List of usage examples for org.apache.hadoop.security UserGroupInformation doAs
@InterfaceAudience.Public @InterfaceStability.Evolving public <T> T doAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
From source file:uk.ac.gla.terrier.probos.controller.ControllerServer.java
License:Open Source License
protected boolean storeJobScript(final JobInformation ji, final String requestorUserName, final byte[] source) throws IOException { final String jobFolderName = String.valueOf(Math.abs(random.nextInt())); final Path jobFolder = new Path(probosFolder, jobFolderName); final Path script = new Path(probosFolder, jobFolderName + ".SC"); PrivilegedExceptionAction<Path> submitAction = new PrivilegedExceptionAction<Path>() { public Path run() throws Exception { FileSystem fs = FileSystem.get(yConf); fs.mkdirs(jobFolder);//from w w w . ja va2s.com OutputStream os = fs.create(script); os.write(source); os.close(); LOG.info("Wrote " + source.length + " bytes to " + script.toString() + " as the job script for job " + ji.jobId); return script; } }; //setuid to the requestor's user id UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(requestorUserName, UserGroupInformation.getLoginUser()); Path rtr = null; try { if (UserGroupInformation.isSecurityEnabled()) rtr = proxyUser.doAs(submitAction); else rtr = submitAction.run(); ji.proxyUser = proxyUser; ji.scriptLocation = rtr; ji.folderLocation = jobFolder; ji.modify(); return true; } catch (Exception e) { LOG.error("Could not store job file!", e); return false; } }
From source file:uk.ac.gla.terrier.probos.controller.ControllerServer.java
License:Open Source License
protected int yarnJob(final JobInformation ji, final String requestorUserName) throws IOException { assert ji.scriptLocation != null; assert ji.folderLocation != null; final PBSJob job = ji.jobSpec; PrivilegedExceptionAction<Integer> submitAction = new PrivilegedExceptionAction<Integer>() { public Integer run() throws Exception { File luaFile = writeJobKittenSpec(job, ji.scriptLocation, ji.jobId, false); Configuration kConf = new Configuration(yConf); kConf.set(LocalDataHelper.APP_BASE_DIR, ji.folderLocation.toUri().toString()); YarnClientParameters params = new LuaYarnClientParameters(luaFile.toString(), Constants.PRODUCT_NAME, kConf, extraLuaValues, extraLocalResources); ji.jobSpec.setQueue(params.getQueue()); Credentials creds = new Credentials(); //create delegation tokens //interactive rpc InetSocketAddress addr = NetUtils.getConnectAddress(interactiveRpcserver); Text host = new Text(addr.getAddress().getHostAddress() + ":" + addr.getPort()); ProbosDelegationTokenIdentifier tokenId = secretManager.createIdentifier(); Token<ProbosDelegationTokenIdentifier> delgationToken = new Token<ProbosDelegationTokenIdentifier>( tokenId, secretManager); delgationToken.setService(host); creds.addToken(host, delgationToken); LOG.info("Interactive: Generated token for " + creds.toString() + " : " + delgationToken); //client rpc tokenId = secretManager.createIdentifier(); delgationToken = new Token<ProbosDelegationTokenIdentifier>(tokenId, secretManager); addr = NetUtils.getConnectAddress(clientRpcserver); host = new Text(addr.getAddress().getHostAddress() + ":" + addr.getPort()); delgationToken.setService(host); creds.addToken(host, delgationToken); LOG.info("Client: Generated token for " + creds.toString() + " : " + delgationToken); //master rpc tokenId = secretManager.createIdentifier(); delgationToken = new Token<ProbosDelegationTokenIdentifier>(tokenId, secretManager); addr = NetUtils.getConnectAddress(masterRpcserver); host = new Text(addr.getAddress().getHostAddress() + ":" + addr.getPort()); delgationToken.setService(host); creds.addToken(host, delgationToken); LOG.info("Master: Generated token for " + creds.toString() + " : " + delgationToken); YarnClientService service = new