YARN-822. Renamed ApplicationToken to be AMRMToken, and similarly the corresponding TokenSelector and SecretManager. Contributed by Omkar Vinit Joshi.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1493889 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Vinod Kumar Vavilapalli
parent
eff5e6da1d
commit
7d0c43d7cf
@ -127,7 +127,7 @@
|
||||
import org.apache.hadoop.yarn.event.Event;
|
||||
import org.apache.hadoop.yarn.event.EventHandler;
|
||||
import org.apache.hadoop.yarn.exceptions.YarnRuntimeException;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.util.Clock;
|
||||
import org.apache.hadoop.yarn.util.ConverterUtils;
|
||||
import org.apache.hadoop.yarn.util.SystemClock;
|
||||
@ -1380,7 +1380,7 @@ protected static void initAndStartAppMaster(final MRAppMaster appMaster,
|
||||
Iterator<Token<?>> iter = credentials.getAllTokens().iterator();
|
||||
while (iter.hasNext()) {
|
||||
Token<?> token = iter.next();
|
||||
if (token.getKind().equals(ApplicationTokenIdentifier.KIND_NAME)) {
|
||||
if (token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) {
|
||||
iter.remove();
|
||||
}
|
||||
}
|
||||
|
||||
@ -62,7 +62,7 @@
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationId;
|
||||
import org.apache.hadoop.yarn.api.records.ContainerId;
|
||||
import org.apache.hadoop.yarn.event.EventHandler;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.util.ConverterUtils;
|
||||
import org.apache.log4j.Level;
|
||||
import org.apache.log4j.LogManager;
|
||||
@ -346,9 +346,9 @@ public void testMRAppMasterCredentials() throws Exception {
|
||||
credentials.addToken(tokenAlias, myToken);
|
||||
|
||||
Text appTokenService = new Text("localhost:0");
|
||||
Token<ApplicationTokenIdentifier> appToken =
|
||||
new Token<ApplicationTokenIdentifier>(identifier, password,
|
||||
ApplicationTokenIdentifier.KIND_NAME, appTokenService);
|
||||
Token<AMRMTokenIdentifier> appToken =
|
||||
new Token<AMRMTokenIdentifier>(identifier, password,
|
||||
AMRMTokenIdentifier.KIND_NAME, appTokenService);
|
||||
credentials.addToken(appTokenService, appToken);
|
||||
|
||||
Text keyAlias = new Text("mySecretKeyAlias");
|
||||
|
||||
@ -61,7 +61,7 @@
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.util.ExitUtil;
|
||||
import org.apache.hadoop.util.Progressable;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
@ -104,7 +104,7 @@ public void testRunner() throws Exception {
|
||||
|
||||
conf.set(MRJobConfig.CACHE_LOCALFILES, fCommand.getAbsolutePath());
|
||||
// token for authorization
|
||||
Token<ApplicationTokenIdentifier> token = new Token<ApplicationTokenIdentifier>(
|
||||
Token<AMRMTokenIdentifier> token = new Token<AMRMTokenIdentifier>(
|
||||
"user".getBytes(), "password".getBytes(), new Text("kind"), new Text(
|
||||
"service"));
|
||||
TokenCache.setJobToken(token, conf.getCredentials());
|
||||
@ -168,7 +168,7 @@ public void testApplication() throws Throwable {
|
||||
conf.set(MRJobConfig.CACHE_LOCALFILES, fCommand.getAbsolutePath());
|
||||
|
||||
// token for authorization
|
||||
Token<ApplicationTokenIdentifier> token = new Token<ApplicationTokenIdentifier>(
|
||||
Token<AMRMTokenIdentifier> token = new Token<AMRMTokenIdentifier>(
|
||||
"user".getBytes(), "password".getBytes(), new Text("kind"), new Text(
|
||||
"service"));
|
||||
|
||||
@ -389,7 +389,7 @@ public void testPipesReduser() throws Exception {
|
||||
File[] psw = cleanTokenPasswordFile();
|
||||
JobConf conf = new JobConf();
|
||||
try {
|
||||
Token<ApplicationTokenIdentifier> token = new Token<ApplicationTokenIdentifier>(
|
||||
Token<AMRMTokenIdentifier> token = new Token<AMRMTokenIdentifier>(
|
||||
"user".getBytes(), "password".getBytes(), new Text("kind"), new Text(
|
||||
"service"));
|
||||
TokenCache.setJobToken(token, conf.getCredentials());
|
||||
|
||||
@ -180,6 +180,9 @@ Release 2.1.0-beta - UNRELEASED
|
||||
YARN-837. Moved yarn.ClusterInfo into MapReduce project as it doesn't belong
|
||||
to YARN. (Zhijie Shen via vinodkv)
|
||||
|
||||
YARN-822. Renamed ApplicationToken to be AMRMToken, and similarly the
|
||||
corresponding TokenSelector and SecretManager. (Omkar Vinit Joshi via vinodkv)
|
||||
|
||||
NEW FEATURES
|
||||
|
||||
YARN-482. FS: Extend SchedulingMode to intermediate queues.
