diff --git hadoop-yarn-project/hadoop-yarn/bin/yarn hadoop-yarn-project/hadoop-yarn/bin/yarn index 97c2afe..1dfafad 100644 --- hadoop-yarn-project/hadoop-yarn/bin/yarn +++ hadoop-yarn-project/hadoop-yarn/bin/yarn @@ -177,6 +177,9 @@ if [ "$COMMAND" = "classpath" ] ; then elif [ "$COMMAND" = "rmadmin" ] ; then CLASS='org.apache.hadoop.yarn.client.cli.RMAdminCLI' YARN_OPTS="$YARN_OPTS $YARN_CLIENT_OPTS" +elif [ "$COMMAND" = "rmhaadmin" ] ; then + CLASS='org.apache.hadoop.yarn.client.cli.RMHAAdminCLI' + YARN_OPTS="$YARN_OPTS $YARN_CLIENT_OPTS" elif [ "$COMMAND" = "application" ] ; then CLASS=org.apache.hadoop.yarn.client.cli.ApplicationCLI YARN_OPTS="$YARN_OPTS $YARN_CLIENT_OPTS" diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/HAUtil.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/HAUtil.java index 18f9896..9ee391a 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/HAUtil.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/HAUtil.java @@ -40,7 +40,8 @@ YarnConfiguration.RM_SCHEDULER_ADDRESS, YarnConfiguration.RM_ADMIN_ADDRESS, YarnConfiguration.RM_RESOURCE_TRACKER_ADDRESS, - YarnConfiguration.RM_WEBAPP_ADDRESS)); + YarnConfiguration.RM_WEBAPP_ADDRESS, + YarnConfiguration.RM_HA_ADMIN_ADDRESS)); private HAUtil() { /* Hidden constructor */ } diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java index 31f3442..c865b32 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java @@ -277,10 +277,19 @@ public static final String RM_HA_PREFIX = RM_PREFIX + "ha."; public static final String RM_HA_ENABLED = RM_HA_PREFIX + "enabled"; public static final boolean DEFAULT_RM_HA_ENABLED = false; - + public static final String RM_HA_IDS = RM_HA_PREFIX + "rm-ids"; public static final String RM_HA_ID = RM_HA_PREFIX + "id"; + public static final String RM_HA_ADMIN_ADDRESS = + RM_HA_PREFIX + "admin.address"; + public static final int DEFAULT_RM_HA_ADMIN_PORT = 8034; + public static String DEFAULT_RM_HA_ADMIN_ADDRESS = + "0.0.0.0:" + DEFAULT_RM_HA_ADMIN_PORT; + public static final String RM_HA_ADMIN_CLIENT_THREAD_COUNT = + RM_HA_PREFIX + "admin.client.thread-count"; + public static final int DEFAULT_RM_HA_ADMIN_CLIENT_THREAD_COUNT = 1; + //////////////////////////////// // RM state store configs //////////////////////////////// @@ -862,7 +871,7 @@ public static final String NM_CLIENT_MAX_NM_PROXIES = YARN_PREFIX + "client.max-nodemanagers-proxies"; public static final int DEFAULT_NM_CLIENT_MAX_NM_PROXIES = 500; - + public YarnConfiguration() { super(); } diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/cli/RMHAAdminCLI.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/cli/RMHAAdminCLI.java new file mode 100644 index 0000000..77842d9 --- /dev/null +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/cli/RMHAAdminCLI.java @@ -0,0 +1,72 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.client.cli; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.ha.HAAdmin; +import org.apache.hadoop.ha.HAServiceTarget; +import org.apache.hadoop.util.ToolRunner; +import org.apache.hadoop.yarn.client.RMHAServiceTarget; +import org.apache.hadoop.yarn.conf.HAUtil; +import org.apache.hadoop.yarn.conf.YarnConfiguration; +import org.apache.hadoop.yarn.exceptions.YarnRuntimeException; + +import java.io.IOException; +import java.util.Collection; + +public class RMHAAdminCLI extends HAAdmin { + RMHAAdminCLI() { + super(); + } + + @Override + public void setConf(Configuration conf) { + if (conf != null) { + conf = new YarnConfiguration(conf); + } + super.setConf(conf); + } + + @Override + protected HAServiceTarget resolveTarget(String nodeId) { + Collection rmIds = HAUtil.getRMHAIds(getConf()); + if (!rmIds.contains(nodeId)) { + StringBuilder msg = new StringBuilder(); + msg.append(nodeId + " is not a valid serviceId. It should be one of "); + for (String id : rmIds) { + msg.append(id + " "); + } + throw new