List of usage examples for org.apache.hadoop.security UserGroupInformation getCurrentUser
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getCurrentUser() throws IOException
From source file:org.pentaho.hadoop.shim.common.ConfigurationProxyV2.java
License:Apache License
/** * Submit job for the current configuration provided by this implementation. * * @return RunningJob implementation// www .j av a 2 s .co m */ @Override public RunningJob submit() throws IOException, ClassNotFoundException, InterruptedException { if (YarnQueueAclsVerifier .verify((createClusterDescription(getJob().getConfiguration())).getQueueAclsForCurrentUser())) { getJob().submit(); return new RunningJobProxyV2(getJob()); } else { throw new YarnQueueAclsException( BaseMessages.getString(ConfigurationProxy.class, "ConfigurationProxy.UserHasNoPermissions", UserGroupInformation.getCurrentUser().getUserName())); } }
From source file:org.slc.sli.aggregation.mapreduce.io.MongoAggFormatterTest.java
License:Apache License
/** * Test method for//w w w . ja va2s . c om * {@link org.slc.sli.aggregation.mapreduce.io.MongoAggFormatter#getRecordWriter(org.apache.hadoop.mapreduce.TaskAttemptContext)} * . * * @throws Exception */ @Test public void testGetRecordWriter() throws Exception { DBCollection mockCollection = Mockito.mock(DBCollection.class); UserGroupInformation ugi = Mockito.mock(UserGroupInformation.class); PowerMockito.mockStatic(UserGroupInformation.class); Mockito.when(UserGroupInformation.getCurrentUser()).thenReturn(ugi); TaskAttemptContext c = new MockTaskAttemptContext(); Configuration config = c.getConfiguration(); PowerMockito.mockStatic(MongoConfigUtil.class); Mockito.when(MongoConfigUtil.getOutputCollection(config)).thenReturn(mockCollection); MongoAggFormatter f = new MongoAggFormatter(); assertTrue(f.getRecordWriter(new MockTaskAttemptContext()) instanceof MongoAggWriter); }
From source file:org.slc.sli.aggregation.mapreduce.io.MongoAggWriterTest.java
License:Apache License
public void expect(T expected) throws IOException { this.expected = expected; mockCollection = Mockito.mock(DBCollection.class); ugi = Mockito.mock(UserGroupInformation.class); PowerMockito.mockStatic(UserGroupInformation.class); Mockito.when(UserGroupInformation.getCurrentUser()).thenReturn(ugi); ctx = new MockTaskAttemptContext(); config = ctx.getConfiguration();/*from w w w .ja v a2 s . co m*/ PowerMockito.mockStatic(MongoConfigUtil.class); Mockito.when(MongoConfigUtil.getOutputCollection(config)).thenReturn(mockCollection); key = new TenantAndIdEmittableKey("testTenant", "testId"); key.setTenantId(new Text("Midgar")); key.setId(new Text("abcdefg01234567890")); writer = new MongoAggWriter(mockCollection, ctx); }
From source file:org.springframework.data.hadoop.fs.HdfsResourceLoaderLegacyTest.java
License:Apache License
@Before public void before() throws Exception { FileSystemFactoryBean fsf = new FileSystemFactoryBean(); fsf.setConfiguration(cfg);//from w ww . j a v a2s . co m fsf.afterPropertiesSet(); fs = fsf.getObject(); System.out.println("Current user is " + UserGroupInformation.getCurrentUser()); System.out.println("Home dir is " + fs.getHomeDirectory().toString()); loader = new HdfsResourceLoader(cfg, null); }
From source file:org.springframework.yarn.am.AppmasterRmTemplate.java
License:Apache License
private static void setupTokens(InetSocketAddress resourceManagerAddress) throws IOException { // It is assumed for now that the only AMRMToken in AM's UGI is for this // cluster/RM. TODO: Fix later when we have some kind of cluster-ID as // default service-address, see YARN-986. for (Token<? extends TokenIdentifier> token : UserGroupInformation.getCurrentUser().getTokens()) { if (token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) { // This token needs to be directly provided to the AMs, so set // the appropriate service-name. We'll need more infrastructure when // we need to set it in HA case. SecurityUtil.setTokenService(token, resourceManagerAddress); }/*from w w w . j a va 2s.c om*/ } }
From source file:org.springframework.yarn.rpc.YarnRpcAccessor.java
License:Apache License