|
||||
|
||||
@ -274,10 +274,10 @@ public class YarnConfiguration extends Configuration {
|
||||
public static final String DEFAULT_RM_METRICS_RUNTIME_BUCKETS =
|
||||
"60,300,1440";
|
||||
|
||||
public static final String RM_APP_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS = RM_PREFIX
|
||||
+ "application-tokens.master-key-rolling-interval-secs";
|
||||
public static final String RM_AMRM_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS = RM_PREFIX
|
||||
+ "am-rm-tokens.master-key-rolling-interval-secs";
|
||||
|
||||
public static final long DEFAULT_RM_APP_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS =
|
||||
public static final long DEFAULT_RM_AMRM_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS =
|
||||
24 * 60 * 60;
|
||||
|
||||
public static final String RM_CONTAINER_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS =
|
||||
|
||||
@ -34,21 +34,21 @@
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationId;
|
||||
|
||||
/**
|
||||
* ApplicationTokenIdentifier is the TokenIdentifier to be used by
|
||||
* AMRMTokenIdentifier is the TokenIdentifier to be used by
|
||||
* ApplicationMasters to authenticate to the ResourceManager.
|
||||
*/
|
||||
@Public
|
||||
@Evolving
|
||||
public class ApplicationTokenIdentifier extends TokenIdentifier {
|
||||
public class AMRMTokenIdentifier extends TokenIdentifier {
|
||||
|
||||
public static final Text KIND_NAME = new Text("YARN_APPLICATION_TOKEN");
|
||||
public static final Text KIND_NAME = new Text("YARN_AM_RM_TOKEN");
|
||||
|
||||
private ApplicationAttemptId applicationAttemptId;
|
||||
|
||||
public ApplicationTokenIdentifier() {
|
||||
public AMRMTokenIdentifier() {
|
||||
}
|
||||
|
||||
public ApplicationTokenIdentifier(ApplicationAttemptId appAttemptId) {
|
||||
public AMRMTokenIdentifier(ApplicationAttemptId appAttemptId) {
|
||||
this();
|
||||
this.applicationAttemptId = appAttemptId;
|
||||
}
|
||||
@ -31,14 +31,14 @@
|
||||
|
||||
@Public
|
||||
@Evolving
|
||||
public class ApplicationTokenSelector implements
|
||||
TokenSelector<ApplicationTokenIdentifier> {
|
||||
public class AMRMTokenSelector implements
|
||||
TokenSelector<AMRMTokenIdentifier> {
|
||||
|
||||
private static final Log LOG = LogFactory
|
||||
.getLog(ApplicationTokenSelector.class);
|
||||
.getLog(AMRMTokenSelector.class);
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public Token<ApplicationTokenIdentifier> selectToken(Text service,
|
||||
public Token<AMRMTokenIdentifier> selectToken(Text service,
|
||||
Collection<Token<? extends TokenIdentifier>> tokens) {
|
||||
if (service == null) {
|
||||
return null;
|
||||
@ -47,9 +47,9 @@ public Token<ApplicationTokenIdentifier> selectToken(Text service,
|
||||
for (Token<? extends TokenIdentifier> token : tokens) {
|
||||
LOG.debug("Token kind is " + token.getKind().toString()
|
||||
+ " and the token's service name is " + token.getService());
|
||||
if (ApplicationTokenIdentifier.KIND_NAME.equals(token.getKind())
|
||||
if (AMRMTokenIdentifier.KIND_NAME.equals(token.getKind())
|
||||
&& service.equals(token.getService())) {
|
||||
return (Token<ApplicationTokenIdentifier>) token;
|
||||
return (Token<AMRMTokenIdentifier>) token;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
@ -54,7 +54,7 @@ public Class<? extends Annotation> annotationType() {
|
||||
@Override
|
||||
public Class<? extends TokenSelector<? extends TokenIdentifier>>
|
||||
value() {
|
||||
return ApplicationTokenSelector.class;
|
||||
return AMRMTokenSelector.class;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@ -12,6 +12,6 @@
