You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-commits@hadoop.apache.org by vi...@apache.org on 2013/06/14 02:06:43 UTC
svn commit: r1492907 [1/2] - in /hadoop/common/trunk/hadoop-yarn-project: ./
hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/
hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/
hadoop-yarn/hadoop-yarn-se...
Author: vinodkv
Date: Fri Jun 14 00:06:42 2013
New Revision: 1492907
URL: http://svn.apache.org/r1492907
Log:
YARN-692. Creating NMToken master key on RM and sharing it with NM as a part of RM-NM heartbeat. Contributed by Omkar Vinit Joshi.
Added:
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/NMTokenIdentifier.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/BaseNMTokenSecretManager.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/MasterKeyData.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMTokenSecretManagerInNM.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/NMTokenSecretManagerInRM.java
Modified:
hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/NodeHeartbeatRequest.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/NodeHeartbeatResponse.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/RegisterNodeManagerResponse.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/NodeHeartbeatRequestPBImpl.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/NodeHeartbeatResponsePBImpl.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/RegisterNodeManagerResponsePBImpl.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/BaseContainerTokenSecretManager.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/BuilderUtils.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/YarnServerBuilderUtils.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/proto/yarn_server_common_service_protos.proto
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/TestYarnServerApiClasses.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/api/protocolrecords/TestRegisterNodeManagerResponse.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/Context.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeStatusUpdaterImpl.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/LocalRMInterface.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/MockNodeStatusUpdater.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestEventFlow.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeStatusUpdater.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/webapp/TestNMWebServer.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/webapp/TestNMWebServices.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/webapp/TestNMWebServicesApps.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/webapp/TestNMWebServicesContainers.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMContext.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMContextImpl.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceTrackerService.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/RMContainerTokenSecretManager.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockNM.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockRM.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAMAuthorization.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAppManager.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestFifoScheduler.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRM.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMNodeTransitions.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMRestart.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestResourceManager.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestResourceTrackerService.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/resourcetracker/TestNMExpiry.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/resourcetracker/TestRMNMRPCResponseId.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/TestRMAppTransitions.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestCapacityScheduler.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestQueueParsing.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestUtils.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fifo/TestFifoScheduler.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebApp.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesNodes.java
hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/TestRMNMSecretKeys.java
Modified: hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt (original)
+++ hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt Fri Jun 14 00:06:42 2013
@@ -331,6 +331,9 @@ Release 2.1.0-beta - UNRELEASED
YARN-773. Moved YarnRuntimeException from package api.yarn to
api.yarn.exceptions. (Jian He via vinodkv)
+ YARN-692. Creating NMToken master key on RM and sharing it with NM as a part
+ of RM-NM heartbeat. (Omkar Vinit Joshi via vinodkv)
+
OPTIMIZATIONS
YARN-512. Log aggregation root directory check is more expensive than it
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java Fri Jun 14 00:06:42 2013
@@ -286,6 +286,11 @@ public class YarnConfiguration extends C
public static final long DEFAULT_RM_CONTAINER_TOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS =
24 * 60 * 60;
+ public static final String RM_NMTOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS =
+ RM_PREFIX + "nm-tokens.master-key-rolling-interval-secs";
+
+ public static final long DEFAULT_RM_NMTOKEN_MASTER_KEY_ROLLING_INTERVAL_SECS =
+ 24 * 60 * 60;
////////////////////////////////
// Node Manager Configs
////////////////////////////////
Added: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/NMTokenIdentifier.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/NMTokenIdentifier.java?rev=1492907&view=auto
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/NMTokenIdentifier.java (added)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/NMTokenIdentifier.java Fri Jun 14 00:06:42 2013
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.yarn.security;
+
+import java.io.DataInput;
+import java.io.DataOutput;
+import java.io.IOException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.token.TokenIdentifier;
+import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
+import org.apache.hadoop.yarn.api.records.ApplicationId;
+import org.apache.hadoop.yarn.api.records.NodeId;
+
+
+public class NMTokenIdentifier extends TokenIdentifier {
+
+ private static Log LOG = LogFactory.getLog(NMTokenIdentifier.class);
+
+ public static final Text KIND = new Text("NMToken");
+
+ private ApplicationAttemptId appAttemptId;
+ private NodeId nodeId;
+ private String appSubmitter;
+ private int masterKeyId;
+
+ public NMTokenIdentifier(ApplicationAttemptId appAttemptId, NodeId nodeId,
+ String applicationSubmitter, int masterKeyId) {
+ this.appAttemptId = appAttemptId;
+ this.nodeId = nodeId;
+ this.appSubmitter = applicationSubmitter;
+ this.masterKeyId = masterKeyId;
+ }
+
+ /**
+ * Default constructor needed by RPC/Secret manager
+ */
+ public NMTokenIdentifier() {
+ }
+
+ public ApplicationAttemptId getApplicationAttemptId() {
+ return appAttemptId;
+ }
+
+ public NodeId getNodeId() {
+ return nodeId;
+ }
+
+ public String getApplicationSubmitter() {
+ return appSubmitter;
+ }
+
+ public int getMastKeyId() {
+ return masterKeyId;
+ }
+
+ @Override
+ public void write(DataOutput out) throws IOException {
+ LOG.debug("Writing NMTokenIdentifier to RPC layer: " + this);
+ ApplicationId applicationId = appAttemptId.getApplicationId();
+ out.writeLong(applicationId.getClusterTimestamp());
+ out.writeInt(applicationId.getId());
+ out.writeInt(appAttemptId.getAttemptId());
+ out.writeUTF(this.nodeId.toString());
+ out.writeUTF(this.appSubmitter);
+ out.writeInt(this.masterKeyId);
+ }
+
+ @Override
+ public void readFields(DataInput in) throws IOException {
+ appAttemptId =
+ ApplicationAttemptId.newInstance(
+ ApplicationId.newInstance(in.readLong(), in.readInt()),
+ in.readInt());
+ String[] hostAddr = in.readUTF().split(":");
+ nodeId = NodeId.newInstance(hostAddr[0], Integer.parseInt(hostAddr[1]));
+ appSubmitter = in.readUTF();
+ masterKeyId = in.readInt();
+ }
+
+ @Override
