From f9ae169fd052fdf62572903b9ecb20bcf057f829 Mon Sep 17 00:00:00 2001 From: Madhuch-ms Date: Wed, 8 Jul 2015 09:22:49 +0530 Subject: [PATCH] When node manager runs as virtual account, the resourcelocalization service fails to come. It checks for the permission of usercache and file cache to be 755 and nmPrivate to be 700. But in windows, for virtual account, the owner and group is same. So this pemrission check fails. So added a check that is user is equal to group, then umask validation dont hold --- .../localizer/ResourceLocalizationService.java | 37 +++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java index f4b6221..54be14b 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java @@ -71,6 +71,7 @@ import org.apache.hadoop.service.AbstractService; import org.apache.hadoop.service.CompositeService; import org.apache.hadoop.util.DiskChecker; +import org.apache.hadoop.util.Shell; import org.apache.hadoop.util.StringUtils; import org.apache.hadoop.yarn.api.records.ApplicationId; import org.apache.hadoop.yarn.api.records.ContainerId; @@ -1391,7 +1392,14 @@ private boolean checkLocalDir(String localDir) { throw new YarnRuntimeException(msg, e); } - if (!status.getPermission().equals(entry.getValue())) { + // Relax the permission check on Windows as there are scenarios where + // user is equal to group (same identity e.g. in case of virtual accounts). + // In this case user permission will always be equal to group + // permission hence the umask match won't hold. + if (!status.getPermission().equals(entry.getValue()) && + !(Shell.WINDOWS && isGroupEqualToOwnerOnWindows(status) + && status.getPermission().getUserAction().equals(entry.getValue().getUserAction()) + && status.getPermission().getOtherAction().equals(entry.getValue().getOtherAction()))) { String msg = "Permissions incorrectly set for dir " + entry.getKey() + ", should be " + entry.getValue() + ", actual value = " @@ -1402,6 +1410,33 @@ private boolean checkLocalDir(String localDir) { } return true; } + + private static boolean isGroupEqualToOwnerOnWindows(FileStatus status) + { + String owner= status.getOwner(); + String group = status.getGroup(); + + if(owner.equals(group)) + { + return true; + } + + String domainSeperator = "\\"; + + if(group.contains(domainSeperator) && !owner.contains(domainSeperator)) + { + // In Windows virtual account, the group is NT SERVICE\\username owner is userName + // So compare only the username of owner and group + int index = group.indexOf(domainSeperator); + String groupUserName = group.substring(index+1, group.length()); + if(groupUserName.equals(owner)) + { + return true; + } + } + + return false; + } private Map getLocalDirsPathPermissionsMap(String localDir) { Map localDirPathFsPermissionsMap = new HashMap(); -- 1.9.5.github.0