Return-Path: X-Original-To: apmail-hadoop-common-commits-archive@www.apache.org Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EFD8D1790B for ; Wed, 15 Apr 2015 04:12:49 +0000 (UTC) Received: (qmail 12041 invoked by uid 500); 15 Apr 2015 04:12:49 -0000 Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org Received: (qmail 11975 invoked by uid 500); 15 Apr 2015 04:12:49 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 11966 invoked by uid 99); 15 Apr 2015 04:12:49 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Apr 2015 04:12:49 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 91EF0E042F; Wed, 15 Apr 2015 04:12:49 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: harsh@apache.org To: common-commits@hadoop.apache.org Message-Id: <5544a108cf79456ba25c1c084425cb54@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: hadoop git commit: YARN-3462. Patches applied for YARN-2424 are inconsistent between trunk and branch-2. Contributed by Naganarasimha G R. Date: Wed, 15 Apr 2015 04:12:49 +0000 (UTC) Repository: hadoop Updated Branches: refs/heads/branch-2 38b031d6b -> 01af29106 YARN-3462. Patches applied for YARN-2424 are inconsistent between trunk and branch-2. Contributed by Naganarasimha G R. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/01af2910 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/01af2910 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/01af2910 Branch: refs/heads/branch-2 Commit: 01af29106a1603eff9f4e622a6919d49cb0bfa65 Parents: 38b031d Author: Harsh J Authored: Wed Apr 15 09:41:43 2015 +0530 Committer: Harsh J Committed: Wed Apr 15 09:41:43 2015 +0530 ---------------------------------------------------------------------- hadoop-yarn-project/CHANGES.txt | 3 +++ .../src/main/resources/yarn-default.xml | 21 ++++++++++---------- .../nodemanager/LinuxContainerExecutor.java | 12 +++++++---- 3 files changed, 22 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/01af2910/hadoop-yarn-project/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index f77aafd..b5e850e 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -165,6 +165,9 @@ Release 2.7.1 - UNRELEASED BUG FIXES + YARN-3462. Patches applied for YARN-2424 are inconsistent between + trunk and branch-2. (Naganarasimha G R via harsh) + Release 2.7.0 - UNRELEASED INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/01af2910/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml index a469cae..66400c8 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml @@ -1036,21 +1036,22 @@ - This determines which of the two modes that LCE should use on a non-secure - cluster. If this value is set to true, then all containers will be launched as the user - specified in yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user. If - this value is set to false, then containers will run as the user who submitted the - application. - + This determines which of the two modes that LCE should use on + a non-secure cluster. If this value is set to true, then all containers + will be launched as the user specified in + yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user. If + this value is set to false, then containers will run as the user who + submitted the application. yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users true - The UNIX user that containers will run as when Linux-container-executor - is used in nonsecure mode (a use case for this is using cgroups) if the - yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users is set - to true. + The UNIX user that containers will run as when + Linux-container-executor is used in nonsecure mode (a use case for this + is using cgroups) if the + yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users is + set to true. yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user nobody http://git-wip-us.apache.org/repos/asf/hadoop/blob/01af2910/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java index 59b35ce..fac71d3 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java @@ -59,9 +59,8 @@ public class LinuxContainerExecutor extends ContainerExecutor { private LCEResourcesHandler resourcesHandler; private boolean containerSchedPriorityIsSet = false; private int containerSchedPriorityAdjustment = 0; - private boolean containerLimitUsers = YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS; - - + private boolean containerLimitUsers; + @Override public void setConf(Configuration conf) { super.setConf(conf); @@ -71,6 +70,7 @@ public class LinuxContainerExecutor extends ContainerExecutor { conf.getClass(YarnConfiguration.NM_LINUX_CONTAINER_RESOURCES_HANDLER, DefaultLCEResourcesHandler.class, LCEResourcesHandler.class), conf); resourcesHandler.setConf(conf); + if (conf.get(YarnConfiguration.NM_CONTAINER_EXECUTOR_SCHED_PRIORITY) != null) { containerSchedPriorityIsSet = true; containerSchedPriorityAdjustment = conf @@ -83,9 +83,13 @@ public class LinuxContainerExecutor extends ContainerExecutor { nonsecureLocalUserPattern = Pattern.compile( conf.get(YarnConfiguration.NM_NONSECURE_MODE_USER_PATTERN_KEY, YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_USER_PATTERN)); - containerLimitUsers=conf.getBoolean( + containerLimitUsers = conf.getBoolean( YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS, YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS); + if (!containerLimitUsers) { + LOG.warn(YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS + + ": impersonation without authentication enabled"); + } } void verifyUsernamePattern(String user) {