/** * Gets the {@link UserGroupInformation user} used to * create the proxy. Default implementation delegates into * {@link UserGroupInformation#getCurrentUser()}. * * @return the user//from w w w. j ava2 s . c o m * @throws IOException if login fails * @see #createProxy() */ protected UserGroupInformation getUser() throws IOException { return UserGroupInformation.getCurrentUser(); }
From source file:org.starschema.hadoop.yarn.applications.distributedshell.ApplicationMaster.java
License:Apache License
/** * Main run function for the application master * * @throws YarnException// www .j a va2s .c o m * @throws IOException */ @SuppressWarnings({ "unchecked" }) public void run() throws YarnException, IOException, InterruptedException { LOG.info("Starting ApplicationMaster"); // Note: Credentials, Token, UserGroupInformation, DataOutputBuffer class // are marked as LimitedPrivate Credentials credentials = UserGroupInformation.getCurrentUser().getCredentials(); DataOutputBuffer dob = new DataOutputBuffer(); credentials.writeTokenStorageToStream(dob); // Now remove the AM->RM token so that containers cannot access it. Iterator<Token<?>> iter = credentials.getAllTokens().iterator(); LOG.info("Executing with tokens:"); while (iter.hasNext()) { Token<?> token = iter.next(); LOG.info(token); if (token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) { iter.remove(); } } allTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength()); // Create appSubmitterUgi and add original tokens to it String appSubmitterUserName = System.getenv(ApplicationConstants.Environment.USER.name()); appSubmitterUgi = UserGroupInformation.createRemoteUser(appSubmitterUserName); appSubmitterUgi.addCredentials(credentials); AMRMClientAsync.CallbackHandler allocListener = new RMCallbackHandler(); amRMClient = AMRMClientAsync.createAMRMClientAsync(1000, allocListener); amRMClient.init(conf); amRMClient.start(); containerListener = createNMCallbackHandler(); nmClientAsync = new NMClientAsyncImpl(containerListener); nmClientAsync.init(conf); nmClientAsync.start(); startTimelineClient(conf); if (timelineClient != null) { publishApplicationAttemptEvent(timelineClient, appAttemptID.toString(), DSEvent.DS_APP_ATTEMPT_START, domainId, appSubmitterUgi); } // Setup local RPC Server to accept status requests directly from clients // TODO need to setup a protocol for client to be able to communicate to // the RPC server // TODO use the rpc port info to register with the RM for the client to // send requests to this app master // Register self with ResourceManager // This will start heartbeating to the RM appMasterHostname = NetUtils.getHostname(); RegisterApplicationMasterResponse response = amRMClient.registerApplicationMaster(appMasterHostname, appMasterRpcPort, appMasterTrackingUrl); // Dump out information about cluster capability as seen by the // resource manager int maxMem = response.getMaximumResourceCapability().getMemory(); LOG.info("Max mem capabililty of resources in this cluster " + maxMem); int maxVCores = response.getMaximumResourceCapability().getVirtualCores(); LOG.info("Max vcores capabililty of resources in this cluster " + maxVCores); // A resource ask cannot exceed the max. if (containerMemory > maxMem) { LOG.info("Container memory specified above max threshold of cluster." + " Using max value." + ", specified=" + containerMemory + ", max=" + maxMem); containerMemory = maxMem; } if (containerVirtualCores > maxVCores) { LOG.info("Container virtual cores specified above max threshold of cluster." + " Using max value." + ", specified=" + containerVirtualCores + ", max=" + maxVCores); containerVirtualCores = maxVCores; } List<Container> previousAMRunningContainers = response.getContainersFromPreviousAttempts(); LOG.info(appAttemptID + " received " + previousAMRunningContainers.size() + " previous attempts' running containers on AM registration."); for (Container container : previousAMRunningContainers) { launchedContainers.add(container.getId()); } numAllocatedContainers.addAndGet(previousAMRunningContainers.size()); int numTotalContainersToRequest = numTotalContainers - previousAMRunningContainers.size(); // Setup ask for containers from RM // Send request for containers to RM // Until we get our fully allocated quota, we keep on polling RM for // containers // Keep looping until all the containers are launched and shell script // executed on them ( regardless of success/failure). for (int i = 0; i < numTotalContainersToRequest; ++i) { ContainerRequest containerAsk = setupContainerAskForRM(); amRMClient.addContainerRequest(containerAsk); } numRequestedContainers.set(numTotalContainers); }
