You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@slider.apache.org by go...@apache.org on 2016/03/16 21:58:24 UTC
[33/50] incubator-slider git commit: SLIDER-1077 tail end: filter out
timeline token from renewer list;
move getTokenExpirtyTime into credential utils & include better error message
SLIDER-1077 tail end: filter out timeline token from renewer list; move getTokenExpirtyTime into credential utils & include better error message
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/c9fc7f64
Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/c9fc7f64
Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/c9fc7f64
Branch: refs/heads/feature/SLIDER-906_docker_support
Commit: c9fc7f646ce15ddaf1306be1245d08197d95ff22
Parents: 9be27e6
Author: Steve Loughran <st...@apache.org>
Authored: Thu Feb 4 19:49:09 2016 +0000
Committer: Steve Loughran <st...@apache.org>
Committed: Thu Feb 4 19:49:09 2016 +0000
----------------------------------------------------------------------
.../slider/core/launch/CredentialUtils.java | 16 ++++++++++++++++
.../slider/server/appmaster/SliderAppMaster.java | 9 +++------
.../server/appmaster/actions/QueueExecutor.java | 2 +-
.../security/FsDelegationTokenManager.java | 18 ++++++------------
4 files changed, 26 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/c9fc7f64/slider-core/src/main/java/org/apache/slider/core/launch/CredentialUtils.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/core/launch/CredentialUtils.java b/slider-core/src/main/java/org/apache/slider/core/launch/CredentialUtils.java
index 012a737..255890b 100644
--- a/slider-core/src/main/java/org/apache/slider/core/launch/CredentialUtils.java
+++ b/slider-core/src/main/java/org/apache/slider/core/launch/CredentialUtils.java
@@ -349,6 +349,22 @@ public final class CredentialUtils {
return buffer.toString();
}
+ /**
+ * Get the expiry time of a token.
+ * @param token token to examine
+ * @return the time in milliseconds after which the token is invalid.
+ * @throws IOException
+ */
+ public static long getTokenExpiryTime(Token token) throws IOException {
+ TokenIdentifier identifier = token.decodeIdentifier();
+ Preconditions.checkState(identifier instanceof AbstractDelegationTokenIdentifier,
+ "Token %s of type: %s has an identifier which cannot be examined: %s",
+ token, token.getClass(), identifier);
+ AbstractDelegationTokenIdentifier id =
+ (AbstractDelegationTokenIdentifier) identifier;
+ return id.getMaxDate();
+ }
+
private static class TokenComparator
implements Comparator<Token<? extends TokenIdentifier>>, Serializable {
@Override
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/c9fc7f64/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
index 24c32bb..3f609b1 100644
--- a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
+++ b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
@@ -80,6 +80,7 @@ import org.apache.hadoop.registry.client.types.yarn.YarnRegistryAttributes;
import org.apache.hadoop.registry.server.integration.RMRegistryOperationsService;
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
import org.apache.hadoop.yarn.security.client.ClientToAMTokenSecretManager;
+import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier;
import org.apache.hadoop.yarn.util.ConverterUtils;
import org.apache.hadoop.yarn.webapp.WebAppException;
import org.apache.hadoop.yarn.webapp.WebApps;
@@ -294,11 +295,6 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
private ApplicationAttemptId appAttemptID;
/**
- * Security info client to AM key returned after registration
- */
- private ByteBuffer clientToAMKey;
-
- /**
* App ACLs
*/
protected Map<ApplicationAccessType, String> applicationACLs;
@@ -1133,8 +1129,9 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
private void processAMCredentials(SecurityConfiguration securityConfig)
throws IOException {
- List<Text> filteredTokens = new ArrayList<>(2);
+ List<Text> filteredTokens = new ArrayList<>(3);
filteredTokens.add(AMRMTokenIdentifier.KIND_NAME);
+ filteredTokens.add(TimelineDelegationTokenIdentifier.KIND_NAME);
boolean keytabProvided = securityConfig.isKeytabProvided();
log.info("Slider AM Security Mode: {}", keytabProvided ? "KEYTAB" : "TOKEN");
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/c9fc7f64/slider-core/src/main/java/org/apache/slider/server/appmaster/actions/QueueExecutor.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/server/appmaster/actions/QueueExecutor.java b/slider-core/src/main/java/org/apache/slider/server/appmaster/actions/QueueExecutor.java
index fd4e37b..d0fc2cf 100644
--- a/slider-core/src/main/java/org/apache/slider/server/appmaster/actions/QueueExecutor.java
+++ b/slider-core/src/main/java/org/apache/slider/server/appmaster/actions/QueueExecutor.java
@@ -51,7 +51,7 @@ public class QueueExecutor implements Runnable {
}
@VisibleForTesting
- QueueExecutor(QueueService actionQueues) {
+ public QueueExecutor(QueueService actionQueues) {
Preconditions.checkNotNull(actionQueues);
this.appMaster = null;
this.appState = null;
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/c9fc7f64/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java b/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java
index 63f66a3..617fe3c 100644
--- a/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java
+++ b/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java
@@ -23,10 +23,10 @@ import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
-import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hadoop.util.Time;
import org.apache.slider.common.SliderXmlConfKeys;
import org.apache.slider.common.tools.SliderUtils;
+import org.apache.slider.core.launch.CredentialUtils;
import org.apache.slider.server.appmaster.SliderAppMaster;
import org.apache.slider.server.appmaster.actions.AsyncAction;
import org.apache.slider.server.appmaster.actions.QueueAccess;
@@ -114,7 +114,7 @@ public class FsDelegationTokenManager {
if (renewAction != null) {
renewAction.getToken().cancel(configuration);
}
- log.info("Renewing action {} removed and HDFS delegation token renewal "
+ log.info("Renewing action {} removed and delegation token renewal "
+ "cancelled", getRenewingActionName());
}
@@ -156,9 +156,9 @@ public class FsDelegationTokenManager {
remoteUser.getShortUserName());
Token token = fs.getDelegationToken(
remoteUser.getShortUserName());
- tokenExpiryTime = getTokenExpiryTime(token);
- log.info("Initial delegation token obtained with expiry time of {}", getPrintableExpirationTime(
- tokenExpiryTime));
+ tokenExpiryTime = CredentialUtils.getTokenExpiryTime(token);
+ log.info("Initial delegation token obtained with expiry time of {}",
+ getPrintableExpirationTime(tokenExpiryTime));
return token;
}
});
@@ -166,12 +166,6 @@ public class FsDelegationTokenManager {
log.info("Initial request returned delegation token {}", token);
}
- private long getTokenExpiryTime(Token token) throws IOException {
- AbstractDelegationTokenIdentifier id =
- (AbstractDelegationTokenIdentifier)token.decodeIdentifier();
- return id.getMaxDate();
- }
-
protected FileSystem getFileSystem()
throws IOException, InterruptedException {
// return non-cache FS reference
@@ -242,7 +236,7 @@ public class FsDelegationTokenManager {
token = findMatchingToken(service, tokens);
currentUser.addToken(token.getService(), token);
- tokenExpiryTime = getTokenExpiryTime(token);
+ tokenExpiryTime = CredentialUtils.getTokenExpiryTime(token);
log.info("Expired HDFS delegation token replaced and added as credential"
+ " to current user. Token expires at {}",