YarnClientServiceImpl(params, creds); service.startAndWait();/*from w ww. j a va 2 s . com*/ if (!service.isRunning()) { LOG.error("YarnClientService failed to startup, exiting..."); jobArray.remove(ji.jobId); return ji.jobId; } ji.kitten = service; ji.modify(); return ji.jobId; } }; //setuid to the requestor's user id UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(requestorUserName, UserGroupInformation.getLoginUser()); Integer rtr = null; try { if (UserGroupInformation.isSecurityEnabled()) rtr = proxyUser.doAs(submitAction); else rtr = submitAction.run(); ji.proxyUser = proxyUser; ji.modify(); runningJobs.inc(); return rtr.intValue(); } catch (Exception e) { LOG.error("job did not submit!", e); return -1; } }
From source file:uk.ac.gla.terrier.probos.controller.ControllerServer.java
License:Open Source License
/** Kills the specified job. * @param jobId id of the job to be killed * @return 0 for success, -1 for no such job, -2 for job could not be killed * @throws Exception/* w w w .jav a 2 s . c o m*/ */ @Override public int killJob(final int jobId, boolean purge) throws Exception { UserGroupInformation caller = Server.getRemoteUser(); LOG.info(caller + " asked to kill job " + jobId); if (!jobArray.containsKey(jobId)) return -1; final JobInformation ji = jobArray.get(jobId); checkOwnerOrRoot(ji); UserGroupInformation proxyUser = ji.proxyUser; Integer status; PrivilegedExceptionAction<Integer> doKill = new PrivilegedExceptionAction<Integer>() { public Integer run() throws Exception { final long kill_deadline = System.currentTimeMillis() + pConf.getLong(PConfiguration.KEY_CONTROLLER_KILL_TIMEOUT, 5000); YarnClientService kittenClient = ji.kitten; YarnClient yarnClient = YarnClient.createYarnClient(); yarnClient.init(yConf); yarnClient.start(); yarnClient.killApplication(kittenClient.getApplicationId()); while (!kittenClient.isApplicationFinished()) { Thread.sleep(100); if (System.currentTimeMillis() > kill_deadline) return -2; } return 0; } }; //perform the actual kill, as the user if (UserGroupInformation.isSecurityEnabled()) status = proxyUser.doAs(doKill); else status = doKill.run(); runningJobs.dec(); killedJobs.inc(); //purge, aka qdel -p. //conditional on superuser if (purge) { jobArray.remove(jobId); status = 0; } return status; }
From source file:yrun.YarnRunner.java
License:Apache License
public static void main(final String[] args) throws IOException, InterruptedException { CommandLine cmd = parse(args, new PrintWriter(System.out)); final String yarnName = cmd.getOptionValue("n"); LOG.info("Yarn name [" + yarnName + "]"); String resourceManagerAddress = cmd.getOptionValue("rma"); LOG.info("Resource Manager Address [" + resourceManagerAddress + "]"); String installPathStr = cmd.getOptionValue("p"); LOG.info("Install Path [" + installPathStr + "]"); final String command = StringUtils.join(" ", cmd.getOptionValues("c")); LOG.info("Command [" + command + "]"); final String queue; if (cmd.hasOption("q")) { queue = cmd.getOptionValue("q"); } else {//from w w w . j a v a 2s . c o m queue = "default"; } LOG.info("Queue [" + queue + "]"); final YarnConfiguration configuration = new YarnConfiguration(); configuration.set(YARN_RESOURCEMANAGER_ADDRESS, resourceManagerAddress); LOG.info("Using resource manager [" + resourceManagerAddress + "]"); final Path installPath = new Path(installPathStr); final List<Path> archivePathList = new ArrayList<Path>(); if (cmd.hasOption("a")) { String[] archivePaths = cmd.getOptionValues("a"); for (String archivePath : archivePaths) { archivePathList.add(new Path(archivePath)); } } final boolean isDaemon = !cmd.hasOption("k"); UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); ugi.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { YarnRunner yarnRunner = new YarnRunner(configuration, installPath, archivePathList, command, yarnName, queue, isDaemon); yarnRunner.execute(); return null; } }); }