From 4827e9a9085b306bc379cb6e0b1fe4b92326edcd Mon Sep 17 00:00:00 2001 From: Jason Lowe Date: Tue, 29 May 2018 14:43:17 -0500 Subject: [PATCH] YARN-8329. Docker client configuration can still be set incorrectly. Contributed by Shane Kumpf --- .../yarn/util/DockerClientConfigHandler.java | 23 +++++++++++-------- .../TestDockerClientConfigHandler.java | 4 ++-- .../runtime/DockerLinuxContainerRuntime.java | 7 +++--- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/util/DockerClientConfigHandler.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/util/DockerClientConfigHandler.java index 5522cf4f6f..8ec4deb2f3 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/util/DockerClientConfigHandler.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/util/DockerClientConfigHandler.java @@ -154,14 +154,15 @@ public static Credentials getCredentialsFromTokensByteBuffer( * @param outConfigFile the File to write the Docker client configuration to. * @param credentials the populated Credentials object. * @throws IOException if the write fails. + * @return true if a Docker credential is found in the supplied credentials. */ - public static void writeDockerCredentialsToPath(File outConfigFile, + public static boolean writeDockerCredentialsToPath(File outConfigFile, Credentials credentials) throws IOException { - ObjectMapper mapper = new ObjectMapper(); - ObjectNode rootNode = mapper.createObjectNode(); - ObjectNode registryUrlNode = mapper.createObjectNode(); boolean foundDockerCred = false; if (credentials.numberOfTokens() > 0) { + ObjectMapper mapper = new ObjectMapper(); + ObjectNode rootNode = mapper.createObjectNode(); + ObjectNode registryUrlNode = mapper.createObjectNode(); for (Token tk : credentials.getAllTokens()) { if (tk.getKind().equals(DockerCredentialTokenIdentifier.KIND)) { foundDockerCred = true; @@ -176,12 +177,14 @@ public static void writeDockerCredentialsToPath(File outConfigFile, } } } + if (foundDockerCred) { + rootNode.put(CONFIG_AUTHS_KEY, registryUrlNode); + String json = mapper.writerWithDefaultPrettyPrinter() + .writeValueAsString(rootNode); + FileUtils.writeStringToFile( + outConfigFile, json, StandardCharsets.UTF_8); + } } - if (foundDockerCred) { - rootNode.put(CONFIG_AUTHS_KEY, registryUrlNode); - String json = - mapper.writerWithDefaultPrettyPrinter().writeValueAsString(rootNode); - FileUtils.writeStringToFile(outConfigFile, json, StandardCharsets.UTF_8); - } + return foundDockerCred; } } \ No newline at end of file diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestDockerClientConfigHandler.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestDockerClientConfigHandler.java index c4cbe45542..cfe5a45569 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestDockerClientConfigHandler.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestDockerClientConfigHandler.java @@ -116,8 +116,8 @@ public void testWriteDockerCredentialsToPath() throws Exception { Credentials credentials = DockerClientConfigHandler.readCredentialsFromConfigFile( new Path(file.toURI()), conf, APPLICATION_ID); - DockerClientConfigHandler.writeDockerCredentialsToPath(outFile, - credentials); + assertTrue(DockerClientConfigHandler.writeDockerCredentialsToPath(outFile, + credentials)); assertTrue(outFile.exists()); String fileContents = FileUtils.readFileToString(outFile); assertTrue(fileContents.contains("auths")); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java index 5e2233b7d1..fc095d5581 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java @@ -1299,14 +1299,15 @@ private void addDockerClientConfigToRunCommand(ContainerRuntimeContext ctx, .getParent(); File dockerConfigPath = new File(nmPrivateDir + "/config.json"); try { - DockerClientConfigHandler - .writeDockerCredentialsToPath(dockerConfigPath, credentials); + if (DockerClientConfigHandler + .writeDockerCredentialsToPath(dockerConfigPath, credentials)) { + dockerRunCommand.setClientConfigDir(dockerConfigPath.getParent()); + } } catch (IOException e) { throw new ContainerExecutionException( "Unable to write Docker client credentials to " + dockerConfigPath); } - dockerRunCommand.setClientConfigDir(dockerConfigPath.getParent()); } } }