项目:hadoop-2.6.0-cdh5.4.3
文件:JobTracker.java
/**
* Rereads the config to get hosts and exclude list file names.
* Rereads the files to update the hosts and exclude lists.
*/
public synchronized void refreshNodes() throws IOException {
String user = UserGroupinformation.getCurrentUser().getShortUserName();
// check access
if (!aclsManager.isMRAdmin(UserGroupinformation.getCurrentUser())) {
AuditLogger.logFailure(user,Constants.REFRESH_NODES,aclsManager.getAdminsAcl().toString(),Constants.JOBTRACKER,Constants.UNAUTHORIZED_USER);
throw new AccessControlException(user +
" is not authorized to refresh nodes.");
}
AuditLogger.logSuccess(user,Constants.JOBTRACKER);
// call the actual api
refreshHosts();
}
项目:hadoop-on-lustre
文件:JobTracker.java
/**
* Rereads the config to get hosts and exclude list file names.
* Rereads the files to update the hosts and exclude lists.
*/
public synchronized void refreshNodes() throws IOException {
String user = UserGroupinformation.getCurrentUser().getShortUserName();
// check access
if (!aclsManager.isMRAdmin(UserGroupinformation.getCurrentUser())) {
AuditLogger.logFailure(user,Constants.JOBTRACKER);
// call the actual api
refreshHosts();
}
项目:hanoi-hadoop-2.0.0-cdh
文件:JobTracker.java
/**
* Rereads the config to get hosts and exclude list file names.
* Rereads the files to update the hosts and exclude lists.
*/
public synchronized void refreshNodes() throws IOException {
String user = UserGroupinformation.getCurrentUser().getShortUserName();
// check access
if (!aclsManager.isMRAdmin(UserGroupinformation.getCurrentUser())) {
AuditLogger.logFailure(user,Constants.JOBTRACKER);
// call the actual api
refreshHosts();
}
项目:mapreduce-fork
文件:JobTracker.java
/**
* Rereads the config to get hosts and exclude list file names.
* Rereads the files to update the hosts and exclude lists.
*/
public synchronized void refreshNodes() throws IOException {
String user = UserGroupinformation.getCurrentUser().getShortUserName();
// check access
if (!aclsManager.isMRAdmin(UserGroupinformation.getCurrentUser())) {
AuditLogger.logFailure(user,Constants.JOBTRACKER);
// call the actual api
refreshHosts();
}
项目:mammoth
文件:JobTracker.java
/**
* Rereads the config to get hosts and exclude list file names.
* Rereads the files to update the hosts and exclude lists.
*/
public synchronized void refreshNodes() throws IOException {
String user = UserGroupinformation.getCurrentUser().getShortUserName();
// check access
if (!aclsManager.isMRAdmin(UserGroupinformation.getCurrentUser())) {
AuditLogger.logFailure(user,Constants.JOBTRACKER);
// call the actual api
refreshHosts();
}
项目:hortonworks-extension
文件:JobTracker.java
/**
* Rereads the config to get hosts and exclude list file names.
* Rereads the files to update the hosts and exclude lists.
*/
public synchronized void refreshNodes() throws IOException {
String user = UserGroupinformation.getCurrentUser().getShortUserName();
// check access
if (!aclsManager.isMRAdmin(UserGroupinformation.getCurrentUser())) {
AuditLogger.logFailure(user,Constants.JOBTRACKER);
// call the actual api
refreshHosts();
}
项目:hadoop-on-lustre
文件:JobTracker.java
public boolean setSafeMode(JobTracker.SafeModeAction safeModeAction)
throws IOException {
String user = UserGroupinformation.getCurrentUser().getShortUserName();
// Anyone can check JT safe-mode
if (safeModeAction == SafeModeAction.SAFEMODE_GET) {
boolean safeMode = this.safeMode.get();
LOG.info("Getting safemode information: safemode=" + safeMode + ". " +
"Requested by : " +
UserGroupinformation.getCurrentUser().getShortUserName());
AuditLogger.logSuccess(user,Constants.GET_SAFEMODE,Constants.JOBTRACKER);
return safeMode;
}
// Check access for modifications to safe-mode
if (!aclsManager.isMRAdmin(UserGroupinformation.getCurrentUser())) {
AuditLogger.logFailure(user,Constants.SET_SAFEMODE,Constants.UNAUTHORIZED_USER);
throw new AccessControlException(user +
" is not authorized to refresh nodes.");
}
AuditLogger.logSuccess(user,Constants.JOBTRACKER);
boolean currSafeMode = setSafeModeInternal(safeModeAction);
adminSafeMode.set(currSafeMode);
adminSafeModeUser = user;
return currSafeMode;
}
项目:hortonworks-extension
文件:JobTracker.java
public boolean setSafeMode(JobTracker.SafeModeAction safeModeAction)
throws IOException {
String user = UserGroupinformation.getCurrentUser().getShortUserName();
// Anyone can check JT safe-mode
if (safeModeAction == SafeModeAction.SAFEMODE_GET) {
boolean safeMode = this.safeMode.get();
LOG.info("Getting safemode information: safemode=" + safeMode + ". " +
"Requested by : " +
UserGroupinformation.getCurrentUser().getShortUserName());
AuditLogger.logSuccess(user,Constants.JOBTRACKER);
boolean currSafeMode = setSafeModeInternal(safeModeAction);
adminSafeMode.set(currSafeMode);
adminSafeModeUser = user;
return currSafeMode;
}
项目:hadoop-2.6.0-cdh5.4.3
文件:ACLsManager.java
/**
* Check the ACLs for a user doing the passed operation.