+ public Text getKind() {
+ return KIND;
+ }
+
+ @Override
+ public UserGroupInformation getUser() {
+ return UserGroupInformation.createRemoteUser(appAttemptId.toString());
+ }
+
+}
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/NodeHeartbeatRequest.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/NodeHeartbeatRequest.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/NodeHeartbeatRequest.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/NodeHeartbeatRequest.java Fri Jun 14 00:06:42 2013
@@ -26,6 +26,9 @@ public interface NodeHeartbeatRequest {
NodeStatus getNodeStatus();
void setNodeStatus(NodeStatus status);
- MasterKey getLastKnownMasterKey();
- void setLastKnownMasterKey(MasterKey secretKey);
+ MasterKey getLastKnownContainerTokenMasterKey();
+ void setLastKnownContainerTokenMasterKey(MasterKey secretKey);
+
+ MasterKey getLastKnownNMTokenMasterKey();
+ void setLastKnownNMTokenMasterKey(MasterKey secretKey);
}
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/NodeHeartbeatResponse.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/NodeHeartbeatResponse.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/NodeHeartbeatResponse.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/NodeHeartbeatResponse.java Fri Jun 14 00:06:42 2013
@@ -36,8 +36,11 @@ public interface NodeHeartbeatResponse {
void setResponseId(int responseId);
void setNodeAction(NodeAction action);
- MasterKey getMasterKey();
- void setMasterKey(MasterKey secretKey);
+ MasterKey getContainerTokenMasterKey();
+ void setContainerTokenMasterKey(MasterKey secretKey);
+
+ MasterKey getNMTokenMasterKey();
+ void setNMTokenMasterKey(MasterKey secretKey);
void addAllContainersToCleanup(List<ContainerId> containers);
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/RegisterNodeManagerResponse.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/RegisterNodeManagerResponse.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/RegisterNodeManagerResponse.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/RegisterNodeManagerResponse.java Fri Jun 14 00:06:42 2013
@@ -22,9 +22,13 @@ import org.apache.hadoop.yarn.server.api
import org.apache.hadoop.yarn.server.api.records.NodeAction;
public interface RegisterNodeManagerResponse {
- MasterKey getMasterKey();
+ MasterKey getContainerTokenMasterKey();
- void setMasterKey(MasterKey secretKey);
+ void setContainerTokenMasterKey(MasterKey secretKey);
+
+ MasterKey getNMTokenMasterKey();
+
+ void setNMTokenMasterKey(MasterKey secretKey);
NodeAction getNodeAction();
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/NodeHeartbeatRequestPBImpl.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/NodeHeartbeatRequestPBImpl.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/NodeHeartbeatRequestPBImpl.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/NodeHeartbeatRequestPBImpl.java Fri Jun 14 00:06:42 2013
@@ -36,7 +36,8 @@ public class NodeHeartbeatRequestPBImpl
boolean viaProto = false;
private NodeStatus nodeStatus = null;
- private MasterKey lastKnownMasterKey = null;
+ private MasterKey lastKnownContainerTokenMasterKey = null;
+ private MasterKey lastKnownNMTokenMasterKey = null;
public NodeHeartbeatRequestPBImpl() {
builder = NodeHeartbeatRequestProto.newBuilder();
@@ -58,9 +59,13 @@ public class NodeHeartbeatRequestPBImpl
if (this.nodeStatus != null) {
builder.setNodeStatus(convertToProtoFormat(this.nodeStatus));
}
- if (this.lastKnownMasterKey != null) {
- builder
- .setLastKnownMasterKey(convertToProtoFormat(this.lastKnownMasterKey));
+ if (this.lastKnownContainerTokenMasterKey != null) {
+ builder.setLastKnownContainerTokenMasterKey(
+ convertToProtoFormat(this.lastKnownContainerTokenMasterKey));
+ }
+ if (this.lastKnownNMTokenMasterKey != null) {
+ builder.setLastKnownNmTokenMasterKey(
+ convertToProtoFormat(this.lastKnownNMTokenMasterKey));
}
}
@@ -102,24 +107,47 @@ public class NodeHeartbeatRequestPBImpl
}
@Override
- public MasterKey getLastKnownMasterKey() {
+ public MasterKey getLastKnownContainerTokenMasterKey() {
NodeHeartbeatRequestProtoOrBuilder p = viaProto ? proto : builder;
- if (this.lastKnownMasterKey != null) {
- return this.lastKnownMasterKey;
+ if (this.lastKnownContainerTokenMasterKey != null) {
+ return this.lastKnownContainerTokenMasterKey;
}
- if (!p.hasLastKnownMasterKey()) {
+ if (!p.hasLastKnownContainerTokenMasterKey()) {
return null;
}
- this.lastKnownMasterKey = convertFromProtoFormat(p.getLastKnownMasterKey());
- return this.lastKnownMasterKey;
+ this.lastKnownContainerTokenMasterKey =
+ convertFromProtoFormat(p.getLastKnownContainerTokenMasterKey());
+ return this.lastKnownContainerTokenMasterKey;
}
@Override
- public void setLastKnownMasterKey(MasterKey masterKey) {
+ public void setLastKnownContainerTokenMasterKey(MasterKey masterKey) {
maybeInitBuilder();
if (masterKey == null)
- builder.clearLastKnownMasterKey();
- this.lastKnownMasterKey = masterKey;
+ builder.clearLastKnownContainerTokenMasterKey();
+ this.lastKnownContainerTokenMasterKey = masterKey;
+ }
+
+ @Override
+ public MasterKey getLastKnownNMTokenMasterKey() {
+ NodeHeartbeatRequestProtoOrBuilder p = viaProto ? proto : builder;
+ if (this.lastKnownNMTokenMasterKey != null) {
+ return this.lastKnownNMTokenMasterKey;
+ }
+ if (!p.hasLastKnownNmTokenMasterKey()) {
+ return null;
+ }
+ this.lastKnownNMTokenMasterKey =
+ convertFromProtoFormat(p.getLastKnownNmTokenMasterKey());
+ return this.lastKnownNMTokenMasterKey;
+ }
+
+ @Override
+ public void setLastKnownNMTokenMasterKey(MasterKey masterKey) {
+ maybeInitBuilder();
+ if (masterKey == null)
+ builder.clearLastKnownNmTokenMasterKey();
+ this.lastKnownNMTokenMasterKey = masterKey;
}
private NodeStatusPBImpl convertFromProtoFormat(NodeStatusProto p) {
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/NodeHeartbeatResponsePBImpl.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/NodeHeartbeatResponsePBImpl.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/NodeHeartbeatResponsePBImpl.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/NodeHeartbeatResponsePBImpl.java Fri Jun 14 00:06:42 2013
@@ -47,7 +47,8 @@ public class NodeHeartbeatResponsePBImpl
private List<ContainerId> containersToCleanup = null;
private List<ApplicationId> applicationsToCleanup = null;
- private MasterKey masterKey = null;
+ private MasterKey containerTokenMasterKey = null;
+ private MasterKey nmTokenMasterKey = null;
public NodeHeartbeatResponsePBImpl() {
builder = NodeHeartbeatResponseProto.newBuilder();
@@ -72,8 +73,13 @@ public class NodeHeartbeatResponsePBImpl
if (this.applicationsToCleanup != null) {
addApplicationsToCleanupToProto();
}
- if (this.masterKey != null) {
- builder.setMasterKey(convertToProtoFormat(this.masterKey));
+ if (this.containerTokenMasterKey != null) {
+ builder.setContainerTokenMasterKey(
+ convertToProtoFormat(this.containerTokenMasterKey));
+ }
+ if (this.nmTokenMasterKey != null) {
+ builder.setNmTokenMasterKey(
+ convertToProtoFormat(this.nmTokenMasterKey));
}
}
@@ -106,24 +112,47 @@ public class NodeHeartbeatResponsePBImpl
}
@Override
- public MasterKey getMasterKey() {
+ public MasterKey getContainerTokenMasterKey() {
NodeHeartbeatResponseProtoOrBuilder p = viaProto ? proto : builder;
- if (this.masterKey != null) {
- return this.masterKey;
+ if (this.containerTokenMasterKey != null) {
+ return this.containerTokenMasterKey;
}
- if (!p.hasMasterKey()) {
+ if (!p.hasContainerTokenMasterKey()) {
return null;
}
- this.masterKey = convertFromProtoFormat(p.getMasterKey());
- return this.masterKey;
+ this.containerTokenMasterKey =
+ convertFromProtoFormat(p.getContainerTokenMasterKey());
+ return this.containerTokenMasterKey;
}
@Override
- public void setMasterKey(MasterKey masterKey) {
+ public void setContainerTokenMasterKey(MasterKey masterKey) {
maybeInitBuilder();
if (masterKey == null)
- builder.clearMasterKey();
- this.masterKey = masterKey;
+ builder.clearContainerTokenMasterKey();
+ this.containerTokenMasterKey = masterKey;
+ }
+
+ @Override
+ public MasterKey getNMTokenMasterKey() {
+ NodeHeartbeatResponseProtoOrBuilder p = viaProto ? proto : builder;
