List of usage examples for org.apache.hadoop.ipc Server getRemoteUser
public static UserGroupInformation getRemoteUser()
From source file:uk.ac.gla.terrier.probos.controller.ControllerServer.java
License:Open Source License
@Override public int submitJob(final PBSJob job, byte[] scriptSource) throws IOException { UserGroupInformation caller = Server.getRemoteUser(); LOG.info(caller + " submitted a job!"); final String requestorUserName = caller.getShortUserName(); //check for ProBoS queue limits final int maxUserQueueable = pConf.getInt(PConfiguration.KEY_JOB_MAX_USER_QUEUE, 5000); final int maxQueueable = pConf.getInt(PConfiguration.KEY_JOB_MAX_QUEUE, 10000); if (jobArray.size() > maxQueueable) { rejectedJobs.inc();//w w w . j a va2 s. co m return -1; } if (user2QueuedCount.get(requestorUserName) > maxUserQueueable) { rejectedJobs.inc(); return -1; } int newId = nextJobId.incrementAndGet(); JobInformation ji = new JobInformation(newId, job); jobArray.put(newId, ji); ji.jobId = newId; ji.modify(); user2QueuedCount.adjustOrPutValue(requestorUserName, 1, 1); if (!storeJobScript(ji, requestorUserName, scriptSource)) { jobArray.remove(newId); user2QueuedCount.adjustOrPutValue(requestorUserName, -1, 0); rejectedJobs.inc(); return -1; } if (job.getUserHold()) { jobHolds.put(newId, new JobHold(HoldType.USER, requestorUserName)); return newId; } else { //yarnJob returns the job id on success if (yarnJob(ji, requestorUserName) == newId) { return newId; } else { jobArray.remove(newId); user2QueuedCount.adjustOrPutValue(requestorUserName, -1, 0); rejectedJobs.inc(); return -1; } } }
From source file:uk.ac.gla.terrier.probos.controller.ControllerServer.java
License:Open Source License
/** Kills the specified job. * @param jobId id of the job to be killed * @return 0 for success, -1 for no such job, -2 for job could not be killed * @throws Exception//from w w w. j a v a2s. c o m */ @Override public int killJob(final int jobId, boolean purge) throws Exception { UserGroupInformation caller = Server.getRemoteUser(); LOG.info(caller + " asked to kill job " + jobId); if (!jobArray.containsKey(jobId)) return -1; final JobInformation ji = jobArray.get(jobId); checkOwnerOrRoot(ji); UserGroupInformation proxyUser = ji.proxyUser; Integer status; PrivilegedExceptionAction<Integer> doKill = new PrivilegedExceptionAction<Integer>() { public Integer run() throws Exception { final long kill_deadline = System.currentTimeMillis() + pConf.getLong(PConfiguration.KEY_CONTROLLER_KILL_TIMEOUT, 5000); YarnClientService kittenClient = ji.kitten; YarnClient yarnClient = YarnClient.createYarnClient(); yarnClient.init(yConf); yarnClient.start(); yarnClient.killApplication(kittenClient.getApplicationId()); while (!kittenClient.isApplicationFinished()) { Thread.sleep(100); if (System.currentTimeMillis() > kill_deadline) return -2; } return 0; } }; //perform the actual kill, as the user if (UserGroupInformation.isSecurityEnabled()) status = proxyUser.doAs(doKill); else status = doKill.run(); runningJobs.dec(); killedJobs.inc(); //purge, aka qdel -p. //conditional on superuser if (purge) { jobArray.remove(jobId); status = 0; } return status; }
From source file:uk.ac.gla.terrier.probos.controller.ControllerServer.java
License:Open Source License
protected void checkOwnerOrRoot(JobInformation ji) throws Exception { if (ji == null) return;// you can do what you want if there is no job to act upon it UserGroupInformation caller = Server.getRemoteUser(); if (ji != null) { //craigm@AD.DCS.GLA.AC.UK (auth:KERBEROS) denied access, //expected craigm (auth:PROXY) via probos/salt@DCS.GLA.AC.UK (auth:KERBEROS) //we just check that shortusername match if (!ji.proxyUser.getShortUserName().equals(caller.getShortUserName())) { SecurityException se = new SecurityException("No permission to access this information"); LOG.warn(caller.toString() + " denied access, job owner was " + ji.proxyUser.toString(), se); throw se; }/* w w w. ja va 2s .c o m*/ } }