|
||||
# limitations under the License.
|
||||
#
|
||||
org.apache.hadoop.yarn.security.ContainerTokenIdentifier
|
||||
org.apache.hadoop.yarn.security.ApplicationTokenIdentifier
|
||||
org.apache.hadoop.yarn.security.AMRMTokenIdentifier
|
||||
org.apache.hadoop.yarn.security.client.ClientTokenIdentifier
|
||||
org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier
|
||||
|
||||
@ -11,6 +11,6 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
org.apache.hadoop.yarn.security.ApplicationTokenIdentifier$Renewer
|
||||
org.apache.hadoop.yarn.security.AMRMTokenIdentifier$Renewer
|
||||
org.apache.hadoop.yarn.security.ContainerTokenIdentifier$Renewer
|
||||
org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier$Renewer
|
||||
|
||||
@ -118,7 +118,7 @@ protected void serviceStart() throws Exception {
|
||||
|
||||
this.server =
|
||||
rpc.getServer(ApplicationMasterProtocol.class, this, masterServiceAddress,
|
||||
conf, this.rmContext.getApplicationTokenSecretManager(),
|
||||
conf, this.rmContext.getAMRMTokenSecretManager(),
|
||||
conf.getInt(YarnConfiguration.RM_SCHEDULER_CLIENT_THREAD_COUNT,
|
||||
YarnConfiguration.DEFAULT_RM_SCHEDULER_CLIENT_THREAD_COUNT));
|
||||
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.AMLivelinessMonitor;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.ContainerAllocationExpirer;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNode;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager;
|
||||
@ -57,7 +57,7 @@ public interface RMContext {
|
||||
|
||||
DelegationTokenRenewer getDelegationTokenRenewer();
|
||||
|
||||
ApplicationTokenSecretManager getApplicationTokenSecretManager();
|
||||
AMRMTokenSecretManager getAMRMTokenSecretManager();
|
||||
|
||||
RMContainerTokenSecretManager getContainerTokenSecretManager();
|
||||
|
||||
|
||||
@ -31,7 +31,7 @@
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.AMLivelinessMonitor;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.ContainerAllocationExpirer;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNode;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager;
|
||||
@ -57,7 +57,7 @@ public class RMContextImpl implements RMContext {
|
||||
private RMStateStore stateStore = null;
|
||||
private ContainerAllocationExpirer containerAllocationExpirer;
|
||||
private final DelegationTokenRenewer tokenRenewer;
|
||||
private final ApplicationTokenSecretManager appTokenSecretManager;
|
||||
private final AMRMTokenSecretManager appTokenSecretManager;
|
||||
private final RMContainerTokenSecretManager containerTokenSecretManager;
|
||||
private final NMTokenSecretManagerInRM nmTokenSecretManager;
|
||||
private final ClientToAMTokenSecretManagerInRM clientToAMTokenSecretManager;
|
||||
@ -68,7 +68,7 @@ public RMContextImpl(Dispatcher rmDispatcher,
|
||||
AMLivelinessMonitor amLivelinessMonitor,
|
||||
AMLivelinessMonitor amFinishingMonitor,
|
||||
DelegationTokenRenewer tokenRenewer,
|
||||
ApplicationTokenSecretManager appTokenSecretManager,
|
||||
AMRMTokenSecretManager appTokenSecretManager,
|
||||
RMContainerTokenSecretManager containerTokenSecretManager,
|
||||
NMTokenSecretManagerInRM nmTokenSecretManager,
|
||||
ClientToAMTokenSecretManagerInRM clientTokenSecretManager) {
|
||||
@ -91,7 +91,7 @@ public RMContextImpl(Dispatcher rmDispatcher,
|
||||
AMLivelinessMonitor amLivelinessMonitor,
|
||||
AMLivelinessMonitor amFinishingMonitor,
|
||||
DelegationTokenRenewer tokenRenewer,
|
||||
ApplicationTokenSecretManager appTokenSecretManager,
|
||||
AMRMTokenSecretManager appTokenSecretManager,
|
||||
RMContainerTokenSecretManager containerTokenSecretManager,
|
||||
NMTokenSecretManagerInRM nmTokenSecretManager,
|
||||
ClientToAMTokenSecretManagerInRM clientTokenSecretManager) {
|
||||
@ -155,7 +155,7 @@ public DelegationTokenRenewer getDelegationTokenRenewer() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public ApplicationTokenSecretManager getApplicationTokenSecretManager() {
|
||||
public AMRMTokenSecretManager getAMRMTokenSecretManager() {
|
||||
return this.appTokenSecretManager;
|
||||
}
|
||||
|
||||
|
||||
@ -67,7 +67,7 @@
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.SchedulerEvent;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.SchedulerEventType;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager;
|
||||
@ -87,7 +87,7 @@
|
||||
|
||||
/**
|
||||
* The ResourceManager is the main class that is a set of components.
|
||||
* "I am the ResourceManager. All your resources are belong to us..."
|
||||
* "I am the ResourceManager. All your resources belong to us..."
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
@ -107,7 +107,7 @@ public class ResourceManager extends CompositeService implements Recoverable {
|
||||
protected RMContainerTokenSecretManager containerTokenSecretManager;
|
||||
protected NMTokenSecretManagerInRM nmTokenSecretManager;
|
||||
|
||||
protected ApplicationTokenSecretManager appTokenSecretManager;
|
||||
protected AMRMTokenSecretManager amRmTokenSecretManager;
|
||||
|
||||
private Dispatcher rmDispatcher;
|
||||
|
||||
@ -150,7 +150,7 @@ protected void serviceInit(Configuration conf) throws Exception {
|
||||
this.rmDispatcher = createDispatcher();
|
||||
addIfService(this.rmDispatcher);
|