+ if (this.nmTokenMasterKey != null) {
+ return this.nmTokenMasterKey;
+ }
+ if (!p.hasNmTokenMasterKey()) {
+ return null;
+ }
+ this.nmTokenMasterKey =
+ convertFromProtoFormat(p.getNmTokenMasterKey());
+ return this.nmTokenMasterKey;
+ }
+
+ @Override
+ public void setNMTokenMasterKey(MasterKey masterKey) {
+ maybeInitBuilder();
+ if (masterKey == null)
+ builder.clearNmTokenMasterKey();
+ this.nmTokenMasterKey = masterKey;
}
@Override
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/RegisterNodeManagerResponsePBImpl.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/RegisterNodeManagerResponsePBImpl.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/RegisterNodeManagerResponsePBImpl.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/api/protocolrecords/impl/pb/RegisterNodeManagerResponsePBImpl.java Fri Jun 14 00:06:42 2013
@@ -36,7 +36,8 @@ public class RegisterNodeManagerResponse
RegisterNodeManagerResponseProto.Builder builder = null;
boolean viaProto = false;
- private MasterKey masterKey = null;
+ private MasterKey containerTokenMasterKey = null;
+ private MasterKey nmTokenMasterKey = null;
private boolean rebuild = false;
@@ -58,8 +59,13 @@ public class RegisterNodeManagerResponse
}
private void mergeLocalToBuilder() {
- if (this.masterKey != null) {
- builder.setMasterKey(convertToProtoFormat(this.masterKey));
+ if (this.containerTokenMasterKey != null) {
+ builder.setContainerTokenMasterKey(
+ convertToProtoFormat(this.containerTokenMasterKey));
+ }
+ if (this.nmTokenMasterKey != null) {
+ builder.setNmTokenMasterKey(
+ convertToProtoFormat(this.nmTokenMasterKey));
}
}
@@ -80,24 +86,48 @@ public class RegisterNodeManagerResponse
}
@Override
- public MasterKey getMasterKey() {
+ public MasterKey getContainerTokenMasterKey() {
RegisterNodeManagerResponseProtoOrBuilder p = viaProto ? proto : builder;
- if (this.masterKey != null) {
- return this.masterKey;
+ if (this.containerTokenMasterKey != null) {
+ return this.containerTokenMasterKey;
}
- if (!p.hasMasterKey()) {
+ if (!p.hasContainerTokenMasterKey()) {
return null;
}
- this.masterKey = convertFromProtoFormat(p.getMasterKey());
- return this.masterKey;
+ this.containerTokenMasterKey =
+ convertFromProtoFormat(p.getContainerTokenMasterKey());
+ return this.containerTokenMasterKey;
}
@Override
- public void setMasterKey(MasterKey masterKey) {
+ public void setContainerTokenMasterKey(MasterKey masterKey) {
maybeInitBuilder();
if (masterKey == null)
- builder.clearMasterKey();
- this.masterKey = masterKey;
+ builder.clearContainerTokenMasterKey();
+ this.containerTokenMasterKey = masterKey;
+ rebuild = true;
+ }
+
+ @Override
+ public MasterKey getNMTokenMasterKey() {
+ RegisterNodeManagerResponseProtoOrBuilder p = viaProto ? proto : builder;
+ if (this.nmTokenMasterKey != null) {
+ return this.nmTokenMasterKey;
+ }
+ if (!p.hasNmTokenMasterKey()) {
+ return null;
+ }
+ this.nmTokenMasterKey =
+ convertFromProtoFormat(p.getNmTokenMasterKey());
+ return this.nmTokenMasterKey;
+ }
+
+ @Override
+ public void setNMTokenMasterKey(MasterKey masterKey) {
+ maybeInitBuilder();
+ if (masterKey == null)
+ builder.clearNmTokenMasterKey();
+ this.nmTokenMasterKey = masterKey;
rebuild = true;
}
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/BaseContainerTokenSecretManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/BaseContainerTokenSecretManager.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/BaseContainerTokenSecretManager.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/BaseContainerTokenSecretManager.java Fri Jun 14 00:06:42 2013
@@ -60,37 +60,6 @@ public class BaseContainerTokenSecretMan
*/
protected MasterKeyData currentMasterKey;
- protected final class MasterKeyData {
-
- private final MasterKey masterKeyRecord;
- // Underlying secret-key also stored to avoid repetitive encoding and
- // decoding the masterKeyRecord bytes.
- private final SecretKey generatedSecretKey;
-
- private MasterKeyData() {
- this.masterKeyRecord = Records.newRecord(MasterKey.class);
- this.masterKeyRecord.setKeyId(serialNo++);
- this.generatedSecretKey = generateSecret();
- this.masterKeyRecord.setBytes(ByteBuffer.wrap(generatedSecretKey
- .getEncoded()));
- }
-
- public MasterKeyData(MasterKey masterKeyRecord) {
- this.masterKeyRecord = masterKeyRecord;
- this.generatedSecretKey =
- SecretManager.createSecretKey(this.masterKeyRecord.getBytes().array()
- .clone());
- }
-
- public MasterKey getMasterKey() {
- return this.masterKeyRecord;
- }
-
- private SecretKey getSecretKey() {
- return this.generatedSecretKey;
- }
- }
-
protected final long containerTokenExpiryInterval;
public BaseContainerTokenSecretManager(Configuration conf) {
@@ -103,7 +72,7 @@ public class BaseContainerTokenSecretMan
protected MasterKeyData createNewMasterKey() {
this.writeLock.lock();
try {
- return new MasterKeyData();
+ return new MasterKeyData(serialNo++, generateSecret());
} finally {
this.writeLock.unlock();
}
Added: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/BaseNMTokenSecretManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/BaseNMTokenSecretManager.java?rev=1492907&view=auto
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/BaseNMTokenSecretManager.java (added)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/BaseNMTokenSecretManager.java Fri Jun 14 00:06:42 2013
@@ -0,0 +1,152 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.yarn.server.security;
+
+import java.net.InetSocketAddress;
+import java.security.SecureRandom;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReadWriteLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.SecurityUtil;
+import org.apache.hadoop.security.token.SecretManager;
+import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
+import org.apache.hadoop.yarn.api.records.NodeId;
+import org.apache.hadoop.yarn.api.records.Token;
+import org.apache.hadoop.yarn.security.NMTokenIdentifier;
+import org.apache.hadoop.yarn.server.api.records.MasterKey;
+
+public class BaseNMTokenSecretManager extends
+ SecretManager<NMTokenIdentifier> {
+
+ private static Log LOG = LogFactory
+ .getLog(BaseNMTokenSecretManager.class);
+
+ private int serialNo = new SecureRandom().nextInt();
+
+ protected final ReadWriteLock readWriteLock = new ReentrantReadWriteLock();
+ protected final Lock readLock = readWriteLock.readLock();
+ protected final Lock writeLock = readWriteLock.writeLock();
+
+ protected MasterKeyData currentMasterKey;
+
+ protected MasterKeyData createNewMasterKey() {
+ this.writeLock.lock();
+ try {
+ return new MasterKeyData(serialNo++, generateSecret());
+ } finally {
+ this.writeLock.unlock();
+ }
+ }
+
+ @Private
+ public MasterKey getCurrentKey() {
+ this.readLock.lock();
+ try {
+ return this.currentMasterKey.getMasterKey();
+ } finally {
+ this.readLock.unlock();
+ }
+ }
+
+ @Override
+ protected byte[] createPassword(NMTokenIdentifier identifier) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("creating password for "
+ + identifier.getApplicationAttemptId() + " for user "
+ + identifier.getApplicationSubmitter() + " to run on NM "
+ + identifier.getNodeId());
+ }
+ readLock.lock();
+ try {
+ return createPassword(identifier.getBytes(),
+ currentMasterKey.getSecretKey());
+ } finally {
+ readLock.unlock();
+ }
+ }
+
+ @Override
+ public byte[] retrievePassword(NMTokenIdentifier identifier)
+ throws org.apache.hadoop.security.token.SecretManager.InvalidToken {
+ readLock.lock();
+ try {
+ return retrivePasswordInternal(identifier, currentMasterKey);
+ } finally {
+ readLock.unlock();
+ }
+ }
+
+ protected byte[] retrivePasswordInternal(NMTokenIdentifier identifier,
+ MasterKeyData masterKey) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("creating password for "
+ + identifier.getApplicationAttemptId() + " for user "
+ + identifier.getApplicationSubmitter() + " to run on NM "
+ + identifier.getNodeId());
+ }
+ return createPassword(identifier.getBytes(), masterKey.getSecretKey());
+ }
+ /**
+ * It is required for RPC
+ */
+ @Override
+ public NMTokenIdentifier createIdentifier() {
+ return new NMTokenIdentifier();
+ }
+
+ /**
+ * Helper function for creating NMTokens.
