Examples with AccessType org.apache.hadoop.yarn.security.AccessType used on opensource projects

Search in sources :

Example 1 with AccessType

use of org.apache.hadoop.yarn.security.AccessType in project hadoop by apache.

the class AllocationFileLoaderService method loadQueue.

/**
   * Loads a queue from a queue element in the configuration file
   */
private void loadQueue(String parentName, Element element, Map<String, Resource> minQueueResources, Map<String, Resource> maxQueueResources, Map<String, Resource> maxChildQueueResources, Map<String, Integer> queueMaxApps, Map<String, Integer> userMaxApps, Map<String, Float> queueMaxAMShares, Map<String, ResourceWeights> queueWeights, Map<String, SchedulingPolicy> queuePolicies, Map<String, Long> minSharePreemptionTimeouts, Map<String, Long> fairSharePreemptionTimeouts, Map<String, Float> fairSharePreemptionThresholds, Map<String, Map<AccessType, AccessControlList>> queueAcls, Map<String, Map<ReservationACL, AccessControlList>> resAcls, Map<FSQueueType, Set<String>> configuredQueues, Set<String> reservableQueues, Set<String> nonPreemptableQueues) throws AllocationConfigurationException {
    String queueName = CharMatcher.WHITESPACE.trimFrom(element.getAttribute("name"));
    if (queueName.contains(".")) {
        throw new AllocationConfigurationException("Bad fair scheduler config " + "file: queue name (" + queueName + ") shouldn't contain period.");
    }
    if (queueName.isEmpty()) {
        throw new AllocationConfigurationException("Bad fair scheduler config " + "file: queue name shouldn't be empty or " + "consist only of whitespace.");
    }
    if (parentName != null) {
        queueName = parentName + "." + queueName;
    }
    Map<AccessType, AccessControlList> acls = new HashMap<>();
    Map<ReservationACL, AccessControlList> racls = new HashMap<>();
    NodeList fields = element.getChildNodes();
    boolean isLeaf = true;
    boolean isReservable = false;
    for (int j = 0; j < fields.getLength(); j++) {
        Node fieldNode = fields.item(j);
        if (!(fieldNode instanceof Element))
            continue;
        Element field = (Element) fieldNode;
        if ("minResources".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            Resource val = FairSchedulerConfiguration.parseResourceConfigValue(text);
            minQueueResources.put(queueName, val);
        } else if ("maxResources".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            Resource val = FairSchedulerConfiguration.parseResourceConfigValue(text);
            maxQueueResources.put(queueName, val);
        } else if ("maxChildResources".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            Resource val = FairSchedulerConfiguration.parseResourceConfigValue(text);
            maxChildQueueResources.put(queueName, val);
        } else if ("maxRunningApps".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            int val = Integer.parseInt(text);
            queueMaxApps.put(queueName, val);
        } else if ("maxAMShare".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            float val = Float.parseFloat(text);
            val = Math.min(val, 1.0f);
            queueMaxAMShares.put(queueName, val);
        } else if ("weight".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            double val = Double.parseDouble(text);
            queueWeights.put(queueName, new ResourceWeights((float) val));
        } else if ("minSharePreemptionTimeout".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            long val = Long.parseLong(text) * 1000L;
            minSharePreemptionTimeouts.put(queueName, val);
        } else if ("fairSharePreemptionTimeout".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            long val = Long.parseLong(text) * 1000L;
            fairSharePreemptionTimeouts.put(queueName, val);
        } else if ("fairSharePreemptionThreshold".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            float val = Float.parseFloat(text);
            val = Math.max(Math.min(val, 1.0f), 0.0f);