IllegalArgumentException(msg.toString()); + } + try { + return new RMHAServiceTarget((YarnConfiguration)getConf(), nodeId); + } catch (IllegalArgumentException iae) { + throw new YarnRuntimeException("Could not connect to " + nodeId + + "; the configuration for it might be missing"); + } catch (IOException ioe) { + throw new YarnRuntimeException( + "Could not connect to RM HA Admin for node " + nodeId); + } + } + + public static void main(String[] argv) throws Exception { + int res = ToolRunner.run(new RMHAAdminCLI(), argv); + System.exit(res); + } +} diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/RMHAServiceTarget.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/RMHAServiceTarget.java new file mode 100644 index 0000000..277aaab --- /dev/null +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/RMHAServiceTarget.java @@ -0,0 +1,63 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.client; + +import org.apache.hadoop.ha.BadFencingConfigurationException; +import org.apache.hadoop.ha.HAServiceTarget; +import org.apache.hadoop.ha.NodeFencer; +import org.apache.hadoop.yarn.conf.YarnConfiguration; + +import java.io.IOException; +import java.net.InetSocketAddress; + +public class RMHAServiceTarget extends HAServiceTarget { + private InetSocketAddress haAdminServiceAddress; + + public RMHAServiceTarget(YarnConfiguration conf, String nodeId) + throws IOException { + conf.set(YarnConfiguration.RM_HA_ID, nodeId); + haAdminServiceAddress = conf.getSocketAddr( + YarnConfiguration.RM_HA_ADMIN_ADDRESS, + YarnConfiguration.DEFAULT_RM_HA_ADMIN_ADDRESS, + YarnConfiguration.DEFAULT_RM_HA_ADMIN_PORT); + } + + @Override + public InetSocketAddress getAddress() { + return haAdminServiceAddress; + } + + @Override + public InetSocketAddress getZKFCAddress() { + // TODO (YARN-1177): Hook up ZKFC information + return null; + } + + @Override + public NodeFencer getFencer() { + // TODO (YARN-1026): Hook up fencing implementation + return null; + } + + @Override + public void checkFencingConfigured() + throws BadFencingConfigurationException { + // TODO (YARN-1026): Based on fencing implementation + } +} diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml index 0127fcc..9d8a91d 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml @@ -349,6 +349,18 @@ + The address of the RM HA admin interface. + yarn.resourcemanager.ha.admin.address + ${yarn.resourcemanager.hostname}:8034 + + + + Number of threads to handle RM HA admin interface. + yarn.resourcemanager.ha.admin.client.thread-count + 1 + + + The maximum number of completed applications RM keeps. yarn.resourcemanager.max-completed-applications 10000 diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMHAProtocolService.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMHAProtocolService.java index 8fb92fa..e2e72ef 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMHAProtocolService.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMHAProtocolService.java @@ -20,19 +20,34 @@ import com.google.common.annotations.VisibleForTesting; +import com.google.protobuf.BlockingService; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.ha.HAServiceProtocol; import org.apache.hadoop.ha.HAServiceStatus; import org.apache.hadoop.ha.HealthCheckFailedException; +import org.apache.hadoop.ha.proto.HAServiceProtocolProtos; +import org.apache.hadoop.ha.protocolPB.HAServiceProtocolPB; +import org.apache.hadoop.ha.protocolPB.HAServiceProtocolServerSideTranslatorPB; +import org.apache.hadoop.ipc.ProtobufRpcEngine; +import org.apache.hadoop.ipc.RPC; +import org.apache.hadoop.ipc.Server; +import org.apache.hadoop.ipc.WritableRpcEngine; +import org.apache.hadoop.security.AccessControlException; +import org.apache.hadoop.security.authorize.AccessControlList; import org.apache.hadoop.service.AbstractService; -import org.apache.hadoop.yarn.exceptions.YarnRuntimeException; import