diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index 225e126f85..3f56cfccfe 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -431,6 +431,9 @@ Release 2.7.0 - UNRELEASED YARN-3011. Possible IllegalArgumentException in ResourceLocalizationService might lead NM to crash. (Varun Saxena via jianhe) + YARN-3103. AMRMClientImpl does not update AMRM token properly. (Jason Lowe + via jianhe) + Release 2.6.0 - 2014-11-18 INCOMPATIBLE CHANGES diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/AMRMClientImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/AMRMClientImpl.java index 3cf18bafbc..ab8aaa8e4a 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/AMRMClientImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/AMRMClientImpl.java @@ -755,11 +755,11 @@ private void updateAMRMToken(Token token) throws IOException { new org.apache.hadoop.security.token.Token(token .getIdentifier().array(), token.getPassword().array(), new Text( token.getKind()), new Text(token.getService())); - amrmToken.setService(ClientRMProxy.getAMRMTokenService(getConfig())); + // Preserve the token service sent by the RM when adding the token + // to ensure we replace the previous token setup by the RM. + // Afterwards we can update the service address for the RPC layer. UserGroupInformation currentUGI = UserGroupInformation.getCurrentUser(); - if (UserGroupInformation.isSecurityEnabled()) { - currentUGI = UserGroupInformation.getLoginUser(); - } currentUGI.addToken(amrmToken); + amrmToken.setService(ClientRMProxy.getAMRMTokenService(getConfig())); } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestAMRMClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestAMRMClient.java index e24b5f6491..3c6918cbb5 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestAMRMClient.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestAMRMClient.java @@ -200,8 +200,11 @@ Collections. emptyMap(), // of testing. UserGroupInformation.setLoginUser(UserGroupInformation .createRemoteUser(UserGroupInformation.getCurrentUser().getUserName())); - appAttempt.getAMRMToken().setService(ClientRMProxy.getAMRMTokenService(conf)); + + // emulate RM setup of AMRM token in credentials by adding the token + // *before* setting the token service UserGroupInformation.getCurrentUser().addToken(appAttempt.getAMRMToken()); + appAttempt.getAMRMToken().setService(ClientRMProxy.getAMRMTokenService(conf)); } @After @@ -1026,13 +1029,18 @@ public ApplicationMasterProtocol run() { UserGroupInformation.getCurrentUser().getCredentials(); Iterator> iter = credentials.getAllTokens().iterator(); + org.apache.hadoop.security.token.Token result = null; while (iter.hasNext()) { org.apache.hadoop.security.token.Token token = iter.next(); if (token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) { - return (org.apache.hadoop.security.token.Token) + if (result != null) { + Assert.fail("credentials has more than one AMRM token." + + " token1: " + result + " token2: " + token); + } + result = (org.apache.hadoop.security.token.Token) token; } } - return null; + return result; } }