From source file:origin.hadoop.yarn.distributedshell.ApplicationMaster.java
License:Apache License
/** * Main run function for the application master * * @throws YarnException// w w w . ja va 2 s . c om * @throws IOException */ @SuppressWarnings({ "unchecked" }) public void run() throws YarnException, IOException { LOG.info("Starting ApplicationMaster"); try { publishApplicationAttemptEvent(timelineClient, appAttemptID.toString(), DSEvent.DS_APP_ATTEMPT_START); } catch (Exception e) { LOG.error("App Attempt start event coud not be pulished for " + appAttemptID.toString(), e); } // Note: Credentials, Token, UserGroupInformation, DataOutputBuffer class // are marked as LimitedPrivate Credentials credentials = UserGroupInformation.getCurrentUser().getCredentials(); DataOutputBuffer dob = new DataOutputBuffer(); credentials.writeTokenStorageToStream(dob); // Now remove the AM->RM token so that containers cannot access it. Iterator<Token<?>> iter = credentials.getAllTokens().iterator(); LOG.info("Executing with tokens:"); while (iter.hasNext()) { Token<?> token = iter.next(); LOG.info(token); if (token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) { iter.remove(); } } allTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength()); // Create appSubmitterUgi and add original tokens to it String appSubmitterUserName = System.getenv(Environment.USER.name()); appSubmitterUgi = UserGroupInformation.createRemoteUser(appSubmitterUserName); appSubmitterUgi.addCredentials(credentials); AMRMClientAsync.CallbackHandler allocListener = new RMCallbackHandler(); amRMClient = AMRMClientAsync.createAMRMClientAsync(1000, allocListener); amRMClient.init(conf); amRMClient.start(); containerListener = createNMCallbackHandler(); nmClientAsync = new NMClientAsyncImpl(containerListener); nmClientAsync.init(conf); nmClientAsync.start(); // Setup local RPC Server to accept status requests directly from clients // TODO need to setup a protocol for client to be able to communicate to // the RPC server // TODO use the rpc port info to register with the RM for the client to // send requests to this app master // Register self with ResourceManager // This will start heartbeating to the RM appMasterHostname = NetUtils.getHostname(); RegisterApplicationMasterResponse response = amRMClient.registerApplicationMaster(appMasterHostname, appMasterRpcPort, appMasterTrackingUrl); // Dump out information about cluster capability as seen by the // resource manager int maxMem = response.getMaximumResourceCapability().getMemory(); LOG.info("Max mem capabililty of resources in this cluster " + maxMem); int maxVCores = response.getMaximumResourceCapability().getVirtualCores(); LOG.info("Max vcores capabililty of resources in this cluster " + maxVCores); // A resource ask cannot exceed the max. if (containerMemory > maxMem) { LOG.info("Container memory specified above max threshold of cluster." + " Using max value." + ", specified=" + containerMemory + ", max=" + maxMem); containerMemory = maxMem; } if (containerVirtualCores > maxVCores) { LOG.info("Container virtual cores specified above max threshold of cluster." + " Using max value." + ", specified=" + containerVirtualCores + ", max=" + maxVCores); containerVirtualCores = maxVCores; } List<Container> previousAMRunningContainers = response.getContainersFromPreviousAttempts(); LOG.info(appAttemptID + " received " + previousAMRunningContainers.size() + " previous attempts' running containers on AM registration."); numAllocatedContainers.addAndGet(previousAMRunningContainers.size()); int numTotalContainersToRequest = numTotalContainers - previousAMRunningContainers.size(); // Setup ask for containers from RM // Send request for containers to RM // Until we get our fully allocated quota, we keep on polling RM for // containers // Keep looping until all the containers are launched and shell script // executed on them ( regardless of success/failure). for (int i = 0; i < numTotalContainersToRequest; ++i) { ContainerRequest containerAsk = setupContainerAskForRM(); amRMClient.addContainerRequest(containerAsk); } numRequestedContainers.set(numTotalContainers); try { publishApplicationAttemptEvent(timelineClient, appAttemptID.toString(), DSEvent.DS_APP_ATTEMPT_END); } catch (Exception e) { LOG.error("App Attempt start event coud not be pulished for " + appAttemptID.toString(), e); } }