org.apache.hadoop.yarn.conf.HAUtil; +import org.apache.hadoop.yarn.conf.YarnConfiguration; +import org.apache.hadoop.yarn.exceptions.YarnException; +import org.apache.hadoop.yarn.exceptions.YarnRuntimeException; +import org.apache.hadoop.yarn.server.resourcemanager.security.authorize.RMPolicyProvider; import java.io.IOException; +import java.net.InetSocketAddress; @InterfaceAudience.Private @InterfaceStability.Unstable @@ -44,6 +59,8 @@ private ResourceManager rm; @VisibleForTesting protected HAServiceState haState = HAServiceState.INITIALIZING; + private AccessControlList adminAcl; + private Server haAdminServer; private boolean haEnabled; public RMHAProtocolService(ResourceManager resourceManager) { @@ -55,8 +72,13 @@ public RMHAProtocolService(ResourceManager resourceManager) { protected synchronized void serviceInit(Configuration conf) throws Exception { this.conf = conf; + haEnabled = HAUtil.isHAEnabled(this.conf); if (haEnabled) { + adminAcl = new AccessControlList(conf.get( + YarnConfiguration.YARN_ADMIN_ACL, + YarnConfiguration.DEFAULT_YARN_ADMIN_ACL)); + HAUtil.setAllRpcAddresses(this.conf); rm.setConf(this.conf); } @@ -68,6 +90,7 @@ protected synchronized void serviceInit(Configuration conf) throws protected synchronized void serviceStart() throws Exception { if (haEnabled) { transitionToStandby(true); + startHAAdminServer(); } else { transitionToActive(); } @@ -77,13 +100,70 @@ protected synchronized void serviceStart() throws Exception { @Override protected synchronized void serviceStop() throws Exception { + if (haEnabled) { + stopHAAdminServer(); + } transitionToStandby(false); haState = HAServiceState.STOPPING; super.serviceStop(); } + + protected void startHAAdminServer() throws Exception { + InetSocketAddress haAdminServiceAddress = conf.getSocketAddr( + YarnConfiguration.RM_HA_ADMIN_ADDRESS, + YarnConfiguration.DEFAULT_RM_HA_ADMIN_ADDRESS, + YarnConfiguration.DEFAULT_RM_HA_ADMIN_PORT); + + RPC.setProtocolEngine(conf, HAServiceProtocolPB.class, + ProtobufRpcEngine.class); + + HAServiceProtocolServerSideTranslatorPB haServiceProtocolXlator = + new HAServiceProtocolServerSideTranslatorPB(this); + BlockingService haPbService = + HAServiceProtocolProtos.HAServiceProtocolService + .newReflectiveBlockingService(haServiceProtocolXlator); + + WritableRpcEngine.ensureInitialized(); + + String bindHost = haAdminServiceAddress.getHostName(); + + int serviceHandlerCount = conf.getInt( + YarnConfiguration.RM_HA_ADMIN_CLIENT_THREAD_COUNT, + YarnConfiguration.DEFAULT_RM_HA_ADMIN_CLIENT_THREAD_COUNT); + + haAdminServer = new RPC.Builder(conf) + .setProtocol(HAServiceProtocolPB.class) + .setInstance(haPbService) + .setBindAddress(bindHost) + .setPort(haAdminServiceAddress.getPort()) + .setNumHandlers(serviceHandlerCount) + .setVerbose(false) + .build(); + + // Enable service authorization? + if (conf.getBoolean( + CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, false)) { + haAdminServer.refreshServiceAcl(conf, new RMPolicyProvider()); + } + + haAdminServer.start(); + conf.updateConnectAddr(YarnConfiguration.RM_HA_ADMIN_ADDRESS, + haAdminServer.getListenerAddress()); + } + + private void stopHAAdminServer() throws Exception { + if (haAdminServer != null) { + haAdminServer.stop(); + haAdminServer.join(); + haAdminServer = null; + } + } + @Override - public synchronized void monitorHealth() throws HealthCheckFailedException { + public synchronized void monitorHealth() + throws HealthCheckFailedException, AccessControlException { + checkAccess("monitorHealth"); if (haState == HAServiceState.ACTIVE && !rm.areActiveServicesRunning()) { throw new HealthCheckFailedException( "Active ResourceManager services are not running!"); @@ -103,7 +183,9 @@ private synchronized void transitionToActive() throws Exception { } @Override - public synchronized void transitionToActive(StateChangeRequestInfo