||||
|
||||
this.appTokenSecretManager = createApplicationTokenSecretManager(conf);
|
||||
this.amRmTokenSecretManager = createAMRMTokenSecretManager(conf);
|
||||
|
||||
this.containerAllocationExpirer = new ContainerAllocationExpirer(
|
||||
this.rmDispatcher);
|
||||
@ -193,7 +193,7 @@ protected void serviceInit(Configuration conf) throws Exception {
|
||||
this.rmContext =
|
||||
new RMContextImpl(this.rmDispatcher, rmStore,
|
||||
this.containerAllocationExpirer, amLivelinessMonitor,
|
||||
amFinishingMonitor, tokenRenewer, this.appTokenSecretManager,
|
||||
amFinishingMonitor, tokenRenewer, this.amRmTokenSecretManager,
|
||||
this.containerTokenSecretManager, this.nmTokenSecretManager,
|
||||
this.clientToAMSecretManager);
|
||||
|
||||
@ -294,9 +294,9 @@ protected void addIfService(Object object) {
|
||||
}
|
||||
}
|
||||
|
||||
protected ApplicationTokenSecretManager createApplicationTokenSecretManager(
|
||||
protected AMRMTokenSecretManager createAMRMTokenSecretManager(
|
||||
Configuration conf) {
|
||||
return new ApplicationTokenSecretManager(conf);
|
||||
return new AMRMTokenSecretManager(conf);
|
||||
}
|
||||
|
||||
protected ResourceScheduler createScheduler() {
|
||||
@ -557,7 +557,7 @@ protected void serviceStart() throws Exception {
|
||||
throw new YarnRuntimeException("Failed to login", ie);
|
||||
}
|
||||
|
||||
this.appTokenSecretManager.start();
|
||||
this.amRmTokenSecretManager.start();
|
||||
this.containerTokenSecretManager.start();
|
||||
this.nmTokenSecretManager.start();
|
||||
|
||||
@ -617,8 +617,8 @@ protected void serviceStop() throws Exception {
|
||||
rmDTSecretManager.stopThreads();
|
||||
}
|
||||
|
||||
if (appTokenSecretManager != null) {
|
||||
this.appTokenSecretManager.stop();
|
||||
if (amRmTokenSecretManager != null) {
|
||||
this.amRmTokenSecretManager.stop();
|
||||
}
|
||||
if (containerTokenSecretManager != null) {
|
||||
this.containerTokenSecretManager.stop();
|
||||
@ -731,8 +731,8 @@ public NMTokenSecretManagerInRM getRMNMTokenSecretManager() {
|
||||
}
|
||||
|
||||
@Private
|
||||
public ApplicationTokenSecretManager getApplicationTokenSecretManager(){
|
||||
return this.appTokenSecretManager;
|
||||
public AMRMTokenSecretManager getAMRMTokenSecretManager(){
|
||||
return this.amRmTokenSecretManager;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -52,7 +52,7 @@
|
||||
import org.apache.hadoop.yarn.factories.RecordFactory;
|
||||
import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider;
|
||||
import org.apache.hadoop.yarn.ipc.YarnRPC;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.ContainerTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.RMContext;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttempt;
|
||||
@ -201,10 +201,10 @@ private void setupTokensAndEnv(
|
||||
}
|
||||
|
||||
// Add application token
|
||||
Token<ApplicationTokenIdentifier> applicationToken =
|
||||
application.getApplicationToken();
|
||||
if(applicationToken != null) {
|
||||
credentials.addToken(applicationToken.getService(), applicationToken);
|
||||
Token<AMRMTokenIdentifier> amrmToken =
|
||||
application.getAMRMToken();
|
||||
if(amrmToken != null) {
|
||||
credentials.addToken(amrmToken.getService(), amrmToken);
|
||||
}
|
||||
DataOutputBuffer dob = new DataOutputBuffer();
|
||||
credentials.writeTokenStorageToStream(dob);
|
||||
|
||||
@ -41,7 +41,7 @@
|
||||
import org.apache.hadoop.yarn.event.AsyncDispatcher;
|
||||
import org.apache.hadoop.yarn.event.Dispatcher;
|
||||
import org.apache.hadoop.yarn.event.EventHandler;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.client.ClientTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.recovery.records.impl.pb.ApplicationAttemptStateDataPBImpl;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.recovery.records.impl.pb.ApplicationStateDataPBImpl;
|
||||
@ -378,7 +378,7 @@ protected abstract void removeApplicationState(ApplicationState appState)
|
||||
|
||||
private Credentials getTokensFromAppAttempt(RMAppAttempt appAttempt) {
|
||||
Credentials credentials = new Credentials();
|
||||
Token<ApplicationTokenIdentifier> appToken = appAttempt.getApplicationToken();
|
||||
Token<AMRMTokenIdentifier> appToken = appAttempt.getAMRMToken();
|
||||
if(appToken != null){
|
||||
credentials.addToken(appToken.getService(), appToken);
|
||||
}
|
||||
|
||||
@ -31,7 +31,7 @@
|
||||
import org.apache.hadoop.yarn.api.records.NodeId;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.event.EventHandler;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.client.ClientTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp;
|
||||
|
||||
@ -149,10 +149,10 @@ public interface RMAppAttempt extends EventHandler<RMAppAttemptEvent> {
|
||||
ApplicationSubmissionContext getSubmissionContext();
|
||||
|
||||
/**
|
||||
* The application token belonging to this app attempt
|
||||
* @return The application token belonging to this app attempt
|
||||
* The AMRMToken belonging to this app attempt
|
||||
* @return The AMRMToken belonging to this app attempt
|
||||
*/
|
||||
Token<ApplicationTokenIdentifier> getApplicationToken();
|
||||
Token<AMRMTokenIdentifier> getAMRMToken();
|
||||
|
||||
/**
|
||||
* Get application container and resource usage information.