+ */
+ public Token createNMToken(ApplicationAttemptId applicationAttemptId,
+ NodeId nodeId, String applicationSubmitter) {
+ byte[] password;
+ NMTokenIdentifier identifier;
+
+ this.readLock.lock();
+ try {
+ identifier =
+ new NMTokenIdentifier(applicationAttemptId, nodeId,
+ applicationSubmitter, this.currentMasterKey.getMasterKey()
+ .getKeyId());
+ password = this.createPassword(identifier);
+ } finally {
+ this.readLock.unlock();
+ }
+ return newNMToken(password, identifier);
+ }
+
+ public static Token newNMToken(byte[] password,
+ NMTokenIdentifier identifier) {
+ NodeId nodeId = identifier.getNodeId();
+ // RPC layer client expects ip:port as service for tokens
+ InetSocketAddress addr =
+ NetUtils.createSocketAddrForHost(nodeId.getHost(), nodeId.getPort());
+ Token nmToken =
+ Token.newInstance(identifier.getBytes(),
+ NMTokenIdentifier.KIND.toString(), password, SecurityUtil
+ .buildTokenService(addr).toString());
+ return nmToken;
+
+ }
+}
Added: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/MasterKeyData.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/MasterKeyData.java?rev=1492907&view=auto
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/MasterKeyData.java (added)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/MasterKeyData.java Fri Jun 14 00:06:42 2013
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.yarn.server.security;
+
+import java.nio.ByteBuffer;
+
+import javax.crypto.SecretKey;
+
+import org.apache.hadoop.yarn.server.api.records.MasterKey;
+import org.apache.hadoop.yarn.util.Records;
+
+
+public class MasterKeyData {
+
+ private final MasterKey masterKeyRecord;
+ // Underlying secret-key also stored to avoid repetitive encoding and
+ // decoding the masterKeyRecord bytes.
+ private final SecretKey generatedSecretKey;
+
+ public MasterKeyData(int serialNo, SecretKey secretKey) {
+ this.masterKeyRecord = Records.newRecord(MasterKey.class);
+ this.masterKeyRecord.setKeyId(serialNo);
+ this.generatedSecretKey = secretKey;
+ this.masterKeyRecord.setBytes(ByteBuffer.wrap(generatedSecretKey
+ .getEncoded()));
+ }
+
+ public MasterKeyData(MasterKey masterKeyRecord, SecretKey secretKey) {
+ this.masterKeyRecord = masterKeyRecord;
+ this.generatedSecretKey = secretKey;
+
+ }
+
+ public MasterKey getMasterKey() {
+ return this.masterKeyRecord;
+ }
+
+ public SecretKey getSecretKey() {
+ return this.generatedSecretKey;
+ }
+}
+
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/BuilderUtils.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/BuilderUtils.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/BuilderUtils.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/BuilderUtils.java Fri Jun 14 00:06:42 2013
@@ -48,7 +48,6 @@ import org.apache.hadoop.yarn.api.record
import org.apache.hadoop.yarn.api.records.LocalResource;
import org.apache.hadoop.yarn.api.records.LocalResourceType;
import org.apache.hadoop.yarn.api.records.LocalResourceVisibility;
-import org.apache.hadoop.yarn.api.records.NodeHealthStatus;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.api.records.NodeReport;
import org.apache.hadoop.yarn.api.records.NodeState;
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/YarnServerBuilderUtils.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/YarnServerBuilderUtils.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/YarnServerBuilderUtils.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/YarnServerBuilderUtils.java Fri Jun 14 00:06:42 2013
@@ -42,12 +42,14 @@ public class YarnServerBuilderUtils {
public static NodeHeartbeatResponse newNodeHeartbeatResponse(int responseId,
NodeAction action, List<ContainerId> containersToCleanUp,
List<ApplicationId> applicationsToCleanUp,
- MasterKey masterKey, long nextHeartbeatInterval) {
+ MasterKey containerTokenMasterKey, MasterKey nmTokenMasterKey,
+ long nextHeartbeatInterval) {
NodeHeartbeatResponse response = recordFactory
.newRecordInstance(NodeHeartbeatResponse.class);
response.setResponseId(responseId);
response.setNodeAction(action);
- response.setMasterKey(masterKey);
+ response.setContainerTokenMasterKey(containerTokenMasterKey);
+ response.setNMTokenMasterKey(nmTokenMasterKey);
response.setNextHeartBeatInterval(nextHeartbeatInterval);
if(containersToCleanUp != null) {
response.addAllContainersToCleanup(containersToCleanUp);
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/proto/yarn_server_common_service_protos.proto
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/proto/yarn_server_common_service_protos.proto?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/proto/yarn_server_common_service_protos.proto (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/proto/yarn_server_common_service_protos.proto Fri Jun 14 00:06:42 2013
@@ -31,24 +31,27 @@ message RegisterNodeManagerRequestProto
}
message RegisterNodeManagerResponseProto {
- optional MasterKeyProto master_key = 1;
- optional NodeActionProto nodeAction = 2;
- optional int64 rm_identifier = 3;
- optional string diagnostics_message = 4;
+ optional MasterKeyProto container_token_master_key = 1;
+ optional MasterKeyProto nm_token_master_key = 2;
+ optional NodeActionProto nodeAction = 3;
+ optional int64 rm_identifier = 4;
+ optional string diagnostics_message = 5;
}
message NodeHeartbeatRequestProto {
optional NodeStatusProto node_status = 1;
- optional MasterKeyProto last_known_master_key = 2;
+ optional MasterKeyProto last_known_container_token_master_key = 2;
+ optional MasterKeyProto last_known_nm_token_master_key = 3;
}
message NodeHeartbeatResponseProto {
optional int32 response_id = 1;
- optional MasterKeyProto master_key = 2;
- optional NodeActionProto nodeAction = 3;
- repeated ContainerIdProto containers_to_cleanup = 4;
- repeated ApplicationIdProto applications_to_cleanup = 5;
- optional int64 nextHeartBeatInterval = 6;
- optional string diagnostics_message = 7;
+ optional MasterKeyProto container_token_master_key = 2;
+ optional MasterKeyProto nm_token_master_key = 3;
+ optional NodeActionProto nodeAction = 4;
+ repeated ContainerIdProto containers_to_cleanup = 5;
+ repeated ApplicationIdProto applications_to_cleanup = 6;
+ optional int64 nextHeartBeatInterval = 7;
+ optional string diagnostics_message = 8;
}
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/TestYarnServerApiClasses.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/TestYarnServerApiClasses.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/TestYarnServerApiClasses.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/TestYarnServerApiClasses.java Fri Jun 14 00:06:42 2013