* <ul>
* <li>If ACLs are disabled,allow all users.</li>
* <li>If the operation is not a job operation(for eg. submit-job-to-queue),* then allow only (a) clusterOwner(who started the cluster),(b)cluster
* administrators and (c) members of queue-submit-job-acl for the queue.</li>
* <li>If the operation is a job operation,then allow only (a) jobOwner,* (b) clusterOwner(who started the cluster),(c) cluster administrators,* (d) members of queue admins acl for the queue and (e) members of job
* acl for the jobOperation</li>
* </ul>
*
* callerUGI is the user who is trying to perform the operation.
* jobAcl Could be job-view-acl or job-modify-acl depending on job operation.
*/
void checkAccess(String jobId,UserGroupinformation callerUGI,String queue,Operation operation,String jobOwner,AccessControlList jobAcl) throws AccessControlException {
if (!aclsEnabled) {
return;
}
String user = callerUGI.getShortUserName();
String targetResource = jobId + " in queue " + queue;
// Allow mapreduce cluster admins to do any queue operation and
// any job operation
if (isMRAdmin(callerUGI)) {
AuditLogger.logSuccess(user,operation.name(),targetResource);
return;
}
if (operation == Operation.SUBMIT_JOB) {
// This is strictly queue operation(not a job operation)
if (!queueManager.hasAccess(queue,operation.qACLNeeded,callerUGI)) {
AuditLogger.logFailure(user,queueManager.getQueueACL(queue,operation.qACLNeeded).toString(),targetResource,Constants.UNAUTHORIZED_USER);
throw new AccessControlException("User "
+ callerUGI.getShortUserName() + " cannot perform "
+ "operation " + operation.name() + " on queue " + queue
+ ".\n Please run \"hadoop queue -showacls\" "
+ "command to find the queues you have access to .");
} else {
AuditLogger.logSuccess(user,targetResource);
return;
}
}
// Check if callerUGI is queueAdmin,jobOwner or part of job-acl.
// queueManager and queue are null only when called from
// TaskTracker(i.e. from TaskLogServlet) for the operation VIEW_TASK_LOGS.
// Caller of this method takes care of checking if callerUGI is a
// queue administrator for that operation.
if (operation == Operation.VIEW_TASK_LOGS) {
if (jobACLsManager.checkAccess(callerUGI,operation.jobACLNeeded,jobOwner,jobAcl)) {
AuditLogger.logSuccess(user,targetResource);
return;
}
} else if (queueManager.hasAccess(queue,callerUGI) ||
jobACLsManager.checkAccess(callerUGI,jobAcl)) {
AuditLogger.logSuccess(user,targetResource);
return;
}
AuditLogger.logFailure(user,jobAcl.toString(),Constants.UNAUTHORIZED_USER);
throw new AccessControlException("User "
+ callerUGI.getShortUserName() + " cannot perform operation "
+ operation.name() + " on " + jobId + " that is in the queue "
+ queue);
}
项目:hadoop-on-lustre
文件:ACLsManager.java
/**
* Check the ACLs for a user doing the passed operation.
* <ul>
* <li>If ACLs are disabled,Constants.UNAUTHORIZED_USER);
throw new AccessControlException("User "
+ callerUGI.getShortUserName() + " cannot perform operation "
+ operation.name() + " on " + jobId + " that is in the queue "
+ queue);
}
项目:hanoi-hadoop-2.0.0-cdh
文件:ACLsManager.java
/**
* Check the ACLs for a user doing the passed operation.
* <ul>
* <li>If ACLs are disabled,Constants.UNAUTHORIZED_USER);
throw new AccessControlException("User "
+ callerUGI.getShortUserName() + " cannot perform operation "
+ operation.name() + " on " + jobId + " that is in the queue "
+ queue);
}
项目:hortonworks-extension
文件:ACLsManager.java
/**
* Check the ACLs for a user doing the passed operation.
* <ul>
* <li>If ACLs are disabled,Constants.UNAUTHORIZED_USER);
throw new AccessControlException("User "
+ callerUGI.getShortUserName() + " cannot perform operation "
+ operation.name() + " on " + jobId + " that is in the queue "
+ queue);
}