|
||||
|
||||
@ -61,8 +61,8 @@
|
||||
import org.apache.hadoop.yarn.event.EventHandler;
|
||||
import org.apache.hadoop.yarn.factories.RecordFactory;
|
||||
import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenSelector;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenSelector;
|
||||
import org.apache.hadoop.yarn.security.client.ClientTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.client.ClientTokenSelector;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.ApplicationMasterService;
|
||||
@ -131,7 +131,7 @@ public class RMAppAttemptImpl implements RMAppAttempt, Recoverable {
|
||||
private final ApplicationAttemptId applicationAttemptId;
|
||||
private Token<ClientTokenIdentifier> clientToken;
|
||||
private final ApplicationSubmissionContext submissionContext;
|
||||
private Token<ApplicationTokenIdentifier> applicationToken = null;
|
||||
private Token<AMRMTokenIdentifier> amrmToken = null;
|
||||
|
||||
//nodes on while this attempt's containers ran
|
||||
private final Set<NodeId> ranNodes =
|
||||
@ -503,8 +503,8 @@ public Token<ClientTokenIdentifier> getClientToken() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public Token<ApplicationTokenIdentifier> getApplicationToken() {
|
||||
return this.applicationToken;
|
||||
public Token<AMRMTokenIdentifier> getAMRMToken() {
|
||||
return this.amrmToken;
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -682,14 +682,14 @@ private void recoverAppAttemptTokens(Credentials appAttemptTokens) {
|
||||
YarnConfiguration.RM_SCHEDULER_ADDRESS,
|
||||
YarnConfiguration.DEFAULT_RM_SCHEDULER_ADDRESS,
|
||||
YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT);
|
||||
ApplicationTokenSelector appTokenSelector = new ApplicationTokenSelector();
|
||||
this.applicationToken =
|
||||
AMRMTokenSelector appTokenSelector = new AMRMTokenSelector();
|
||||
this.amrmToken =
|
||||
appTokenSelector.selectToken(
|
||||
SecurityUtil.buildTokenService(serviceAddr),
|
||||
appAttemptTokens.getAllTokens());
|
||||
|
||||
// For now, no need to populate tokens back to
|
||||
// ApplicationTokenSecretManager, because running attempts are rebooted
|
||||
// AMRMTokenSecretManager, because running attempts are rebooted
|
||||
// Later in work-preserve restart, we'll create NEW->RUNNING transition
|
||||
// in which the restored tokens will be added to the secret manager
|
||||
}
|
||||
@ -727,11 +727,11 @@ public void transition(RMAppAttemptImpl appAttempt,
|
||||
appAttempt.rmContext.getClientToAMTokenSecretManager());
|
||||
|
||||
// create application token
|
||||
ApplicationTokenIdentifier id =
|
||||
new ApplicationTokenIdentifier(appAttempt.applicationAttemptId);
|
||||
Token<ApplicationTokenIdentifier> applicationToken =
|
||||
new Token<ApplicationTokenIdentifier>(id,
|
||||
appAttempt.rmContext.getApplicationTokenSecretManager());
|
||||
AMRMTokenIdentifier id =
|
||||
new AMRMTokenIdentifier(appAttempt.applicationAttemptId);
|
||||
Token<AMRMTokenIdentifier> amRmToken =
|
||||
new Token<AMRMTokenIdentifier>(id,
|
||||
appAttempt.rmContext.getAMRMTokenSecretManager());
|
||||
InetSocketAddress serviceAddr =
|
||||
appAttempt.conf.getSocketAddr(
|
||||
YarnConfiguration.RM_SCHEDULER_ADDRESS,
|
||||
@ -739,9 +739,9 @@ public void transition(RMAppAttemptImpl appAttempt,
|
||||
YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT);
|
||||
// normally the client should set the service after acquiring the
|
||||
// token, but this token is directly provided to the AMs
|
||||
SecurityUtil.setTokenService(applicationToken, serviceAddr);
|
||||
SecurityUtil.setTokenService(amRmToken, serviceAddr);
|
||||
|
||||
appAttempt.applicationToken = applicationToken;
|
||||
appAttempt.amrmToken = amRmToken;
|
||||
|
||||
}
|
||||
|
||||
@ -902,8 +902,8 @@ public void transition(RMAppAttemptImpl appAttempt,
|
||||
appAttempt.eventHandler.handle(new AppRemovedSchedulerEvent(appAttemptId,
|
||||
finalAttemptState));
|
||||
|
||||
// Remove the AppAttempt from the ApplicationTokenSecretManager
|
||||
appAttempt.rmContext.getApplicationTokenSecretManager()
|
||||
// Remove the AppAttempt from the AMRMTokenSecretManager
|
||||
appAttempt.rmContext.getAMRMTokenSecretManager()
|
||||
.applicationMasterFinished(appAttemptId);
|
||||
}
|
||||
}
|
||||
@ -1125,8 +1125,8 @@ public RMAppAttemptState transition(RMAppAttemptImpl appAttempt,
|
||||
|
||||
appAttempt.rmContext.getAMLivelinessMonitor().unregister(appAttemptId);
|
||||
|
||||
// Remove the AppAttempt from the ApplicationTokenSecretManager
|
||||
appAttempt.rmContext.getApplicationTokenSecretManager()
|
||||
// Remove the AppAttempt from the AMRMTokenSecretManager
|
||||
appAttempt.rmContext.getAMRMTokenSecretManager()
|
||||
.applicationMasterFinished(appAttemptId);
|
||||
|
||||
appAttempt.progress = 1.0f;
|
||||
|
||||
@ -32,20 +32,20 @@
|
||||
import org.apache.hadoop.security.token.SecretManager;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
|
||||
|
||||
/**
|
||||
* Application-tokens are per ApplicationAttempt. If users redistribute their
|
||||
* AMRM-tokens are per ApplicationAttempt. If users redistribute their
|
||||
* tokens, it is their headache, god save them. I mean you are not supposed to
|
||||
* distribute keys to your vault, right? Anyways, ResourceManager saves each
|
||||
* token locally in memory till application finishes and to a store for restart,
|
||||
* so no need to remember master-keys even after rolling them.