@@ -63,14 +63,16 @@ public class TestYarnServerApiClasses {
public void testRegisterNodeManagerResponsePBImpl() {
RegisterNodeManagerResponsePBImpl original =
new RegisterNodeManagerResponsePBImpl();
- original.setMasterKey(getMasterKey());
+ original.setContainerTokenMasterKey(getMasterKey());
+ original.setNMTokenMasterKey(getMasterKey());
original.setNodeAction(NodeAction.NORMAL);
original.setDiagnosticsMessage("testDiagnosticMessage");
RegisterNodeManagerResponsePBImpl copy =
new RegisterNodeManagerResponsePBImpl(
original.getProto());
- assertEquals(1, copy.getMasterKey().getKeyId());
+ assertEquals(1, copy.getContainerTokenMasterKey().getKeyId());
+ assertEquals(1, copy.getNMTokenMasterKey().getKeyId());
assertEquals(NodeAction.NORMAL, copy.getNodeAction());
assertEquals("testDiagnosticMessage", copy.getDiagnosticsMessage());
@@ -82,11 +84,13 @@ public class TestYarnServerApiClasses {
@Test
public void testNodeHeartbeatRequestPBImpl() {
NodeHeartbeatRequestPBImpl original = new NodeHeartbeatRequestPBImpl();
- original.setLastKnownMasterKey(getMasterKey());
+ original.setLastKnownContainerTokenMasterKey(getMasterKey());
+ original.setLastKnownNMTokenMasterKey(getMasterKey());
original.setNodeStatus(getNodeStatus());
NodeHeartbeatRequestPBImpl copy = new NodeHeartbeatRequestPBImpl(
original.getProto());
- assertEquals(1, copy.getLastKnownMasterKey().getKeyId());
+ assertEquals(1, copy.getLastKnownContainerTokenMasterKey().getKeyId());
+ assertEquals(1, copy.getLastKnownNMTokenMasterKey().getKeyId());
assertEquals("localhost", copy.getNodeStatus().getNodeId().getHost());
}
@@ -99,7 +103,8 @@ public class TestYarnServerApiClasses {
NodeHeartbeatResponsePBImpl original = new NodeHeartbeatResponsePBImpl();
original.setDiagnosticsMessage("testDiagnosticMessage");
- original.setMasterKey(getMasterKey());
+ original.setContainerTokenMasterKey(getMasterKey());
+ original.setNMTokenMasterKey(getMasterKey());
original.setNextHeartBeatInterval(1000);
original.setNodeAction(NodeAction.NORMAL);
original.setResponseId(100);
@@ -109,7 +114,8 @@ public class TestYarnServerApiClasses {
assertEquals(100, copy.getResponseId());
assertEquals(NodeAction.NORMAL, copy.getNodeAction());
assertEquals(1000, copy.getNextHeartBeatInterval());
- assertEquals(1, copy.getMasterKey().getKeyId());
+ assertEquals(1, copy.getContainerTokenMasterKey().getKeyId());
+ assertEquals(1, copy.getNMTokenMasterKey().getKeyId());
assertEquals("testDiagnosticMessage", copy.getDiagnosticsMessage());
}
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/api/protocolrecords/TestRegisterNodeManagerResponse.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/api/protocolrecords/TestRegisterNodeManagerResponse.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/api/protocolrecords/TestRegisterNodeManagerResponse.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/api/protocolrecords/TestRegisterNodeManagerResponse.java Fri Jun 14 00:06:42 2013
@@ -41,24 +41,50 @@ public class TestRegisterNodeManagerResp
public void testRoundTrip() throws Exception {
RegisterNodeManagerResponse resp = recordFactory
.newRecordInstance(RegisterNodeManagerResponse.class);
- MasterKey mk = recordFactory.newRecordInstance(MasterKey.class);
- mk.setKeyId(54321);
+
byte b [] = {0,1,2,3,4,5};
- mk.setBytes(ByteBuffer.wrap(b));
- resp.setMasterKey(mk);
- resp.setNodeAction(NodeAction.NORMAL);
+ MasterKey containerTokenMK =
+ recordFactory.newRecordInstance(MasterKey.class);
+ containerTokenMK.setKeyId(54321);
+ containerTokenMK.setBytes(ByteBuffer.wrap(b));
+ resp.setContainerTokenMasterKey(containerTokenMK);
+
+ MasterKey nmTokenMK =
+ recordFactory.newRecordInstance(MasterKey.class);
+ nmTokenMK.setKeyId(12345);
+ nmTokenMK.setBytes(ByteBuffer.wrap(b));
+ resp.setNMTokenMasterKey(nmTokenMK);
+
+ resp.setNodeAction(NodeAction.NORMAL);
+
assertEquals(NodeAction.NORMAL, resp.getNodeAction());
- assertNotNull(resp.getMasterKey());
- assertEquals(54321, resp.getMasterKey().getKeyId());
- assertArrayEquals(b, resp.getMasterKey().getBytes().array());
+
+ // Verifying containerTokenMasterKey
+ assertNotNull(resp.getContainerTokenMasterKey());
+ assertEquals(54321, resp.getContainerTokenMasterKey().getKeyId());
+ assertArrayEquals(b, resp.getContainerTokenMasterKey().getBytes().array());
RegisterNodeManagerResponse respCopy = serDe(resp);
assertEquals(NodeAction.NORMAL, respCopy.getNodeAction());
- assertNotNull(respCopy.getMasterKey());
- assertEquals(54321, respCopy.getMasterKey().getKeyId());
- assertArrayEquals(b, respCopy.getMasterKey().getBytes().array());
+ assertNotNull(respCopy.getContainerTokenMasterKey());
+ assertEquals(54321, respCopy.getContainerTokenMasterKey().getKeyId());
+ assertArrayEquals(b, respCopy.getContainerTokenMasterKey().getBytes()
+ .array());
+
+ // Verifying nmTokenMasterKey
+ assertNotNull(resp.getNMTokenMasterKey());
+ assertEquals(12345, resp.getNMTokenMasterKey().getKeyId());
+ assertArrayEquals(b, resp.getNMTokenMasterKey().getBytes().array());
+
+ respCopy = serDe(resp);
+
+ assertEquals(NodeAction.NORMAL, respCopy.getNodeAction());
+ assertNotNull(respCopy.getNMTokenMasterKey());
+ assertEquals(12345, respCopy.getNMTokenMasterKey().getKeyId());
+ assertArrayEquals(b, respCopy.getNMTokenMasterKey().getBytes().array());
+
}
public static RegisterNodeManagerResponse serDe(RegisterNodeManagerResponse orig) throws Exception {
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/Context.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/Context.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/Context.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/Context.java Fri Jun 14 00:06:42 2013
@@ -28,6 +28,7 @@ import org.apache.hadoop.yarn.api.record
import org.apache.hadoop.yarn.server.nodemanager.containermanager.application.Application;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container;
import org.apache.hadoop.yarn.server.nodemanager.security.NMContainerTokenSecretManager;
+import org.apache.hadoop.yarn.server.nodemanager.security.NMTokenSecretManagerInNM;
/**
* Context interface for sharing information across components in the
@@ -54,6 +55,8 @@ public interface Context {
ConcurrentMap<ContainerId, Container> getContainers();
NMContainerTokenSecretManager getContainerTokenSecretManager();
+
+ NMTokenSecretManagerInNM getNMTokenSecretManager();
NodeHealthStatus getNodeHealthStatus();
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java Fri Jun 14 00:06:42 2013
@@ -52,6 +52,7 @@ import org.apache.hadoop.yarn.server.nod
import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container;
import org.apache.hadoop.yarn.server.nodemanager.metrics.NodeManagerMetrics;
