commit 547ec6f3b2d768dcf82cf64b8f348f11417267e4 Author: Eric Yang Date: Fri Feb 2 21:48:07 2018 -0500 YARN-7889. Added kerberos token to authenticate with YARN service end point. (Contributed by Eric Yang) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services-api/src/main/java/org/apache/hadoop/yarn/service/client/ApiServiceClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services-api/src/main/java/org/apache/hadoop/yarn/service/client/ApiServiceClient.java index 6beb74c..4af9d61 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services-api/src/main/java/org/apache/hadoop/yarn/service/client/ApiServiceClient.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services-api/src/main/java/org/apache/hadoop/yarn/service/client/ApiServiceClient.java @@ -87,21 +87,38 @@ private String getRMWebAddress() { rmAddress = conf .get("yarn.resourcemanager.webapp.https.address"); } - + boolean useKerberos = UserGroupInformation.isSecurityEnabled(); List rmServers = RMHAUtils .getRMHAWebappAddresses(new YarnConfiguration(conf)); for (String host : rmServers) { - StringBuilder sb = new StringBuilder(); - sb.append(scheme); - sb.append(host); - sb.append(path); - Client client = Client.create(); - WebResource webResource = client - .resource(sb.toString()); - String test = webResource.get(String.class); - if (test.contains("hadoop_version")) { - rmAddress = host; - break; + try { + Client client = Client.create(); + StringBuilder sb = new StringBuilder(); + sb.append(scheme); + sb.append(host); + sb.append(path); + if (!useKerberos) { + try { + String username = UserGroupInformation.getCurrentUser().getShortUserName(); + sb.append("?user.name="); + sb.append(username); + } catch (IOException e) { + LOG.debug("Fail to resolve username: {}", e); + } + } + WebResource webResource = client + .resource(sb.toString()); + if (useKerberos) { + AuthenticatedURL.Token token = new AuthenticatedURL.Token(); + webResource.header("WWW-Authenticate", token); + } + ClientResponse test = webResource.get(ClientResponse.class); + if (test.getStatus() == 200) { + rmAddress = host; + break; + } + } catch (Exception e) { + LOG.debug("Fail to connect to: "+host, e); } } return scheme+rmAddress;