|
||||
*/
|
||||
public class ApplicationTokenSecretManager extends
|
||||
SecretManager<ApplicationTokenIdentifier> {
|
||||
public class AMRMTokenSecretManager extends
|
||||
SecretManager<AMRMTokenIdentifier> {
|
||||
|
||||
private static final Log LOG = LogFactory
|
||||
.getLog(ApplicationTokenSecretManager.class);
|
||||
.getLog(AMRMTokenSecretManager.class);
|
||||
|
||||
private SecretKey masterKey;
|
||||
private final Timer timer;
|
||||
@ -55,16 +55,16 @@ public class ApplicationTokenSecretManager extends
|
||||
new HashMap<ApplicationAttemptId, byte[]>();
|
||||
|
||||
/**
|
||||
* Create an {@link ApplicationTokenSecretManager}
|
||||
* Create an {@link AMRMTokenSecretManager}
|
||||
*/
|
||||
public ApplicationTokenSecretManager(Configuration conf) {
|
||||
public AMRMTokenSecretManager(Configuration conf) {
|
||||
rollMasterKey();
|
||||
this.timer = new Timer();
|
||||
this.rollingInterval =
|
||||
conf
|
||||
.getLong(
|
||||
YarnConfiguration.RM_APP_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS,
|
||||
YarnConfiguration.DEFAULT_RM_APP_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS) * 1000;
|
||||
YarnConfiguration.RM_AMRM_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS,
|
||||
YarnConfiguration.DEFAULT_RM_AMRM_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS) * 1000;
|
||||
}
|
||||
|
||||
public void start() {
|
||||
@ -102,17 +102,17 @@ public synchronized SecretKey getMasterKey() {
|
||||
|
||||
@Private
|
||||
synchronized void rollMasterKey() {
|
||||
LOG.info("Rolling master-key for application-tokens");
|
||||
LOG.info("Rolling master-key for amrm-tokens");
|
||||
this.masterKey = generateSecret();
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a password for a given {@link ApplicationTokenIdentifier}. Used to
|
||||
* Create a password for a given {@link AMRMTokenIdentifier}. Used to
|
||||
* send to the AppicationAttempt which can give it back during authentication.
|
||||
*/
|
||||
@Override
|
||||
public synchronized byte[] createPassword(
|
||||
ApplicationTokenIdentifier identifier) {
|
||||
AMRMTokenIdentifier identifier) {
|
||||
ApplicationAttemptId applicationAttemptId =
|
||||
identifier.getApplicationAttemptId();
|
||||
if (LOG.isDebugEnabled()) {
|
||||
@ -124,12 +124,12 @@ public synchronized byte[] createPassword(
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the password for the given {@link ApplicationTokenIdentifier}.
|
||||
* Used by RPC layer to validate a remote {@link ApplicationTokenIdentifier}.
|
||||
* Retrieve the password for the given {@link AMRMTokenIdentifier}.
|
||||
* Used by RPC layer to validate a remote {@link AMRMTokenIdentifier}.
|
||||
*/
|
||||
@Override
|
||||
public synchronized byte[] retrievePassword(
|
||||
ApplicationTokenIdentifier identifier) throws InvalidToken {
|
||||
AMRMTokenIdentifier identifier) throws InvalidToken {
|
||||
ApplicationAttemptId applicationAttemptId =
|
||||
identifier.getApplicationAttemptId();
|
||||
if (LOG.isDebugEnabled()) {
|
||||
@ -145,11 +145,11 @@ public synchronized byte[] retrievePassword(
|
||||
|
||||
/**
|
||||
* Creates an empty TokenId to be used for de-serializing an
|
||||
* {@link ApplicationTokenIdentifier} by the RPC layer.
|
||||
* {@link AMRMTokenIdentifier} by the RPC layer.