reqInfo) { + public synchronized void transitionToActive(StateChangeRequestInfo reqInfo) + throws AccessControlException { + checkAccess("transitionToActive"); // TODO (YARN-1177): When automatic failover is enabled, // check if transition should be allowed for this request try { @@ -133,7 +215,9 @@ private synchronized void transitionToStandby(boolean initialize) } @Override - public synchronized void transitionToStandby(StateChangeRequestInfo reqInfo) { + public synchronized void transitionToStandby(StateChangeRequestInfo reqInfo) + throws AccessControlException { + checkAccess("transitionToStandby"); // TODO (YARN-1177): When automatic failover is enabled, // check if transition should be allowed for this request try { @@ -146,6 +230,7 @@ public synchronized void transitionToStandby(StateChangeRequestInfo reqInfo) { @Override public synchronized HAServiceStatus getServiceStatus() throws IOException { + checkAccess("getServiceState"); HAServiceStatus ret = new HAServiceStatus(haState); if (haState == HAServiceState.ACTIVE || haState == HAServiceState.STANDBY) { ret.setReadyToBecomeActive(); @@ -154,4 +239,12 @@ public synchronized HAServiceStatus getServiceStatus() throws IOException { } return ret; } + + private void checkAccess(String method) throws AccessControlException { + try { + RMServerUtils.verifyAccess(adminAcl, method, LOG); + } catch (YarnException e) { + throw new AccessControlException(e); + } + } } diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMServerUtils.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMServerUtils.java index 370040a..4546558 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMServerUtils.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMServerUtils.java @@ -18,10 +18,15 @@ package org.apache.hadoop.yarn.server.resourcemanager; +import java.io.IOException; import java.util.ArrayList; import java.util.EnumSet; import java.util.List; +import org.apache.commons.logging.Log; +import org.apache.hadoop.security.AccessControlException; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.authorize.AccessControlList; import org.apache.hadoop.yarn.api.records.ApplicationAttemptId; import org.apache.hadoop.yarn.api.records.ContainerId; import org.apache.hadoop.yarn.api.records.NodeState; @@ -32,7 +37,9 @@ import org.apache.hadoop.yarn.exceptions.InvalidContainerReleaseException; import org.apache.hadoop.yarn.exceptions.InvalidResourceBlacklistRequestException; import org.apache.hadoop.yarn.exceptions.InvalidResourceRequestException; +import org.apache.hadoop.yarn.exceptions.YarnException; import org.apache.hadoop.yarn.exceptions.YarnRuntimeException; +import org.apache.hadoop.yarn.ipc.RPCUtil; import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMAppState; import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNode; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.SchedulerUtils; @@ -115,4 +122,46 @@ public static void validateBlacklistRequest(ResourceBlacklistRequest blacklistRe } } } + + /** + * Utility method to verify if the current user has access based on the + * passed {@link AccessControlList} + * @param acl the {@link AccessControlList} to check against + * @param method the method name to be logged + * @param LOG the logger to use + * @return {@link UserGroupInformation} of the current user + * @throws YarnException + */ + public static UserGroupInformation verifyAccess( + AccessControlList acl, String method, final Log LOG) + throws YarnException { + UserGroupInformation user; + try { + user = UserGroupInformation.getCurrentUser(); + } catch (IOException ioe) { + LOG.warn("Couldn't get current user", ioe); + RMAuditLogger.logFailure("UNKNOWN", method, acl.toString(), + "AdminService", "Couldn't get current user"); + throw RPCUtil.getRemoteException(ioe); + } + + if (!acl.isUserAllowed(user)) { + LOG.warn("User " + user.getShortUserName() + " doesn't have permission" + + " to call '" + method + "'"); + + RMAuditLogger.logFailure(user.getShortUserName(), method, + acl.toString(), "AdminService", + RMAuditLogger.AuditConstants.UNAUTHORIZED_USER); + + throw RPCUtil.getRemoteException( + new AccessControlException("User " + user.getShortUserName() + + " doesn't have permission" + + " to call '" + method + "'") + ); + } + if (LOG.isTraceEnabled()) { + LOG.trace(method + " invoked by user " + user.getShortUserName()); + } + return user; + } } diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java index 3a05921..86f4b48 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java @@ -181,7 +181,7 @@ protected void serviceInit(Configuration conf) throws Exception { validateConfigs(conf); this.conf = conf; - haService = new RMHAProtocolService(this); + haService = createRMHAProtocolService(); addService(haService); super.serviceInit(conf); } @@ -197,6 +197,10 @@ protected void setRMStateStore(RMStateStore rmStore) { ((RMContextImpl) rmContext).setStateStore(rmStore); } + protected RMHAProtocolService createRMHAProtocolService() { + return new RMHAProtocolService(this); + } + protected RMContainerTokenSecretManager createContainerTokenSecretManager( Configuration conf) { return new RMContainerTokenSecretManager(conf); diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/authorize/RMPolicyProvider.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/authorize/RMPolicyProvider.java index c5df91f..c50ea82 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/authorize/RMPolicyProvider.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/authorize/RMPolicyProvider.java @@ -19,6 +19,8 @@ import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; +import org.apache.hadoop.fs.CommonConfigurationKeys; +import org.apache.hadoop.ha.HAServiceProtocol; import org.apache.hadoop.security.authorize.PolicyProvider; import org.apache.hadoop.security.authorize.Service; import org.apache.hadoop.yarn.api.ApplicationMasterProtocolPB; @@ -52,6 +54,9 @@ new Service( YarnConfiguration.YARN_SECURITY_SERVICE_AUTHORIZATION_CONTAINER_MANAGEMENT_PROTOCOL, ContainerManagementProtocolPB.class), + new Service( + CommonConfigurationKeys.SECURITY_HA_SERVICE_PROTOCOL_ACL, + HAServiceProtocol.class), }; @Override diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockRM.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockRM.java index d9ff1b0..aba334a 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockRM.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockRM.java @@ -297,6 +297,16 @@ public void sendAMLaunchFailed(ApplicationAttemptId appAttemptId) } @Override + protected RMHAProtocolService createRMHAProtocolService() { + return new RMHAProtocolService(this) { + @Override + protected void startHAAdminServer() { + // do nothing + } + }; + } + + @Override protected ClientRMService createClientRMService() { return new ClientRMService(getRMContext(), getResourceScheduler(), rmAppManager, applicationACLsManager, queueACLsManager, diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMHA.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMHA.java index 869526e..b32feb3 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMHA.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMHA.java @@ -25,6 +25,7 @@ import org.apache.hadoop.ha.HAServiceProtocol.HAServiceState; import org.apache.hadoop.ha.HAServiceProtocol.StateChangeRequestInfo; import org.apache.hadoop.ha.HealthCheckFailedException; +import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.conf.HAUtil; import org.junit.Before; @@ -60,7 +61,7 @@ public void setUp() throws Exception { rm.init(conf); } - private void checkMonitorHealth() { + private void checkMonitorHealth() throws AccessControlException { try { rm.haService.monitorHealth(); } catch (HealthCheckFailedException e) {