            fairSharePreemptionThresholds.put(queueName, val);
        } else if ("schedulingPolicy".equals(field.getTagName()) || "schedulingMode".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            SchedulingPolicy policy = SchedulingPolicy.parse(text);
            queuePolicies.put(queueName, policy);
        } else if ("aclSubmitApps".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData();
            acls.put(AccessType.SUBMIT_APP, new AccessControlList(text));
        } else if ("aclAdministerApps".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData();
            acls.put(AccessType.ADMINISTER_QUEUE, new AccessControlList(text));
        } else if ("aclAdministerReservations".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData();
            racls.put(ReservationACL.ADMINISTER_RESERVATIONS, new AccessControlList(text));
        } else if ("aclListReservations".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData();
            racls.put(ReservationACL.LIST_RESERVATIONS, new AccessControlList(text));
        } else if ("aclSubmitReservations".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData();
            racls.put(ReservationACL.SUBMIT_RESERVATIONS, new AccessControlList(text));
        } else if ("reservation".equals(field.getTagName())) {
            isReservable = true;
            reservableQueues.add(queueName);
            configuredQueues.get(FSQueueType.PARENT).add(queueName);
        } else if ("allowPreemptionFrom".equals(field.getTagName())) {
            String text = ((Text) field.getFirstChild()).getData().trim();
            if (!Boolean.parseBoolean(text)) {
                nonPreemptableQueues.add(queueName);
            }
        } else if ("queue".endsWith(field.getTagName()) || "pool".equals(field.getTagName())) {
            loadQueue(queueName, field, minQueueResources, maxQueueResources, maxChildQueueResources, queueMaxApps, userMaxApps, queueMaxAMShares, queueWeights, queuePolicies, minSharePreemptionTimeouts, fairSharePreemptionTimeouts, fairSharePreemptionThresholds, queueAcls, resAcls, configuredQueues, reservableQueues, nonPreemptableQueues);
            isLeaf = false;
        }
    }
    // then store it as a parent queue
    if (isLeaf && !"parent".equals(element.getAttribute("type"))) {
        configuredQueues.get(FSQueueType.LEAF).add(queueName);
    } else {
        if (isReservable) {
            throw new AllocationConfigurationException("The configuration settings" + " for " + queueName + " are invalid. A queue element that " + "contains child queue elements or that has the type='parent' " + "attribute cannot also include a reservation element.");
        }
        configuredQueues.get(FSQueueType.PARENT).add(queueName);
    }
    // The root queue defaults to all access
    for (QueueACL acl : QueueACL.values()) {
        AccessType accessType = SchedulerUtils.toAccessType(acl);
        if (acls.get(accessType) == null) {
            AccessControlList defaultAcl = queueName.equals(ROOT) ? EVERYBODY_ACL : NOBODY_ACL;
            acls.put(accessType, defaultAcl);
        }
    }
    queueAcls.put(queueName, acls);
    resAcls.put(queueName, racls);
    if (maxQueueResources.containsKey(queueName) && minQueueResources.containsKey(queueName) && !Resources.fitsIn(minQueueResources.get(queueName), maxQueueResources.get(queueName))) {
        LOG.warn(String.format("Queue %s has max resources %s less than " + "min resources %s", queueName, maxQueueResources.get(queueName), minQueueResources.get(queueName)));
    }
}
Also used : AccessControlList(org.apache.hadoop.security.authorize.AccessControlList) HashMap(java.util.HashMap) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element) Resource(org.apache.hadoop.yarn.api.records.Resource) QueueACL(org.apache.hadoop.yarn.api.records.QueueACL) Text(org.w3c.dom.Text) ResourceWeights(org.apache.hadoop.yarn.server.resourcemanager.resource.ResourceWeights) ReservationACL(org.apache.hadoop.yarn.api.records.ReservationACL) AccessType(org.apache.hadoop.yarn.security.AccessType)