import org.apache.hadoop.yarn.server.nodemanager.security.NMContainerTokenSecretManager;
+import org.apache.hadoop.yarn.server.nodemanager.security.NMTokenSecretManagerInNM;
import org.apache.hadoop.yarn.server.nodemanager.webapp.WebServer;
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
import org.apache.hadoop.yarn.service.CompositeService;
@@ -118,8 +119,10 @@ public class NodeManager extends Composi
return new DeletionService(exec);
}
- protected NMContext createNMContext(NMContainerTokenSecretManager containerTokenSecretManager) {
- return new NMContext(containerTokenSecretManager);
+ protected NMContext createNMContext(
+ NMContainerTokenSecretManager containerTokenSecretManager,
+ NMTokenSecretManagerInNM nmTokenSecretManager) {
+ return new NMContext(containerTokenSecretManager, nmTokenSecretManager);
}
protected void doSecureLogin() throws IOException {
@@ -135,7 +138,11 @@ public class NodeManager extends Composi
NMContainerTokenSecretManager containerTokenSecretManager =
new NMContainerTokenSecretManager(conf);
- this.context = createNMContext(containerTokenSecretManager);
+ NMTokenSecretManagerInNM nmTokenSecretManager =
+ new NMTokenSecretManagerInNM();
+
+ this.context =
+ createNMContext(containerTokenSecretManager, nmTokenSecretManager);
this.aclsManager = new ApplicationACLsManager(conf);
@@ -299,13 +306,16 @@ public class NodeManager extends Composi
new ConcurrentSkipListMap<ContainerId, Container>();
private final NMContainerTokenSecretManager containerTokenSecretManager;
+ private final NMTokenSecretManagerInNM nmTokenSecretManager;
private ContainerManager containerManager;
private WebServer webServer;
private final NodeHealthStatus nodeHealthStatus = RecordFactoryProvider
.getRecordFactory(null).newRecordInstance(NodeHealthStatus.class);
- public NMContext(NMContainerTokenSecretManager containerTokenSecretManager) {
+ public NMContext(NMContainerTokenSecretManager containerTokenSecretManager,
+ NMTokenSecretManagerInNM nmTokenSecretManager) {
this.containerTokenSecretManager = containerTokenSecretManager;
+ this.nmTokenSecretManager = nmTokenSecretManager;
this.nodeHealthStatus.setIsNodeHealthy(true);
this.nodeHealthStatus.setHealthReport("Healthy");
this.nodeHealthStatus.setLastHealthReportTime(System.currentTimeMillis());
@@ -338,6 +348,12 @@ public class NodeManager extends Composi
public NMContainerTokenSecretManager getContainerTokenSecretManager() {
return this.containerTokenSecretManager;
}
+
+ @Override
+ public NMTokenSecretManagerInNM getNMTokenSecretManager() {
+ return this.nmTokenSecretManager;
+ }
+
@Override
public NodeHealthStatus getNodeHealthStatus() {
return this.nodeHealthStatus;
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeStatusUpdaterImpl.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeStatusUpdaterImpl.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeStatusUpdaterImpl.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeStatusUpdaterImpl.java Fri Jun 14 00:06:42 2013
@@ -297,7 +297,7 @@ public class NodeStatusUpdaterImpl exten
+ message);
}
- MasterKey masterKey = regNMResponse.getMasterKey();
+ MasterKey masterKey = regNMResponse.getContainerTokenMasterKey();
// do this now so that its set before we start heartbeating to RM
// It is expected that status updater is started by this point and
// RM gives the shared secret in registration during
@@ -305,6 +305,11 @@ public class NodeStatusUpdaterImpl exten
if (masterKey != null) {
this.context.getContainerTokenSecretManager().setMasterKey(masterKey);
}
+
+ masterKey = regNMResponse.getNMTokenMasterKey();
+ if (masterKey != null) {
+ this.context.getNMTokenSecretManager().setMasterKey(masterKey);
+ }
LOG.info("Registered with ResourceManager as " + this.nodeId
+ " with total resource of " + this.totalResource);
@@ -434,8 +439,12 @@ public class NodeStatusUpdaterImpl exten
NodeHeartbeatRequest request = recordFactory
.newRecordInstance(NodeHeartbeatRequest.class);
request.setNodeStatus(nodeStatus);
- request.setLastKnownMasterKey(NodeStatusUpdaterImpl.this.context
- .getContainerTokenSecretManager().getCurrentKey());
+ request
+ .setLastKnownContainerTokenMasterKey(NodeStatusUpdaterImpl.this.context
+ .getContainerTokenSecretManager().getCurrentKey());
+ request
+ .setLastKnownNMTokenMasterKey(NodeStatusUpdaterImpl.this.context
+ .getNMTokenSecretManager().getCurrentKey());
while (!isStopped) {
try {
rmRetryCount++;
@@ -463,13 +472,7 @@ public class NodeStatusUpdaterImpl exten
}
//get next heartbeat interval from response
nextHeartBeatInterval = response.getNextHeartBeatInterval();
- // See if the master-key has rolled over
- MasterKey updatedMasterKey = response.getMasterKey();
- if (updatedMasterKey != null) {
- // Will be non-null only on roll-over on RM side
- context.getContainerTokenSecretManager().setMasterKey(
- updatedMasterKey);
- }
+ updateMasterKeys(response);
if (response.getNodeAction() == NodeAction.SHUTDOWN) {
LOG
@@ -533,6 +536,20 @@ public class NodeStatusUpdaterImpl exten
}
}
}
+
+ private void updateMasterKeys(NodeHeartbeatResponse response) {
+ // See if the master-key has rolled over
+ MasterKey updatedMasterKey = response.getContainerTokenMasterKey();
+ if (updatedMasterKey != null) {
+ // Will be non-null only on roll-over on RM side
+ context.getContainerTokenSecretManager().setMasterKey(updatedMasterKey);
+ }
+
+ updatedMasterKey = response.getNMTokenMasterKey();
+ if (updatedMasterKey != null) {
+ context.getNMTokenSecretManager().setMasterKey(updatedMasterKey);
+ }
+ }
};
statusUpdater =
new Thread(statusUpdaterRunnable, "Node Status Updater");
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.java Fri Jun 14 00:06:42 2013
@@ -33,6 +33,7 @@ import org.apache.hadoop.yarn.api.record
import org.apache.hadoop.yarn.security.ContainerTokenIdentifier;
import org.apache.hadoop.yarn.server.api.records.MasterKey;
import org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager;
+import org.apache.hadoop.yarn.server.security.MasterKeyData;
import com.google.common.annotations.VisibleForTesting;
@@ -69,13 +70,17 @@ public class NMContainerTokenSecretManag
LOG.info("Rolling master-key for container-tokens, got key with id "
+ masterKeyRecord.getKeyId());
if (super.currentMasterKey == null) {
- super.currentMasterKey = new MasterKeyData(masterKeyRecord);
+ super.currentMasterKey =
+ new MasterKeyData(masterKeyRecord, createSecretKey(masterKeyRecord
+ .getBytes().array()));
} else {
if (super.currentMasterKey.getMasterKey().getKeyId() != masterKeyRecord
.getKeyId()) {
// Update keys only if the key has changed.