|
||||
*/
|
||||
@Override
|
||||
public ApplicationTokenIdentifier createIdentifier() {
|
||||
return new ApplicationTokenIdentifier();
|
||||
public AMRMTokenIdentifier createIdentifier() {
|
||||
return new AMRMTokenIdentifier();
|
||||
}
|
||||
|
||||
}
|
||||
@ -536,7 +536,7 @@ public void testAppAttemptTokensRestoredOnRMRestart() throws Exception {
|
||||
|
||||
// the appToken and clientToken that are generated when RMAppAttempt is created,
|
||||
HashSet<Token<?>> tokenSet = new HashSet<Token<?>>();
|
||||
tokenSet.add(attempt1.getApplicationToken());
|
||||
tokenSet.add(attempt1.getAMRMToken());
|
||||
tokenSet.add(attempt1.getClientToken());
|
||||
|
||||
// assert application Token is saved
|
||||
@ -555,7 +555,7 @@ public void testAppAttemptTokensRestoredOnRMRestart() throws Exception {
|
||||
// assert loaded attempt recovered attempt tokens
|
||||
Assert.assertNotNull(loadedAttempt1);
|
||||
savedTokens.clear();
|
||||
savedTokens.add(loadedAttempt1.getApplicationToken());
|
||||
savedTokens.add(loadedAttempt1.getAMRMToken());
|
||||
savedTokens.add(loadedAttempt1.getClientToken());
|
||||
Assert.assertEquals(tokenSet, savedTokens);
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.resource.Resources;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.Allocation;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.YarnScheduler;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
@ -57,7 +57,7 @@
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.Allocation;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.YarnScheduler;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
|
||||
@ -54,7 +54,7 @@
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.event.Dispatcher;
|
||||
import org.apache.hadoop.yarn.event.EventHandler;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.client.ClientTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.recovery.RMStateStore.ApplicationAttemptState;
|
||||
@ -64,7 +64,7 @@
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttempt;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.event.RMAppAttemptStoredEvent;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM;
|
||||
import org.apache.hadoop.yarn.util.ConverterUtils;
|
||||
import org.junit.Test;
|
||||
@ -205,7 +205,7 @@ void storeApp(RMStateStore store, ApplicationId appId, long time)
|
||||
}
|
||||
|
||||
ContainerId storeAttempt(RMStateStore store, ApplicationAttemptId attemptId,
|
||||
String containerIdStr, Token<ApplicationTokenIdentifier> appToken,
|
||||
String containerIdStr, Token<AMRMTokenIdentifier> appToken,
|
||||
Token<ClientTokenIdentifier> clientToken, TestDispatcher dispatcher)
|
||||
throws Exception {
|
||||
|
||||
@ -214,7 +214,7 @@ ContainerId storeAttempt(RMStateStore store, ApplicationAttemptId attemptId,
|
||||
RMAppAttempt mockAttempt = mock(RMAppAttempt.class);
|
||||
when(mockAttempt.getAppAttemptId()).thenReturn(attemptId);
|
||||
when(mockAttempt.getMasterContainer()).thenReturn(container);
|
||||
when(mockAttempt.getApplicationToken()).thenReturn(appToken);
|
||||
when(mockAttempt.getAMRMToken()).thenReturn(appToken);
|
||||
when(mockAttempt.getClientToken()).thenReturn(clientToken);
|
||||
dispatcher.attemptId = attemptId;
|
||||
dispatcher.storedException = null;
|
||||
@ -231,8 +231,8 @@ void testRMAppStateStore(RMStateStoreHelper stateStoreHelper) throws Exception {
|
||||
TestDispatcher dispatcher = new TestDispatcher();
|
||||
store.setDispatcher(dispatcher);
|
||||
|
||||
ApplicationTokenSecretManager appTokenMgr =
|
||||
new ApplicationTokenSecretManager(conf);
|
||||
AMRMTokenSecretManager appTokenMgr =
|
||||
new AMRMTokenSecretManager(conf);
|
||||
ClientToAMTokenSecretManagerInRM clientTokenMgr =
|
||||
new ClientToAMTokenSecretManagerInRM();
|
||||
|
||||
@ -249,7 +249,7 @@ void testRMAppStateStore(RMStateStoreHelper stateStoreHelper) throws Exception {
|
||||
|
||||
ContainerId containerId1 = storeAttempt(store, attemptId1,
|
||||
"container_1352994193343_0001_01_000001",
|
||||
(Token<ApplicationTokenIdentifier>) (appAttemptToken1.get(0)),
|
||||
(Token<AMRMTokenIdentifier>) (appAttemptToken1.get(0)),
|
||||
(Token<ClientTokenIdentifier>)(appAttemptToken1.get(1)),
|
||||
dispatcher);
|
||||
|
||||
@ -265,7 +265,7 @@ void testRMAppStateStore(RMStateStoreHelper stateStoreHelper) throws Exception {
|
||||
|
||||
ContainerId containerId2 = storeAttempt(store, attemptId2,
|
||||
"container_1352994193343_0001_02_000001",
|
||||
(Token<ApplicationTokenIdentifier>) (appAttemptToken2.get(0)),
|
||||
(Token<AMRMTokenIdentifier>) (appAttemptToken2.get(0)),
|
||||
(Token<ClientTokenIdentifier>)(appAttemptToken2.get(1)),
|
||||
dispatcher);
|
||||
|
||||
@ -372,12 +372,12 @@ public void testRMDTSecretManagerStateStore(
|
||||
}
|
||||
|
||||
private List<Token<?>> generateTokens(ApplicationAttemptId attemptId,
|
||||
ApplicationTokenSecretManager appTokenMgr,
|
||||
AMRMTokenSecretManager appTokenMgr,
|
||||
ClientToAMTokenSecretManagerInRM clientTokenMgr, Configuration conf) {
|
||||
ApplicationTokenIdentifier appTokenId =
|
||||
new ApplicationTokenIdentifier(attemptId);
|
||||
Token<ApplicationTokenIdentifier> appToken =
|
||||
new Token<ApplicationTokenIdentifier>(appTokenId, appTokenMgr);
|
||||
AMRMTokenIdentifier appTokenId =
|
||||
new AMRMTokenIdentifier(attemptId);
|
||||
Token<AMRMTokenIdentifier> appToken =
|
||||
new Token<AMRMTokenIdentifier>(appTokenId, appTokenMgr);
