoluteQueueC, true);
// Set up ACLs on Queue A
Map<ReservationACL, AccessControlList> reservationAclsOnQueueA = new HashMap<>();
AccessControlList submitACLonQueueA = new AccessControlList(QUEUE_A_USER);
AccessControlList adminACLonQueueA = new AccessControlList(QUEUE_A_ADMIN);
AccessControlList listACLonQueueA = new AccessControlList(COMMON_USER);
reservationAclsOnQueueA.put(ReservationACL.SUBMIT_RESERVATIONS, submitACLonQueueA);
reservationAclsOnQueueA.put(ReservationACL.ADMINISTER_RESERVATIONS, adminACLonQueueA);
reservationAclsOnQueueA.put(ReservationACL.LIST_RESERVATIONS, listACLonQueueA);
csConf.setReservationAcls(absoluteQueueA, reservationAclsOnQueueA);
// Set up ACLs on Queue B
Map<ReservationACL, AccessControlList> reservationAclsOnQueueB = new HashMap<>();
AccessControlList submitACLonQueueB = new AccessControlList(QUEUE_B_USER);
AccessControlList adminACLonQueueB = new AccessControlList(QUEUE_B_ADMIN);
AccessControlList listACLonQueueB = new AccessControlList(COMMON_USER);
reservationAclsOnQueueB.put(ReservationACL.SUBMIT_RESERVATIONS, submitACLonQueueB);
reservationAclsOnQueueB.put(ReservationACL.ADMINISTER_RESERVATIONS, adminACLonQueueB);
reservationAclsOnQueueB.put(ReservationACL.LIST_RESERVATIONS, listACLonQueueB);
csConf.setReservationAcls(absoluteQueueB, reservationAclsOnQueueB);
csConf.setBoolean(YarnConfiguration.RM_RESERVATION_SYSTEM_ENABLE, true);
csConf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
csConf.setBoolean(YarnConfiguration.YARN_RESERVATION_ACL_ENABLE, true);
csConf.set(YarnConfiguration.RM_SCHEDULER, CapacityScheduler.class.getName());
return csConf;
}
use of org.apache.hadoop.yarn.api.records.ReservationACL in project hadoop by apache.
the class AllocationFileLoaderService method loadQueue.
/**
* Loads a queue from a queue element in the configuration file
*/
private void loadQueue(String parentName, Element element, Map<String, Resource> minQueueResources, Map<String, Resource> maxQueueResources, Map<String, Resource> maxChildQueueResources, Map<String, Integer> queueMaxApps, Map<String, Integer> userMaxApps, Map<String, Float> queueMaxAMShares, Map<String, ResourceWeights> queueWeights, Map<String, SchedulingPolicy> queuePolicies, Map<String, Long> minSharePreemptionTimeouts, Map<String, Long> fairSharePreemptionTimeouts, Map<String, Float> fairSharePreemptionThresholds, Map<String, Map<AccessType, AccessControlList>> queueAcls, Map<String, Map<ReservationACL, AccessControlList>> resAcls, Map<FSQueueType, Set<String>> configuredQueues, Set<String> reservableQueues, Set<String> nonPreemptableQueues) throws AllocationConfigurationException {
String queueName = CharMatcher.WHITESPACE.trimFrom(element.getAttribute("name"));
if (queueName.contains(".")) {
throw new AllocationConfigurationException("Bad fair scheduler config " + "file: queue name (" + queueName + ") shouldn't contain period.");
}
if (queueName.isEmpty()) {
throw new AllocationConfigurationException("Bad fair scheduler config " + "file: queue name shouldn't be empty or " + "consist only of whitespace.");
}
if (parentName != null) {
queueName = parentName + "." + queueName;
}
Map<AccessType, AccessControlList> acls = new HashMap<>();
Map<ReservationACL, AccessControlList> racls = new HashMap<>();
NodeList fields = element.getChildNodes();
boolean isLeaf = true;
boolean isReservable = false;
for (int j = 0; j < fields.getLength(); j++) {
Node fieldNode = fields.item(j);
if (!(fieldNode instanceof Element))
continue;
Element field = (Element) fieldNode;
if ("minResources".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
Resource val = FairSchedulerConfiguration.parseResourceConfigValue(text);
minQueueResources.put(queueName, val);
} else if ("maxResources".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
Resource val = FairSchedulerConfiguration.parseResourceConfigValue(text);
maxQueueResources.put(queueName, val);
} else if ("maxChildResources".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
Resource val = FairSchedulerConfiguration.parseResourceConfigValue(text);
maxChildQueueResources.put(queueName, val);
} else if ("maxRunningApps".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
int val = Integer.parseInt(text);
queueMaxApps.put(queueName, val);
} else if ("maxAMShare".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
float val = Float.parseFloat(text);
val = Math.min(val, 1.0f);
queueMaxAMShares.put(queueName, val);
} else if ("weight".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
double val = Double.parseDouble(text);
queueWeights.put(queueName, new ResourceWeights((float) val));
} else if ("minSharePreemptionTimeout".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
long val = Long.parseLong(text) * 1000L;
minSharePreemptionTimeouts.put(queueName, val);
} else if ("fairSharePreemptionTimeout".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
long val = Long.parseLong(text) * 1000L;
fairSharePreemptionTimeouts.put(queueName, val);
} else if ("fairSharePreemptionThreshold".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
float val = Float.parseFloat(text);
val = Math.max(Math.min(val, 1.0f), 0.0f);
fairSharePreemptionThresholds.put(queueName, val);
} else if ("schedulingPolicy".equals(field.getTagName()) || "schedulingMode".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
SchedulingPolicy policy = SchedulingPolicy.parse(text);
queuePolicies.put(queueName, policy);
} else if ("aclSubmitApps".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData();
acls.put(AccessType.SUBMIT_APP, new AccessControlList(text));
} else if ("aclAdministerApps".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData();
acls.put(AccessType.ADMINISTER_QUEUE, new AccessControlList(text));
} else if ("aclAdministerReservations".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData();
racls.put(ReservationACL.ADMINISTER_RESERVATIONS, new AccessControlList(text));
} else if ("aclListReservations".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData();
racls.put(ReservationACL.LIST_RESERVATIONS, new AccessControlList(text));
} else if ("aclSubmitReservations".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData();
racls.put(ReservationACL.SUBMIT_RESERVATIONS, new AccessControlList(text));
} else if ("reservation".equals(field.getTagName())) {
isReservable = true;
reservableQueues.add(queueName);
configuredQueues.get(FSQueueType.PARENT).add(queueName);
} else if ("allowPreemptionFrom".equals(field.getTagName())) {
String text = ((Text) field.getFirstChild()).getData().trim();
if (!Boolean.parseBoolean(text)) {
nonPreemptableQueues.add(queueName);
}
} else if ("queue".endsWith(field.getTagName()) || "pool".equals(field.getTagName())) {
loadQueue(queueName, field, minQueueResources, maxQueueResources, maxChildQueueResources, queueMaxApps, userMaxApps, queueMaxAMShares, queueWeights, queuePolicies, minSharePreemptionTimeouts, fairSharePreemptionTimeouts, fairSharePreemptionThresholds, queueAcls, resAcls, configuredQueues, reservableQueues, nonPreemptableQueues);
isLeaf = false;
}
}
// then store it as a parent queue
if (isLeaf && !"parent".equals(element.getAttribute("type"))) {
configuredQueues.get(FSQueueType.LEAF).add(queueName);
} else {
if (isReservable) {
throw new AllocationConfigurationException("The configuration settings" + " for " + queueName + " are invalid. A queue element that " + "contains child queue elements or that has the type='parent' " + "attribute cannot also include a reservation element.");
}
configuredQueues.get(FSQueueType.PARENT).add(queueName);
}
// The root queue defaults to all access
for (QueueACL acl : QueueACL.values()) {
AccessType accessType = SchedulerUtils.toAccessType(acl);
if (acls.get(accessType) == null) {
AccessControlList defaultAcl = queueName.equals(ROOT) ? EVERYBODY_ACL : NOBODY_ACL;
acls.put(accessType, defaultAcl);
}
}
queueAcls.put(queueName, acls);
resAcls.put(queueName, racls);
if (maxQueueResources.containsKey(queueName) && minQueueResources.containsKey(queueName) && !Resources.fitsIn(minQueueResources.get(queueName), maxQueueResources.get(queueName))) {
LOG.warn(String.format("Queue %s has max resources %s less than " + "min resources %s", queueName, maxQueueResources.get(queueName), minQueueResources.get(queueName)));
}
}
Aggregations