this.previousMasterKey = super.currentMasterKey;
- super.currentMasterKey = new MasterKeyData(masterKeyRecord);
+ super.currentMasterKey =
+ new MasterKeyData(masterKeyRecord, createSecretKey(masterKeyRecord
+ .getBytes().array()));
}
}
}
Added: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMTokenSecretManagerInNM.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMTokenSecretManagerInNM.java?rev=1492907&view=auto
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMTokenSecretManagerInNM.java (added)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMTokenSecretManagerInNM.java Fri Jun 14 00:06:42 2013
@@ -0,0 +1,114 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.yarn.server.nodemanager.security;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
+import org.apache.hadoop.yarn.security.NMTokenIdentifier;
+import org.apache.hadoop.yarn.server.api.records.MasterKey;
+import org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager;
+import org.apache.hadoop.yarn.server.security.MasterKeyData;
+
+public class NMTokenSecretManagerInNM extends BaseNMTokenSecretManager {
+
+ private static final Log LOG = LogFactory
+ .getLog(NMTokenSecretManagerInNM.class);
+
+ private MasterKeyData previousMasterKey;
+
+ private final Map<ApplicationAttemptId, MasterKeyData> oldMasterKeys;
+
+ public NMTokenSecretManagerInNM() {
+ this.oldMasterKeys =
+ new HashMap<ApplicationAttemptId, MasterKeyData>();
+ }
+
+ /**
+ * Used by NodeManagers to create a token-secret-manager with the key
+ * obtained from the RM. This can happen during registration or when the RM
+ * rolls the master-key and signal the NM.
+ */
+ @Private
+ public synchronized void setMasterKey(MasterKey masterKey) {
+ LOG.info("Rolling master-key for nm-tokens, got key with id :"
+ + masterKey.getKeyId());
+ if (super.currentMasterKey == null) {
+ super.currentMasterKey =
+ new MasterKeyData(masterKey, createSecretKey(masterKey.getBytes()
+ .array()));
+ } else {
+ if (super.currentMasterKey.getMasterKey().getKeyId() != masterKey
+ .getKeyId()) {
+ this.previousMasterKey = super.currentMasterKey;
+ super.currentMasterKey =
+ new MasterKeyData(masterKey, createSecretKey(masterKey.getBytes()
+ .array()));
+ }
+ }
+ }
+
+ /**
+ * This method will be used to verify NMTokens generated by different
+ * master keys.
+ */
+ @Override
+ public synchronized byte[] retrievePassword(
+ NMTokenIdentifier identifier) throws InvalidToken {
+ int keyId = identifier.getMastKeyId();
+ ApplicationAttemptId appAttemptId = identifier.getApplicationAttemptId();
+
+ /*
+ * MasterKey used for retrieving password will be as follows.
+ * 1) By default older saved master key will be used.
+ * 2) If identifier's master key id matches that of previous master key
+ * id then previous key will be used.
+ * 3) If identifier's master key id matches that of current master key
+ * id then current key will be used.
+ */
+ MasterKeyData oldMasterKey = oldMasterKeys.get(appAttemptId);
+ MasterKeyData masterKeyToUse = oldMasterKey;
+ if (previousMasterKey != null
+ && keyId == previousMasterKey.getMasterKey().getKeyId()) {
+ masterKeyToUse = previousMasterKey;
+ } else if ( keyId == currentMasterKey.getMasterKey().getKeyId()) {
+ masterKeyToUse = currentMasterKey;
+ }
+
+ if (masterKeyToUse != null) {
+ byte[] password = retrivePasswordInternal(identifier, masterKeyToUse);
+ if (masterKeyToUse.getMasterKey().getKeyId() != oldMasterKey
+ .getMasterKey().getKeyId()) {
+ oldMasterKeys.put(appAttemptId, masterKeyToUse);
+ }
+ return password;
+ }
+
+ throw new InvalidToken("Given NMToken for application : "
+ + appAttemptId.toString() + " seems to have been generated illegally.");
+ }
+
+ public synchronized void appFinished(ApplicationAttemptId appAttemptId) {
+ this.oldMasterKeys.remove(appAttemptId);
+ }
+}
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/LocalRMInterface.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/LocalRMInterface.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/LocalRMInterface.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/LocalRMInterface.java Fri Jun 14 00:06:42 2013
@@ -46,7 +46,8 @@ public class LocalRMInterface implements
masterKey.setKeyId(123);
masterKey.setBytes(ByteBuffer.wrap(new byte[] { new Integer(123)
.byteValue() }));
- response.setMasterKey(masterKey);
+ response.setContainerTokenMasterKey(masterKey);
+ response.setNMTokenMasterKey(masterKey);
return response;
}
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/MockNodeStatusUpdater.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/MockNodeStatusUpdater.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/MockNodeStatusUpdater.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/MockNodeStatusUpdater.java Fri Jun 14 00:06:42 2013
@@ -75,7 +75,8 @@ public class MockNodeStatusUpdater exten
masterKey.setKeyId(123);
masterKey.setBytes(ByteBuffer.wrap(new byte[] { new Integer(123)
.byteValue() }));
- response.setMasterKey(masterKey);
+ response.setContainerTokenMasterKey(masterKey);
+ response.setNMTokenMasterKey(masterKey);
return response;
}
@@ -88,7 +89,7 @@ public class MockNodeStatusUpdater exten
NodeHeartbeatResponse nhResponse = YarnServerBuilderUtils
.newNodeHeartbeatResponse(heartBeatID, null, null,
- null, null, 1000L);
+ null, null, null, 1000L);
return nhResponse;
}
}
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestEventFlow.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestEventFlow.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestEventFlow.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestEventFlow.java Fri Jun 14 00:06:42 2013
@@ -43,6 +43,7 @@ import org.apache.hadoop.yarn.server.nod
import org.apache.hadoop.yarn.server.nodemanager.containermanager.BaseContainerManagerTest;
import org.apache.hadoop.yarn.server.nodemanager.metrics.NodeManagerMetrics;
import org.apache.hadoop.yarn.server.nodemanager.security.NMContainerTokenSecretManager;
+import org.apache.hadoop.yarn.server.nodemanager.security.NMTokenSecretManagerInNM;
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
import org.apache.hadoop.yarn.server.utils.BuilderUtils;
import org.junit.Test;
@@ -76,7 +77,8 @@ public class TestEventFlow {
YarnConfiguration conf = new YarnConfiguration();
- Context context = new NMContext(new NMContainerTokenSecretManager(conf)) {
+ Context context = new NMContext(new NMContainerTokenSecretManager(conf),
+ new NMTokenSecretManagerInNM()) {
@Override
public int getHttpPort() {
return 1234;
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeStatusUpdater.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeStatusUpdater.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeStatusUpdater.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeStatusUpdater.java Fri Jun 14 00:06:42 2013
@@ -76,6 +76,7 @@ import org.apache.hadoop.yarn.server.nod
import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.ContainerImpl;
import org.apache.hadoop.yarn.server.nodemanager.metrics.NodeManagerMetrics;
import org.apache.hadoop.yarn.server.nodemanager.security.NMContainerTokenSecretManager;
+import org.apache.hadoop.yarn.server.nodemanager.security.NMTokenSecretManagerInNM;
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
import org.apache.hadoop.yarn.server.utils.BuilderUtils;
import org.apache.hadoop.yarn.server.utils.YarnServerBuilderUtils;
@@ -147,7 +148,8 @@ public class TestNodeStatusUpdater {
RegisterNodeManagerResponse response = recordFactory
.newRecordInstance(RegisterNodeManagerResponse.class);
- response.setMasterKey(createMasterKey());
+ response.setContainerTokenMasterKey(createMasterKey());
+ response.setNMTokenMasterKey(createMasterKey());
return response;
}
@@ -251,7 +253,8 @@ public class TestNodeStatusUpdater {
}
NodeHeartbeatResponse nhResponse = YarnServerBuilderUtils.