From source file:probos.TestStaticMethods.java
License:Open Source License
@Test public void testPolicy() throws Exception { Configuration c = new Configuration(); ServiceAuthorizationManager sam = new ServiceAuthorizationManager(); System.setProperty("hadoop.policy.file", "probos-policy.xml"); sam.refreshWithLoadedConfiguration(c, new ControllerPolicyProvider()); AccessControlList acl = sam.getProtocolsAcls(PBSClient.class); assertNotNull(acl);/* www . ja v a 2 s . c o m*/ assertEquals("*", acl.getAclString()); assertTrue(acl .isUserAllowed(UserGroupInformation.createUserForTesting("testUser", new String[] { "mygroup" }))); sam.authorize(UserGroupInformation.getCurrentUser(), PBSClient.class, c, InetAddress.getLocalHost()); }
From source file:ruciotools.WebRucioGrep.java
License:Apache License
/** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) *//*from ww w. j ava2 s .co m*/ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { final PrintWriter out = response.getWriter(); Enumeration<String> parameterNames = request.getParameterNames(); List<String> params = new ArrayList<String>(); while (parameterNames.hasMoreElements()) { String paramName = parameterNames.nextElement(); for (String v : request.getParameterValues(paramName)) { params.add("-" + paramName); params.add(v); } } final String[] args = new String[params.size()]; params.toArray(args); FileSystem fs = DistributedFileSystem.get(new Configuration()); FSDataOutputStream of1 = fs.create(new Path("/user/rucio01/log/test-MR-before.ralph")); of1.write(new String("ralph").getBytes()); of1.close(); System.out.println("--------------status---:" + UserGroupInformation.isLoginKeytabBased()); System.out.println("--------------current user---:" + UserGroupInformation.getCurrentUser()); UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); boolean isKeyTab = false; //ugi.isFromKeytab(); if (isKeyTab) { ugi.checkTGTAndReloginFromKeytab(); } else { UserGroupInformation.loginUserFromKeytab("rucio01", "/etc/hadoop/conf/rucio01.keytab"); isKeyTab = UserGroupInformation.isLoginKeytabBased(); if (isKeyTab) { ugi = UserGroupInformation.getCurrentUser(); } } System.out.println("---------AFTER LOGIN-----:"); System.out.println("--------------status---:" + UserGroupInformation.isLoginKeytabBased()); System.out.println("--------------current user---:" + UserGroupInformation.getCurrentUser()); //FileSystem fs = DistributedFileSystem.get(new Configuration()); FSDataOutputStream of = fs.create(new Path("/user/rucio01/log/test-MR-outer.ralph")); of.write(new String("ralph").getBytes()); of.close(); try { ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { FileSystem fs = DistributedFileSystem.get(new Configuration()); FSDataOutputStream of = fs.create(new Path("/user/rucio01/log/test-MR-inner.ralph")); of.write(new String("ralph").getBytes()); of.close(); // Verify input parameters Map<String, Object> settings = Grep.parseCommandLineArguments(args); if ((Boolean) settings.get("printUsage")) { out.println((String) settings.get("errorMessage")); out.println(Grep.printUsage()); return null; } // Derive tmp dir for job output settings.put("tempDir", new Path("rucio-grep-" + Integer.toString(new Random().nextInt(Integer.MAX_VALUE)))); // Execute MR job try { if (!Grep.runJob(settings)) { out.println("Something went wrong :-(\n"); out.println( "Hints: (1) do not redirect stderr to /dev/null (2) consider setting -excludeTmpFiles in case of IOExceptions\n"); } } catch (Exception e) { out.println(e); return null; } try { out.println(Grep.getResults(settings)); } catch (Exception e) { out.println("No job output found in " + settings.get("tempDir").toString()); out.println(e); } return null; } }); } catch (Exception e) { System.out.println(e); } }