Example 2 with AccessType

use of org.apache.hadoop.yarn.security.AccessType in project hadoop by apache.

the class LeafQueue method setupQueueConfigs.

protected void setupQueueConfigs(Resource clusterResource) throws IOException {
    try {
        writeLock.lock();
        super.setupQueueConfigs(clusterResource);
        this.lastClusterResource = clusterResource;
        this.cachedResourceLimitsForHeadroom = new ResourceLimits(clusterResource);
        // Initialize headroom info, also used for calculating application
        // master resource limits.  Since this happens during queue initialization
        // and all queues may not be realized yet, we'll use (optimistic)
        // absoluteMaxCapacity (it will be replaced with the more accurate
        // absoluteMaxAvailCapacity during headroom/userlimit/allocation events)
        setQueueResourceLimitsInfo(clusterResource);
        CapacitySchedulerConfiguration conf = csContext.getConfiguration();
        setOrderingPolicy(conf.<FiCaSchedulerApp>getAppOrderingPolicy(getQueuePath()));
        usersManager.setUserLimit(conf.getUserLimit(getQueuePath()));
        usersManager.setUserLimitFactor(conf.getUserLimitFactor(getQueuePath()));
        maxApplications = conf.getMaximumApplicationsPerQueue(getQueuePath());
        if (maxApplications < 0) {
            int maxGlobalPerQueueApps = conf.getGlobalMaximumApplicationsPerQueue();
            if (maxGlobalPerQueueApps > 0) {
                maxApplications = maxGlobalPerQueueApps;
            } else {
                int maxSystemApps = conf.getMaximumSystemApplications();
                maxApplications = (int) (maxSystemApps * queueCapacities.getAbsoluteCapacity());
            }
        }
        maxApplicationsPerUser = Math.min(maxApplications, (int) (maxApplications * (usersManager.getUserLimit() / 100.0f) * usersManager.getUserLimitFactor()));
        maxAMResourcePerQueuePercent = conf.getMaximumApplicationMasterResourcePerQueuePercent(getQueuePath());
        priorityAcls = conf.getPriorityAcls(getQueuePath(), scheduler.getMaxClusterLevelAppPriority());
        if (!SchedulerUtils.checkQueueLabelExpression(this.accessibleLabels, this.defaultLabelExpression, null)) {
            throw new IOException("Invalid default label expression of " + " queue=" + getQueueName() + " doesn't have permission to access all labels " + "in default label expression. labelExpression of resource request=" + (this.defaultLabelExpression == null ? "" : this.defaultLabelExpression) + ". Queue labels=" + (getAccessibleNodeLabels() == null ? "" : StringUtils.join(getAccessibleNodeLabels().iterator(), ',')));
        }
        nodeLocalityDelay = conf.getNodeLocalityDelay();
        rackLocalityFullReset = conf.getRackLocalityFullReset();
        // re-init this since max allocation could have changed
        this.minimumAllocationFactor = Resources.ratio(resourceCalculator, Resources.subtract(maximumAllocation, minimumAllocation), maximumAllocation);
        StringBuilder aclsString = new StringBuilder();
        for (Map.Entry<AccessType, AccessControlList> e : acls.entrySet()) {
            aclsString.append(e.getKey() + ":" + e.getValue().getAclString());
        }
        StringBuilder labelStrBuilder = new StringBuilder();
        if (accessibleLabels != null) {
            for (String s : accessibleLabels) {
                labelStrBuilder.append(s);
                labelStrBuilder.append(",");
            }
        }
        defaultAppPriorityPerQueue = Priority.newInstance(conf.getDefaultApplicationPriorityConfPerQueue(getQueuePath()));
        LOG.info("Initializing " + queueName + "\n" + "capacity = " + queueCapacities.getCapacity() + " [= (float) configuredCapacity / 100 ]" + "\n" + "absoluteCapacity = " + queueCapacities.getAbsoluteCapacity() + " [= parentAbsoluteCapacity * capacity ]" + "\n" + "maxCapacity = " + queueCapacities.getMaximumCapacity() + " [= configuredMaxCapacity ]" + "\n" + "absoluteMaxCapacity = " + queueCapacities.getAbsoluteMaximumCapacity() + " [= 1.0 maximumCapacity undefined, " + "(parentAbsoluteMaxCapacity * maximumCapacity) / 100 otherwise ]" + "\n" + "userLimit = " + usersManager.getUserLimit() + " [= configuredUserLimit ]" + "\n" + "userLimitFactor = " + usersManager.getUserLimitFactor() + " [= configuredUserLimitFactor ]" + "\n" + "maxApplications = " + maxApplications + " [= configuredMaximumSystemApplicationsPerQueue or" + " (int)(configuredMaximumSystemApplications * absoluteCapacity)]" + "\n" + "maxApplicationsPerUser = " + maxApplicationsPerUser + " [= (int)(maxApplications * (userLimit / 100.0f) * " + "userLimitFactor) ]" + "\n" + "usedCapacity = " + queueCapacities.getUsedCapacity() + " [= usedResourcesMemory / " + "(clusterResourceMemory * absoluteCapacity)]" + "\n" + "absoluteUsedCapacity = " + absoluteUsedCapacity + " [= usedResourcesMemory / clusterResourceMemory]" + "\n" + "maxAMResourcePerQueuePercent = " + maxAMResourcePerQueuePercent + " [= configuredMaximumAMResourcePercent ]" + "\n" + "minimumAllocationFactor = " + minimumAllocationFactor + " [= (float)(maximumAllocationMemory - minimumAllocationMemory) / " + "maximumAllocationMemory ]" + "\n" + "maximumAllocation = " + maximumAllocation + " [= configuredMaxAllocation ]" + "\n" + "numContainers = " + numContainers + " [= currentNumContainers ]" + "\n" + "state = " + getState() + " [= configuredState ]" + "\n" + "acls = " + aclsString + " [= configuredAcls ]" + "\n" + "nodeLocalityDelay = " + nodeLocalityDelay + "\n" + "labels=" + labelStrBuilder.toString() + "\n" + "reservationsContinueLooking = " + reservationsContinueLooking + "\n" + "preemptionDisabled = " + getPreemptionDisabled() + "\n" + "defaultAppPriorityPerQueue = " + defaultAppPriorityPerQueue + "\npriority = " + priority);
    } finally {
        writeLock.unlock();
    }
}
Also used : AccessControlList(org.apache.hadoop.security.authorize.AccessControlList) ResourceLimits(org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceLimits) IOException(java.io.IOException) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) AccessType(org.apache.hadoop.yarn.security.AccessType)