- newNodeHeartbeatResponse(heartBeatID, null, null, null, null, 1000L);
+ newNodeHeartbeatResponse(heartBeatID, null, null, null, null, null,
+ 1000L);
return nhResponse;
}
}
@@ -447,7 +450,8 @@ public class TestNodeStatusUpdater {
RegisterNodeManagerResponse response = recordFactory
.newRecordInstance(RegisterNodeManagerResponse.class);
response.setNodeAction(registerNodeAction );
- response.setMasterKey(createMasterKey());
+ response.setContainerTokenMasterKey(createMasterKey());
+ response.setNMTokenMasterKey(createMasterKey());
response.setDiagnosticsMessage(shutDownMessage);
return response;
}
@@ -459,7 +463,7 @@ public class TestNodeStatusUpdater {
NodeHeartbeatResponse nhResponse = YarnServerBuilderUtils.
newNodeHeartbeatResponse(heartBeatID, heartBeatNodeAction, null,
- null, null, 1000L);
+ null, null, null, 1000L);
nhResponse.setDiagnosticsMessage(shutDownMessage);
return nhResponse;
}
@@ -485,7 +489,8 @@ public class TestNodeStatusUpdater {
RegisterNodeManagerResponse response =
recordFactory.newRecordInstance(RegisterNodeManagerResponse.class);
response.setNodeAction(registerNodeAction);
- response.setMasterKey(createMasterKey());
+ response.setContainerTokenMasterKey(createMasterKey());
+ response.setNMTokenMasterKey(createMasterKey());
return response;
}
@@ -497,7 +502,7 @@ public class TestNodeStatusUpdater {
nodeStatus.setResponseId(heartBeatID++);
NodeHeartbeatResponse nhResponse = YarnServerBuilderUtils.
newNodeHeartbeatResponse(heartBeatID, heartBeatNodeAction, null,
- null, null, 1000L);
+ null, null, null, 1000L);
if (nodeStatus.getKeepAliveApplications() != null
&& nodeStatus.getKeepAliveApplications().size() > 0) {
@@ -536,7 +541,8 @@ public class TestNodeStatusUpdater {
RegisterNodeManagerResponse response = recordFactory
.newRecordInstance(RegisterNodeManagerResponse.class);
response.setNodeAction(registerNodeAction);
- response.setMasterKey(createMasterKey());
+ response.setContainerTokenMasterKey(createMasterKey());
+ response.setNMTokenMasterKey(createMasterKey());
return response;
}
@@ -616,7 +622,7 @@ public class TestNodeStatusUpdater {
YarnServerBuilderUtils.newNodeHeartbeatResponse(heartBeatID,
heartBeatNodeAction,
null, null, null,
- 1000L);
+ null, 1000L);
return nhResponse;
}
}
@@ -631,8 +637,8 @@ public class TestNodeStatusUpdater {
RegisterNodeManagerResponse response = recordFactory
.newRecordInstance(RegisterNodeManagerResponse.class);
response.setNodeAction(registerNodeAction );
- response.setMasterKey(createMasterKey());
-
+ response.setContainerTokenMasterKey(createMasterKey());
+ response.setNMTokenMasterKey(createMasterKey());
return response;
}
@@ -1004,10 +1010,11 @@ public class TestNodeStatusUpdater {
@Override
protected NMContext createNMContext(
- NMContainerTokenSecretManager containerTokenSecretManager) {
- return new MyNMContext(containerTokenSecretManager);
+ NMContainerTokenSecretManager containerTokenSecretManager,
+ NMTokenSecretManagerInNM nmTokenSecretManager) {
+ return new MyNMContext(containerTokenSecretManager,
+ nmTokenSecretManager);
}
-
};
YarnConfiguration conf = createNMConfig();
@@ -1052,9 +1059,10 @@ public class TestNodeStatusUpdater {
ConcurrentMap<ContainerId, Container> containers =
new ConcurrentSkipListMap<ContainerId, Container>();
- public MyNMContext(NMContainerTokenSecretManager
- containerTokenSecretManager) {
- super(containerTokenSecretManager);
+ public MyNMContext(
+ NMContainerTokenSecretManager containerTokenSecretManager,
+ NMTokenSecretManagerInNM nmTokenSecretManager) {
+ super(containerTokenSecretManager, nmTokenSecretManager);
}
@Override
Modified: hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java?rev=1492907&r1=1492906&r2=1492907&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java (original)
+++ hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java Fri Jun 14 00:06:42 2013
@@ -59,6 +59,7 @@ import org.apache.hadoop.yarn.server.nod
import org.apache.hadoop.yarn.server.nodemanager.containermanager.application.ApplicationState;
import org.apache.hadoop.yarn.server.nodemanager.metrics.NodeManagerMetrics;
import org.apache.hadoop.yarn.server.nodemanager.security.NMContainerTokenSecretManager;
+import org.apache.hadoop.yarn.server.nodemanager.security.NMTokenSecretManagerInNM;
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
import org.apache.hadoop.yarn.service.Service.STATE;
import org.junit.After;
@@ -97,7 +98,7 @@ public abstract class BaseContainerManag
protected static final int HTTP_PORT = 5412;
protected Configuration conf = new YarnConfiguration();
protected Context context = new NMContext(new NMContainerTokenSecretManager(
- conf)) {
+ conf), new NMTokenSecretManagerInNM()) {
public int getHttpPort() {
return HTTP_PORT;
};