|
||||
appToken.setService(new Text("appToken service"));
|
||||
|
||||
ClientTokenIdentifier clientTokenId = new ClientTokenIdentifier(attemptId);
|
||||
|
||||
@ -51,7 +51,7 @@
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.YarnScheduler;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.SchedulerEvent;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.SchedulerEventType;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.NMTokenSecretManagerInRM;
|
||||
@ -145,7 +145,7 @@ public void setUp() throws Exception {
|
||||
this.rmContext =
|
||||
new RMContextImpl(rmDispatcher, store,
|
||||
containerAllocationExpirer, amLivelinessMonitor, amFinishingMonitor,
|
||||
null, new ApplicationTokenSecretManager(conf),
|
||||
null, new AMRMTokenSecretManager(conf),
|
||||
new RMContainerTokenSecretManager(conf),
|
||||
new NMTokenSecretManagerInRM(conf),
|
||||
new ClientToAMTokenSecretManagerInRM());
|
||||
|
||||
@ -75,7 +75,7 @@
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.AppAddedSchedulerEvent;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.SchedulerEvent;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.SchedulerEventType;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.utils.BuilderUtils;
|
||||
@ -167,7 +167,7 @@ public void setUp() throws Exception {
|
||||
rmContext =
|
||||
new RMContextImpl(rmDispatcher,
|
||||
containerAllocationExpirer, amLivelinessMonitor, amFinishingMonitor,
|
||||
null, new ApplicationTokenSecretManager(conf),
|
||||
null, new AMRMTokenSecretManager(conf),
|
||||
new RMContainerTokenSecretManager(conf),
|
||||
new NMTokenSecretManagerInRM(conf),
|
||||
new ClientToAMTokenSecretManagerInRM());
|
||||
|
||||
@ -46,7 +46,7 @@
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNode;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.common.fica.FiCaSchedulerApp;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.common.fica.FiCaSchedulerNode;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.utils.BuilderUtils;
|
||||
@ -86,7 +86,7 @@ public EventHandler getEventHandler() {
|
||||
Configuration conf = new Configuration();
|
||||
RMContext rmContext =
|
||||
new RMContextImpl(nullDispatcher, cae, null, null, null,
|
||||
new ApplicationTokenSecretManager(conf),
|
||||
new AMRMTokenSecretManager(conf),
|
||||
new RMContainerTokenSecretManager(conf),
|
||||
new NMTokenSecretManagerInRM(conf),
|
||||
new ClientToAMTokenSecretManagerInRM());
|
||||
|
||||
@ -47,9 +47,9 @@
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
public class TestApplicationTokens {
|
||||
public class TestAMRMTokens {
|
||||
|
||||
private static final Log LOG = LogFactory.getLog(TestApplicationTokens.class);
|
||||
private static final Log LOG = LogFactory.getLog(TestAMRMTokens.class);
|
||||
|
||||
private static final Configuration confWithSecurityEnabled =
|
||||
new Configuration();
|
||||
@ -212,8 +212,8 @@ public void testMasterKeyRollOver() throws Exception {
|
||||
rmClient.allocate(allocateRequest).getAMCommand() == null);
|
||||
|
||||
// Simulate a master-key-roll-over
|
||||
ApplicationTokenSecretManager appTokenSecretManager =
|
||||
rm.getRMContext().getApplicationTokenSecretManager();
|
||||
AMRMTokenSecretManager appTokenSecretManager =
|
||||
rm.getRMContext().getAMRMTokenSecretManager();
|
||||
SecretKey oldKey = appTokenSecretManager.getMasterKey();
|
||||
appTokenSecretManager.rollMasterKey();
|
||||
SecretKey newKey = appTokenSecretManager.getMasterKey();
|
||||
@ -67,13 +67,13 @@
|
||||
import org.apache.hadoop.yarn.factories.RecordFactory;
|
||||
import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider;
|
||||
import org.apache.hadoop.yarn.ipc.YarnRPC;
|
||||
import org.apache.hadoop.yarn.security.ApplicationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.security.ContainerTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.ResourceManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttempt;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttemptState;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager;
|
||||
import org.apache.hadoop.yarn.server.utils.BuilderUtils;
|
||||
import org.apache.hadoop.yarn.util.Records;
|
||||
@ -459,14 +459,14 @@ Collections.<String, LocalResource> emptyMap(),
|
||||
final InetSocketAddress schedulerAddr =
|
||||
resourceManager.getApplicationMasterService().getBindAddress();
|
||||
if (UserGroupInformation.isSecurityEnabled()) {
|
||||
ApplicationTokenIdentifier appTokenIdentifier = new ApplicationTokenIdentifier(
|
||||
AMRMTokenIdentifier appTokenIdentifier = new AMRMTokenIdentifier(
|
||||
appAttempt.getAppAttemptId());
|
||||
ApplicationTokenSecretManager appTokenSecretManager =
|
||||
new ApplicationTokenSecretManager(conf);
|
||||
AMRMTokenSecretManager appTokenSecretManager =
|
||||
new AMRMTokenSecretManager(conf);
|
||||
appTokenSecretManager.setMasterKey(resourceManager
|
||||
.getApplicationTokenSecretManager().getMasterKey());
|
||||
Token<ApplicationTokenIdentifier> appToken =
|
||||
new Token<ApplicationTokenIdentifier>(appTokenIdentifier,
|
||||
.getAMRMTokenSecretManager().getMasterKey());
|
||||
Token<AMRMTokenIdentifier> appToken =
|
||||
new Token<AMRMTokenIdentifier>(appTokenIdentifier,
|
||||
appTokenSecretManager);
|
||||
SecurityUtil.setTokenService(appToken, schedulerAddr);
|
||||
currentUser.addToken(appToken);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user