Example 3 with AccessType

use of org.apache.hadoop.yarn.security.AccessType in project hadoop by apache.

the class AllocationFileLoaderService method getDefaultPermissions.

/**
   * Returns the list of default permissions.
   * The default permission for the root queue is everybody ("*")
   * and the default permission for all other queues is nobody ("").
   * The default permission list would be loaded before the permissions
   * from allocation file.
   * @return default permission list
   */
protected List<Permission> getDefaultPermissions() {
    if (defaultPermissions == null) {
        defaultPermissions = new ArrayList<>();
        Map<AccessType, AccessControlList> acls = new HashMap<>();
        for (QueueACL acl : QueueACL.values()) {
            acls.put(SchedulerUtils.toAccessType(acl), EVERYBODY_ACL);
        }
        defaultPermissions.add(new Permission(new PrivilegedEntity(EntityType.QUEUE, ROOT), acls));
    }
    return defaultPermissions;
}
Also used : AccessControlList(org.apache.hadoop.security.authorize.AccessControlList) HashMap(java.util.HashMap) QueueACL(org.apache.hadoop.yarn.api.records.QueueACL) Permission(org.apache.hadoop.yarn.security.Permission) PrivilegedEntity(org.apache.hadoop.yarn.security.PrivilegedEntity) AccessType(org.apache.hadoop.yarn.security.AccessType)

Aggregations

AccessControlList (org.apache.hadoop.security.authorize.AccessControlList)3 AccessType (org.apache.hadoop.yarn.security.AccessType)3 HashMap (java.util.HashMap)2 QueueACL (org.apache.hadoop.yarn.api.records.QueueACL)2 IOException (java.io.IOException)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 ReservationACL (org.apache.hadoop.yarn.api.records.ReservationACL)1 Resource (org.apache.hadoop.yarn.api.records.Resource)1 Permission (org.apache.hadoop.yarn.security.Permission)1 PrivilegedEntity (org.apache.hadoop.yarn.security.PrivilegedEntity)1 ResourceWeights (org.apache.hadoop.yarn.server.resourcemanager.resource.ResourceWeights)1 ResourceLimits (org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceLimits)1 Element (org.w3c.dom.Element)1 Node (org.w3c.dom.Node)1 NodeList (org.w3c.dom.NodeList)1 Text (org.w3c.dom.Text)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial