You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by bi...@apache.org on 2016/12/13 19:12:14 UTC
[2/2] hadoop git commit: YARN-5975. Remove the agent - slider AM ssl
related code. Contributed by Jian He
YARN-5975. Remove the agent - slider AM ssl related code. Contributed by Jian He
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f04eb020
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f04eb020
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f04eb020
Branch: refs/heads/yarn-native-services
Commit: f04eb0208c7427a413800d751c58bfb4ac9a4ac2
Parents: fc259d5
Author: Billie Rinaldi <bi...@apache.org>
Authored: Tue Dec 13 10:16:09 2016 -0800
Committer: Billie Rinaldi <bi...@apache.org>
Committed: Tue Dec 13 10:23:57 2016 -0800
----------------------------------------------------------------------
.../slider/api/SliderClusterProtocol.java | 3 -
.../slider/api/proto/RestTypeMarshalling.java | 36 --
.../org/apache/slider/client/SliderClient.java | 80 ---
.../client/ipc/SliderClusterOperations.java | 28 +-
.../slider/common/params/ActionClientArgs.java | 31 +-
.../apache/slider/providers/ProviderUtils.java | 141 -----
.../providers/docker/DockerProviderService.java | 5 -
.../server/appmaster/SliderAppMaster.java | 18 +-
.../rpc/SliderClusterProtocolPBImpl.java | 12 -
.../rpc/SliderClusterProtocolProxy.java | 18 +-
.../server/appmaster/rpc/SliderIPCService.java | 54 +-
.../slider/server/appmaster/web/WebAppApi.java | 23 -
.../server/appmaster/web/WebAppApiImpl.java | 37 +-
.../AbstractSecurityStoreGenerator.java | 98 ----
.../services/security/CertificateManager.java | 495 -----------------
.../services/security/KeystoreGenerator.java | 64 ---
.../server/services/security/SecurityStore.java | 66 ---
.../security/SecurityStoreGenerator.java | 40 --
.../server/services/security/SecurityUtils.java | 256 ---------
.../services/security/SignCertResponse.java | 67 ---
.../server/services/security/SignMessage.java | 54 --
.../services/security/StoresGenerator.java | 68 ---
.../services/security/TruststoreGenerator.java | 62 ---
.../src/main/proto/SliderClusterProtocol.proto | 6 -
.../security/TestCertificateManager.java | 540 -------------------
.../TestMultiThreadedStoreGeneration.java | 156 ------
26 files changed, 14 insertions(+), 2444 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java
index 33fce22..893e706 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java
@@ -173,7 +173,4 @@ public interface SliderClusterProtocol extends VersionedProtocol {
Messages.WrappedJsonProto getModelResolvedResources(Messages.EmptyPayloadProto request) throws IOException;
Messages.WrappedJsonProto getLiveResources(Messages.EmptyPayloadProto request) throws IOException;
-
- Messages.GetCertificateStoreResponseProto getClientCertificateStore(Messages.GetCertificateStoreRequestProto request)
- throws IOException;
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java
index 17fd965..ec35028 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java
@@ -18,8 +18,6 @@
package org.apache.slider.api.proto;
-import com.google.protobuf.ByteString;
-import org.apache.commons.io.IOUtils;
import org.apache.slider.api.types.ApplicationLivenessInformation;
import org.apache.slider.api.types.ComponentInformation;
import org.apache.slider.api.types.ContainerInformation;
@@ -30,15 +28,10 @@ import org.apache.slider.core.conf.ConfTree;
import org.apache.slider.core.conf.ConfTreeOperations;
import org.apache.slider.core.persist.AggregateConfSerDeser;
import org.apache.slider.core.persist.ConfTreeSerDeser;
-import org.apache.slider.server.services.security.SecurityStore;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.io.IOException;
-import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -95,35 +88,6 @@ public class RestTypeMarshalling {
}
return info;
}
-
- public static Messages.GetCertificateStoreResponseProto marshall(
- SecurityStore securityStore) throws IOException {
- Messages.GetCertificateStoreResponseProto.Builder builder =
- Messages.GetCertificateStoreResponseProto.newBuilder();
- builder.setStore(ByteString.copyFrom(getStoreBytes(securityStore)));
-
- return builder.build();
- }
-
- private static byte[] getStoreBytes(SecurityStore securityStore)
- throws IOException {
- InputStream is = null;
- byte[] storeBytes;
- try {
- is = new FileInputStream(securityStore.getFile());
- storeBytes = IOUtils.toByteArray(is);
- } finally {
- if (is != null) {
- is.close();
- }
- }
- return storeBytes;
- }
-
- public static byte[] unmarshall(Messages.GetCertificateStoreResponseProto response) {
- return response.getStore().toByteArray();
- }
-
public static Messages.ComponentInformationProto marshall(ComponentInformation info) {
Messages.ComponentInformationProto.Builder builder =
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java
index 12f7870..ef45d10 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java
@@ -168,7 +168,6 @@ import org.apache.slider.providers.docker.DockerClientProvider;
import org.apache.slider.providers.slideram.SliderAMClientProvider;
import org.apache.slider.server.appmaster.SliderAppMaster;
import org.apache.slider.server.appmaster.rpc.RpcBinder;
-import org.apache.slider.server.services.security.SecurityStore;
import org.apache.slider.server.services.utility.AbstractSliderLaunchedService;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.KeeperException;
@@ -1223,8 +1222,6 @@ public class SliderClient extends AbstractSliderLaunchedService implements RunSe
IOException {
if (clientInfo.install) {
return doClientInstall(clientInfo);
- } else if (clientInfo.getCertStore) {
- return doCertificateStoreRetrieval(clientInfo);
} else {
throw new BadCommandArgumentsException(
"Only install, keystore, and truststore commands are supported for the client.\n"
@@ -1233,83 +1230,6 @@ public class SliderClient extends AbstractSliderLaunchedService implements RunSe
}
}
- private int doCertificateStoreRetrieval(ActionClientArgs clientInfo)
- throws YarnException, IOException {
- if (clientInfo.keystore != null && clientInfo.truststore != null) {
- throw new BadCommandArgumentsException(
- "Only one of either keystore or truststore can be retrieved at one time. "
- + "Retrieval of both should be done separately\n"
- + CommonArgs.usage(serviceArgs, ACTION_CLIENT));
- }
-
- requireArgumentSet(Arguments.ARG_NAME, clientInfo.name);
-
- File storeFile = null;
- SecurityStore.StoreType type;
- if (clientInfo.keystore != null) {
- storeFile = clientInfo.keystore;
- type = SecurityStore.StoreType.keystore;
- } else {
- storeFile = clientInfo.truststore;
- type = SecurityStore.StoreType.truststore;
- }
-
- require (!storeFile.exists(),
- "File %s already exists. Please remove that file or select a different file name.",
- storeFile.getAbsolutePath());
- String hostname = null;
- if (type == SecurityStore.StoreType.keystore) {
- hostname = clientInfo.hostname;
- if (hostname == null) {
- hostname = InetAddress.getLocalHost().getCanonicalHostName();
- log.info("No hostname specified via command line. Using {}", hostname);
- }
- }
-
- String password = clientInfo.password;
- if (password == null) {
- String provider = clientInfo.provider;
- String alias = clientInfo.alias;
- if (provider != null && alias != null) {
- Configuration conf = new Configuration(getConfig());
- conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
- char[] chars = conf.getPassword(alias);
- if (chars == null) {
- CredentialProvider credentialProvider =
- CredentialProviderFactory.getProviders(conf).get(0);
- chars = readOnePassword(alias);
- credentialProvider.createCredentialEntry(alias, chars);
- credentialProvider.flush();
- }
- password = String.valueOf(chars);
- Arrays.fill(chars, ' ');
- } else {
- log.info("No password and no provider/alias pair were provided, " +
- "prompting for password");
- // get a password
- password = String.valueOf(readOnePassword(type.name()));
- }
- }
-
- byte[] keystore = createClusterOperations(clientInfo.name)
- .getClientCertificateStore(hostname, "client", password, type.name());
- // persist to file
- FileOutputStream storeFileOutputStream = null;
- try {
- storeFileOutputStream = new FileOutputStream(storeFile);
- IOUtils.write(keystore, storeFileOutputStream);
- } catch (Exception e) {
- log.error("Unable to persist to file {}", storeFile);
- throw e;
- } finally {
- if (storeFileOutputStream != null) {
- storeFileOutputStream.close();
- }
- }
-
- return EXIT_SUCCESS;
- }
-
private int doClientInstall(ActionClientArgs clientInfo)
throws IOException, SliderException {
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java
index 392f451..eaf15e6 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java
@@ -19,17 +19,12 @@
package org.apache.slider.client.ipc;
import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Preconditions;
-import org.apache.hadoop.yarn.api.records.NodeReport;
-import org.apache.hadoop.yarn.api.records.NodeState;
import org.apache.hadoop.yarn.exceptions.YarnException;
import org.apache.slider.api.ClusterDescription;
import org.apache.slider.api.ClusterNode;
import org.apache.slider.api.SliderClusterProtocol;
import org.apache.slider.api.StateValues;
import org.apache.slider.api.proto.Messages;
-
-import static org.apache.slider.api.proto.RestTypeMarshalling.*;
import org.apache.slider.api.types.ApplicationLivenessInformation;
import org.apache.slider.api.types.ComponentInformation;
import org.apache.slider.api.types.ContainerInformation;
@@ -37,7 +32,6 @@ import org.apache.slider.api.types.NodeInformation;
import org.apache.slider.api.types.NodeInformationList;
import org.apache.slider.api.types.PingInformation;
import org.apache.slider.common.tools.Duration;
-import org.apache.slider.common.tools.SliderUtils;
import org.apache.slider.core.conf.AggregateConf;
import org.apache.slider.core.conf.ConfTree;
import org.apache.slider.core.conf.ConfTreeOperations;
@@ -45,8 +39,6 @@ import org.apache.slider.core.exceptions.NoSuchNodeException;
import org.apache.slider.core.exceptions.SliderException;
import org.apache.slider.core.exceptions.WaitTimeoutException;
import org.apache.slider.core.persist.ConfTreeSerDeser;
-import org.apache.slider.server.services.security.SecurityStore;
-import org.apache.slider.server.services.security.SignCertResponse;
import org.codehaus.jackson.JsonParseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -59,6 +51,8 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import static org.apache.slider.api.proto.RestTypeMarshalling.*;
+
/**
* Cluster operations at a slightly higher level than the RPC code
*/
@@ -508,22 +502,4 @@ public class SliderClusterOperations {
);
return unmarshall(proto);
}
-
- public byte[] getClientCertificateStore(String hostname, String clientId,
- String password, String type) throws IOException {
- Messages.GetCertificateStoreRequestProto.Builder
- builder = Messages.GetCertificateStoreRequestProto.newBuilder();
- if (hostname != null) {
- builder.setHostname(hostname);
- }
- Messages.GetCertificateStoreRequestProto requestProto =
- builder.setRequesterId(clientId)
- .setPassword(password)
- .setType(type)
- .build();
- Messages.GetCertificateStoreResponseProto response =
- appMaster.getClientCertificateStore(requestProto);
-
- return unmarshall(response);
- }
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java
index 85d39ea..09e2b62 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java
@@ -37,39 +37,10 @@ public class ActionClientArgs extends AbstractActionArgs {
description = "Install client")
public boolean install;
- @Parameter(names = {ARG_GETCERTSTORE},
- description = "Get a certificate store")
- public boolean getCertStore;
-
- @Parameter(names = {ARG_KEYSTORE},
- description = "Retrieve keystore to specified location")
- public File keystore;
-
- @Parameter(names = {ARG_TRUSTSTORE},
- description = "Retrieve truststore to specified location")
- public File truststore;
-
- @Parameter(names = {ARG_HOSTNAME},
- description = "(Optional) Specify the hostname to use for generation of keystore certificate")
- public String hostname;
-
@Parameter(names = {ARG_NAME},
description = "The name of the application")
public String name;
- @Parameter(names = {ARG_PROVIDER},
- description = "The credential provider in which the password is stored")
- public String provider;
-
- @Parameter(names = {ARG_ALIAS},
- description = "The credential provider alias associated with the password")
- public String alias;
-
- @Parameter(names = {ARG_PASSWORD},
- description = "The certificate store password (alternative to " +
- "provider/alias; if password is specified, those will be ignored)")
- public String password;
-
@Parameter(names = {ARG_PACKAGE},
description = "Path to app package")
public String packageURI;
@@ -95,4 +66,4 @@ public class ActionClientArgs extends AbstractActionArgs {
public int getMaxParams() {
return 1;
}
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java
index bc237f5..cff5ed8 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java
@@ -30,7 +30,6 @@ import org.apache.hadoop.registry.client.types.ServiceRecord;
import org.apache.hadoop.registry.client.types.yarn.PersistencePolicies;
import org.apache.hadoop.registry.client.types.yarn.YarnRegistryAttributes;
import org.apache.hadoop.util.StringUtils;
-import org.apache.hadoop.yarn.api.records.Container;
import org.apache.hadoop.yarn.api.records.LocalResource;
import org.apache.hadoop.yarn.api.records.LocalResourceType;
import org.apache.slider.api.ClusterNode;
@@ -38,7 +37,6 @@ import org.apache.slider.api.InternalKeys;
import org.apache.slider.api.OptionKeys;
import org.apache.slider.api.ResourceKeys;
import org.apache.slider.api.RoleKeys;
-import org.apache.slider.common.SliderExitCodes;
import org.apache.slider.common.SliderKeys;
import org.apache.slider.common.SliderXmlConfKeys;
import org.apache.slider.common.tools.SliderFileSystem;
@@ -59,9 +57,6 @@ import org.apache.slider.core.registry.docstore.PublishedConfigurationOutputter;
import org.apache.slider.core.registry.docstore.PublishedExports;
import org.apache.slider.server.appmaster.state.RoleInstance;
import org.apache.slider.server.appmaster.state.StateAccessForProviders;
-import org.apache.slider.server.services.security.CertificateManager;
-import org.apache.slider.server.services.security.SecurityStore;
-import org.apache.slider.server.services.security.StoresGenerator;
import org.apache.slider.server.services.yarnregistry.YarnRegistryViewForProviders;
import org.slf4j.Logger;
@@ -398,61 +393,6 @@ public class ProviderUtils implements RoleKeys, SliderKeys {
}
}
- /**
- * Return whether two-way SSL is enabled for Agent / AM communication.
- * @param amComponent component specification
- * @return true if enabled
- */
- public boolean hasTwoWaySSLEnabled(MapOperations amComponent) {
- return amComponent != null ?
- amComponent.getOptionBool(TWO_WAY_SSL_ENABLED, false) : false;
- }
-
- /**
- * Generate and localize SSL certs for Agent / AM communication
- * @param launcher container launcher
- * @param container allocated container information
- * @param fileSystem file system
- * @param clusterName app name
- * @throws SliderException certs cannot be generated/uploaded
- */
- public void localizeContainerSSLResources(ContainerLauncher launcher,
- Container container, SliderFileSystem fileSystem, String clusterName)
- throws SliderException {
- try {
- // localize server cert
- Path certsDir = fileSystem.buildClusterSecurityDirPath(clusterName);
- LocalResource certResource = fileSystem.createAmResource(
- new Path(certsDir, CRT_FILE_NAME),
- LocalResourceType.FILE);
- launcher.addLocalResource(CERT_FILE_LOCALIZATION_PATH, certResource);
-
- // generate and localize agent cert
- CertificateManager certMgr = new CertificateManager();
- String hostname = container.getNodeId().getHost();
- String containerId = container.getId().toString();
- certMgr.generateContainerCertificate(hostname, containerId);
- LocalResource agentCertResource = fileSystem.createAmResource(
- uploadSecurityResource(
- CertificateManager.getAgentCertficateFilePath(containerId),
- fileSystem, clusterName), LocalResourceType.FILE);
- // still using hostname as file name on the agent side, but the files
- // do end up under the specific container's file space
- launcher.addLocalResource(INFRA_RUN_SECURITY_DIR + hostname +
- ".crt", agentCertResource);
- LocalResource agentKeyResource = fileSystem.createAmResource(
- uploadSecurityResource(
- CertificateManager.getAgentKeyFilePath(containerId), fileSystem,
- clusterName),
- LocalResourceType.FILE);
- launcher.addLocalResource(INFRA_RUN_SECURITY_DIR + hostname +
- ".key", agentKeyResource);
-
- } catch (Exception e) {
- throw new SliderException(SliderExitCodes.EXIT_DEPLOYMENT_FAILED, e,
- "Unable to localize certificates. Two-way SSL cannot be enabled");
- }
- }
/**
* Upload a local file to the cluster security dir in HDFS. If the file
@@ -707,87 +647,6 @@ public class ProviderUtils implements RoleKeys, SliderKeys {
}
/**
- * Generate and localize security stores requested by the app. Also perform
- * last-minute substitution of cluster name into credentials strings.
- * @param launcher container launcher
- * @param container allocated container information
- * @param role component name
- * @param fileSystem file system
- * @param instanceDefinition app specification
- * @param compOps component specification
- * @param clusterName app name
- * @throws SliderException stores cannot be generated/uploaded
- * @throws IOException stores cannot be generated/uploaded
- */
- public void localizeContainerSecurityStores(ContainerLauncher launcher,
- Container container,
- String role,
- SliderFileSystem fileSystem,
- AggregateConf instanceDefinition,
- MapOperations compOps,
- String clusterName)
- throws SliderException, IOException {
- // substitute CLUSTER_NAME into credentials
- Map<String,List<String>> newcred = new HashMap<>();
- for (Entry<String,List<String>> entry :
- instanceDefinition.getAppConf().credentials.entrySet()) {
- List<String> resultList = new ArrayList<>();
- for (String v : entry.getValue()) {
- resultList.add(v.replaceAll(Pattern.quote("${CLUSTER_NAME}"),
- clusterName).replaceAll(Pattern.quote("${CLUSTER}"),
- clusterName));
- }
- newcred.put(entry.getKey().replaceAll(Pattern.quote("${CLUSTER_NAME}"),
- clusterName).replaceAll(Pattern.quote("${CLUSTER}"),
- clusterName),
- resultList);
- }
- instanceDefinition.getAppConf().credentials = newcred;
-
- // generate and localize security stores
- SecurityStore[] stores = generateSecurityStores(container, role,
- instanceDefinition, compOps);
- for (SecurityStore store : stores) {
- LocalResource keystoreResource = fileSystem.createAmResource(
- uploadSecurityResource(store.getFile(), fileSystem, clusterName),
- LocalResourceType.FILE);
- launcher.addLocalResource(String.format("secstores/%s-%s.p12",
- store.getType(), role),
- keystoreResource);
- }
- }
-
- /**
- * Generate security stores requested by the app.
- * @param container allocated container information
- * @param role component name
- * @param instanceDefinition app specification
- * @param compOps component specification
- * @return security stores
- * @throws SliderException stores cannot be generated
- * @throws IOException stores cannot be generated
- */
- private SecurityStore[] generateSecurityStores(Container container,
- String role,
- AggregateConf instanceDefinition,
- MapOperations compOps)
- throws SliderException, IOException {
- return StoresGenerator.generateSecurityStores(
- container.getNodeId().getHost(), container.getId().toString(),
- role, instanceDefinition, compOps);
- }
-
- /**
- * Return whether security stores are requested by the app.
- * @param compOps component specification
- * @return true if stores are requested
- */
- public boolean areStoresRequested(MapOperations compOps) {
- return compOps != null ? compOps.
- getOptionBool(COMP_STORES_REQUIRED_KEY, false) : false;
- }
-
- /**
* Localize application tarballs and other resources requested by the app.
* @param launcher container launcher
* @param fileSystem file system
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java
index e4a7cdf..1482062 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java
@@ -165,11 +165,6 @@ public class DockerProviderService extends AbstractProviderService implements
fileSystem, getClusterName());
}
- if (providerUtils.areStoresRequested(appComponent)) {
- providerUtils.localizeContainerSecurityStores(launcher, container,
- roleName, fileSystem, instanceDefinition, appComponent, getClusterName());
- }
-
if (appComponent.getOptionBool(AM_CONFIG_GENERATION, false)) {
// build and localize configuration files
Map<String, Map<String, String>> configurations =
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
index 8c39343..74dbc88 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
@@ -26,8 +26,6 @@ import org.apache.commons.collections.CollectionUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.fs.permission.FsAction;
-import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.http.HttpConfig;
@@ -155,7 +153,6 @@ import org.apache.slider.server.appmaster.web.rest.InsecureAmFilterInitializer;
import org.apache.slider.server.appmaster.web.rest.RestPaths;
import org.apache.slider.server.appmaster.web.rest.application.ApplicationResouceContentCacheFactory;
import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache;
-import org.apache.slider.server.services.security.CertificateManager;
import org.apache.slider.server.services.utility.AbstractSliderLaunchedService;
import org.apache.slider.server.services.utility.WebAppService;
import org.apache.slider.server.services.workflow.ServiceThreadFactory;
@@ -373,7 +370,6 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
@SuppressWarnings("FieldAccessedSynchronizedAndUnsynchronized")
private InetSocketAddress rpcServiceAddress;
private SliderAMProviderService sliderAMProvider;
- private CertificateManager certificateManager;
/**
* Executor.
@@ -732,8 +728,6 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
}
}
- certificateManager = new CertificateManager();
-
//bring up the Slider RPC service
buildPortScanner(instanceDefinition);
startSliderRPCServer(instanceDefinition);
@@ -757,18 +751,12 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
// Start up the WebApp and track the URL for it
MapOperations component = instanceDefinition.getAppConfOperations()
.getComponent(SliderKeys.COMPONENT_AM);
- certificateManager.initialize(component, appMasterHostname,
- appMasterContainerID.toString(),
- clustername);
- certificateManager.setPassphrase(instanceDefinition.getPassphrase());
// Web service endpoints: initialize
WebAppApiImpl webAppApi =
new WebAppApiImpl(
stateForProviders,
- providerService,
- certificateManager,
- registryOperations,
+ providerService, registryOperations,
metricsAndMonitoring,
actionQueues,
this,
@@ -1551,9 +1539,7 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
verifyIPCAccess();
sliderIPCService = new SliderIPCService(
- this,
- certificateManager,
- stateForProviders,
+ this, stateForProviders,
actionQueues,
metricsAndMonitoring,
contentCache);
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java
index f0d9063..fbd408e 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java
@@ -303,16 +303,4 @@ public class SliderClusterProtocolPBImpl implements SliderClusterProtocolPB {
throw wrap(e);
}
}
-
- @Override
- public Messages.GetCertificateStoreResponseProto getClientCertificateStore(
- RpcController controller,
- Messages.GetCertificateStoreRequestProto request)
- throws ServiceException {
- try {
- return real.getClientCertificateStore(request);
- } catch (Exception e) {
- throw wrap(e);
- }
- }
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java
index b230816..448c6f3 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java
@@ -88,10 +88,9 @@ public class SliderClusterProtocolProxy implements SliderClusterProtocol {
return ioe;
}
- @Override
- public Messages.StopClusterResponseProto stopCluster(Messages.StopClusterRequestProto request) throws
- IOException,
- YarnException {
+ @Override public Messages.StopClusterResponseProto stopCluster(
+ Messages.StopClusterRequestProto request)
+ throws IOException, YarnException {
try {
return endpoint.stopCluster(NULL_CONTROLLER, request);
} catch (ServiceException e) {
@@ -343,16 +342,5 @@ public class SliderClusterProtocolProxy implements SliderClusterProtocol {
} catch (ServiceException e) {
throw convert(e);
}
-
- }
-
- @Override
- public Messages.GetCertificateStoreResponseProto getClientCertificateStore(Messages.GetCertificateStoreRequestProto request) throws
- IOException {
- try {
- return endpoint.getClientCertificateStore(NULL_CONTROLLER, request);
- } catch (ServiceException e) {
- throw convert(e);
- }
}
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java
index fda23aa..00910a4 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java
@@ -35,7 +35,6 @@ import org.apache.slider.api.types.NodeInformationList;
import org.apache.slider.core.conf.AggregateConf;
import org.apache.slider.core.conf.ConfTree;
import org.apache.slider.core.exceptions.ServiceNotReadyException;
-import org.apache.slider.core.exceptions.SliderException;
import org.apache.slider.core.main.LauncherExitCodes;
import org.apache.slider.core.persist.AggregateConfSerDeser;
import org.apache.slider.core.persist.ConfTreeSerDeser;
@@ -51,8 +50,6 @@ import org.apache.slider.server.appmaster.management.MetricsAndMonitoring;
import org.apache.slider.server.appmaster.state.RoleInstance;
import org.apache.slider.server.appmaster.state.StateAccessForProviders;
import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache;
-import org.apache.slider.server.services.security.CertificateManager;
-import org.apache.slider.server.services.security.SecurityStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -63,16 +60,7 @@ import java.util.Map;
import java.util.concurrent.TimeUnit;
import static org.apache.slider.api.proto.RestTypeMarshalling.marshall;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_COMPONENTS;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_CONTAINERS;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_NODES;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_RESOURCES;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_DESIRED;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_DESIRED_APPCONF;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_DESIRED_RESOURCES;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_RESOLVED;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_RESOLVED_APPCONF;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_RESOLVED_RESOURCES;
+import static org.apache.slider.server.appmaster.web.rest.RestPaths.*;
/**
* Implement the {@link SliderClusterProtocol}.
@@ -90,7 +78,6 @@ public class SliderIPCService extends AbstractService
private final MetricsAndMonitoring metricsAndMonitoring;
private final AppMasterActionOperations amOperations;
private final ContentCache cache;
- private final CertificateManager certificateManager;
/**
* This is the prefix used for metrics
@@ -107,11 +94,8 @@ public class SliderIPCService extends AbstractService
* @param cache
*/
public SliderIPCService(AppMasterActionOperations amOperations,
- CertificateManager certificateManager,
- StateAccessForProviders state,
- QueueAccess actionQueues,
- MetricsAndMonitoring metricsAndMonitoring,
- ContentCache cache) {
+ StateAccessForProviders state, QueueAccess actionQueues,
+ MetricsAndMonitoring metricsAndMonitoring, ContentCache cache) {
super("SliderIPCService");
Preconditions.checkArgument(amOperations != null, "null amOperations");
Preconditions.checkArgument(state != null, "null appState");
@@ -124,7 +108,6 @@ public class SliderIPCService extends AbstractService
this.metricsAndMonitoring = metricsAndMonitoring;
this.amOperations = amOperations;
this.cache = cache;
- this.certificateManager = certificateManager;
}
@Override //SliderClusterProtocol
@@ -517,35 +500,4 @@ public class SliderIPCService extends AbstractService
builder.setJson(json);
return builder.build();
}
-
- @Override
- public Messages.GetCertificateStoreResponseProto getClientCertificateStore(Messages.GetCertificateStoreRequestProto request) throws
- IOException {
- String hostname = request.getHostname();
- String clientId = request.getRequesterId();
- String password = request.getPassword();
- String type = request.getType();
-
- SecurityStore store = null;
- try {
- if ( SecurityStore.StoreType.keystore.equals(
- SecurityStore.StoreType.valueOf(type))) {
- store = certificateManager.generateContainerKeystore(hostname,
- clientId,
- null,
- password);
- } else if (SecurityStore.StoreType.truststore.equals(
- SecurityStore.StoreType.valueOf(type))) {
- store = certificateManager.generateContainerTruststore(clientId,
- null,
- password);
-
- } else {
- throw new IOException("Illegal store type");
- }
- } catch (SliderException e) {
- throw new IOException(e);
- }
- return marshall(store);
- }
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java
index 65a3591..ea07a8a 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java
@@ -18,16 +18,11 @@ package org.apache.slider.server.appmaster.web;
import org.apache.hadoop.registry.client.api.RegistryOperations;
import org.apache.slider.providers.ProviderService;
-import org.apache.slider.server.appmaster.AppMasterActionOperations;
import org.apache.slider.server.appmaster.actions.QueueAccess;
import org.apache.slider.server.appmaster.management.MetricsAndMonitoring;
import org.apache.slider.server.appmaster.state.AppState;
-import org.apache.slider.server.appmaster.state.RoleStatus;
import org.apache.slider.server.appmaster.state.StateAccessForProviders;
import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache;
-import org.apache.slider.server.services.security.CertificateManager;
-
-import java.util.Map;
/**
* Interface to pass information from the Slider AppMaster to the WebApp
@@ -43,18 +38,6 @@ public interface WebAppApi {
* The {@link ProviderService} for the current cluster
*/
ProviderService getProviderService();
-
-
- /**
- * The {@link CertificateManager} for the current cluster
- */
- CertificateManager getCertificateManager();
-
- /**
- * Generate a mapping from role name to its {@link RoleStatus}. Be aware that this
- * is a computed value and not just a getter
- */
- Map<String, RoleStatus> getRoleStatusByName();
/**
* Registry operations accessor
@@ -75,12 +58,6 @@ public interface WebAppApi {
QueueAccess getQueues();
/**
- * API for AM operations
- * @return current operations implementation
- */
- AppMasterActionOperations getAMOperations();
-
- /**
* Local cache of content
* @return the cache
*/
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java
index bd4d2bf..d20f1ad 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java
@@ -21,17 +21,11 @@ import org.apache.slider.providers.ProviderService;
import org.apache.slider.server.appmaster.AppMasterActionOperations;
import org.apache.slider.server.appmaster.actions.QueueAccess;
import org.apache.slider.server.appmaster.management.MetricsAndMonitoring;
-import org.apache.slider.server.appmaster.state.RoleStatus;
import org.apache.slider.server.appmaster.state.StateAccessForProviders;
import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache;
-import org.apache.slider.server.services.security.CertificateManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.List;
-import java.util.Map;
-import java.util.TreeMap;
-
import static com.google.common.base.Preconditions.checkNotNull;
/**
@@ -42,7 +36,6 @@ public class WebAppApiImpl implements WebAppApi {
protected final StateAccessForProviders appState;
protected final ProviderService provider;
- protected final CertificateManager certificateManager;
private final RegistryOperations registryOperations;
private final MetricsAndMonitoring metricsAndMonitoring;
private final QueueAccess queues;
@@ -50,13 +43,9 @@ public class WebAppApiImpl implements WebAppApi {
private final ContentCache contentCache;
public WebAppApiImpl(StateAccessForProviders appState,
- ProviderService provider,
- CertificateManager certificateManager,
- RegistryOperations registryOperations,
- MetricsAndMonitoring metricsAndMonitoring,
- QueueAccess queues,
- AppMasterActionOperations appMasterOperations,
- ContentCache contentCache) {
+ ProviderService provider, RegistryOperations registryOperations,
+ MetricsAndMonitoring metricsAndMonitoring, QueueAccess queues,
+ AppMasterActionOperations appMasterOperations, ContentCache contentCache) {
this.appMasterOperations = appMasterOperations;
this.contentCache = contentCache;
checkNotNull(appState);
@@ -66,7 +55,6 @@ public class WebAppApiImpl implements WebAppApi {
this.registryOperations = registryOperations;
this.appState = appState;
this.provider = provider;
- this.certificateManager = certificateManager;
this.metricsAndMonitoring = metricsAndMonitoring;
}
@@ -81,21 +69,6 @@ public class WebAppApiImpl implements WebAppApi {
}
@Override
- public CertificateManager getCertificateManager() {
- return certificateManager;
- }
-
- @Override
- public Map<String,RoleStatus> getRoleStatusByName() {
- List<RoleStatus> roleStatuses = appState.cloneRoleStatusList();
- Map<String, RoleStatus> map = new TreeMap<>();
- for (RoleStatus status : roleStatuses) {
- map.put(status.getName(), status);
- }
- return map;
- }
-
- @Override
public RegistryOperations getRegistryOperations() {
return registryOperations;
}
@@ -110,10 +83,6 @@ public class WebAppApiImpl implements WebAppApi {
return queues;
}
- @Override
- public AppMasterActionOperations getAMOperations() {
- return appMasterOperations;
- }
@Override
public ContentCache getContentCache() {
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java
deleted file mode 100644
index 11d3aa1..0000000
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.server.services.security;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.alias.CredentialProvider;
-import org.apache.hadoop.security.alias.CredentialProviderFactory;
-import org.apache.slider.common.SliderKeys;
-import org.apache.slider.core.conf.MapOperations;
-import org.apache.slider.core.exceptions.SliderException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.IOException;
-import java.util.List;
-import java.util.Map;
-
-/**
- *
- */
-public abstract class AbstractSecurityStoreGenerator implements
- SecurityStoreGenerator {
- private static final Logger LOG =
- LoggerFactory.getLogger(AbstractSecurityStoreGenerator.class);
-
- protected CertificateManager certificateMgr;
-
- public AbstractSecurityStoreGenerator(CertificateManager certificateMgr) {
- this.certificateMgr = certificateMgr;
- }
-
- protected String getStorePassword(Map<String, List<String>> credentials,
- MapOperations compOps, String role)
- throws SliderException, IOException {
- String password = getPassword(compOps);
- if (password == null) {
- // need to leverage credential provider
- String alias = getAlias(compOps);
- LOG.debug("Alias {} found for role {}", alias, role);
- if (alias == null) {
- throw new SliderException("No store password or credential provider "
- + "alias found");
- }
- if (credentials.isEmpty()) {
- LOG.info("Credentials can not be retrieved for store generation since "
- + "no CP paths are configured");
- }
- synchronized (this) {
- for (Map.Entry<String, List<String>> cred : credentials.entrySet()) {
- String provider = cred.getKey();
- Configuration c = new Configuration();
- c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
- LOG.debug("Configured provider {}", provider);
- CredentialProvider cp =
- CredentialProviderFactory.getProviders(c).get(0);
- LOG.debug("Aliases: {}", cp.getAliases());
- char[] credential = c.getPassword(alias);
- if (credential != null) {
- LOG.info("Credential found for role {}", role);
- return String.valueOf(credential);
- }
- }
- }
-
- if (password == null) {
- LOG.info("No store credential found for alias {}. "
- + "Generation of store for {} is not possible.", alias, role);
-
- }
- }
-
- return password;
-
- }
-
- @Override
- public boolean isStoreRequested(MapOperations compOps) {
- return compOps.getOptionBool(SliderKeys.COMP_STORES_REQUIRED_KEY, false);
- }
-
- abstract String getPassword(MapOperations compOps);
-
- abstract String getAlias(MapOperations compOps);
-}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
deleted file mode 100644
index e436ae9..0000000
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
+++ /dev/null
@@ -1,495 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.server.services.security;
-
-import com.google.inject.Singleton;
-import org.apache.commons.io.FileUtils;
-import org.apache.slider.common.SliderKeys;
-import org.apache.slider.core.conf.MapOperations;
-import org.apache.slider.core.exceptions.SliderException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.nio.charset.Charset;
-import java.text.MessageFormat;
-
-@Singleton
-public class CertificateManager {
-
- private static final Logger LOG =
- LoggerFactory.getLogger(CertificateManager.class);
-
- private static final String GEN_SRVR_KEY = "openssl genrsa -des3 " +
- "-passout pass:{0} -out {1}" + File.separator + "{2} 4096 ";
- private static final String GEN_SRVR_REQ = "openssl req -passin pass:{0} " +
- "-new -key {1}" + File.separator + "{2} -out {1}" + File.separator +
- "{5} -config {1}" + File.separator + "ca.config " +
- "-subj {6} -batch";
- private static final String SIGN_SRVR_CRT = "openssl ca -create_serial " +
- "-out {1}" + File.separator + "{3} -days 365 -keyfile {1}" + File.separator
- + "{2} -key {0} -selfsign -extensions jdk7_ca -config {1}" + File.separator
- + "ca.config -batch -infiles {1}" + File.separator + "{5}";
- private static final String EXPRT_KSTR = "openssl pkcs12 -export" +
- " -in {2}" + File.separator + "{4} -inkey {2}" + File.separator +
- "{3} -certfile {2}" + File.separator + "{4} -out {2}" + File.separator +
- "{5} -password pass:{1} -passin pass:{0} \n";
- private static final String REVOKE_AGENT_CRT = "openssl ca " +
- "-config {0}" + File.separator + "ca.config -keyfile {0}" +
- File.separator + "{4} -revoke {0}" + File.separator + "{2} -batch " +
- "-passin pass:{3} -cert {0}" + File.separator + "{5}";
- private static final String SIGN_AGENT_CRT = "openssl ca -config " +
- "{0}" + File.separator + "ca.config -in {0}" + File.separator +
- "{1} -out {0}" + File.separator + "{2} -batch -passin pass:{3} " +
- "-keyfile {0}" + File.separator + "{4} -cert {0}" + File.separator + "{5}";
- private static final String GEN_AGENT_KEY="openssl req -new -newkey " +
- "rsa:1024 -nodes -keyout {0}" + File.separator +
- "{2}.key -subj {1} -out {0}" + File.separator + "{2}.csr " +
- "-config {3}" + File.separator + "ca.config ";
- private String passphrase;
- private String applicationName;
-
-
- public void initialize(MapOperations compOperations) throws SliderException {
- String hostname = null;
- try {
- hostname = InetAddress.getLocalHost().getCanonicalHostName();
- } catch (UnknownHostException e) {
- hostname = "localhost";
- }
- this.initialize(compOperations, hostname, null, null);
- }
-
- /**
- * Verify that root certificate exists, generate it otherwise.
- */
- public void initialize(MapOperations compOperations,
- String hostname, String containerId,
- String appName) throws SliderException {
- SecurityUtils.initializeSecurityParameters(compOperations);
-
- LOG.info("Initialization of root certificate");
- boolean certExists = isCertExists();
- LOG.info("Certificate exists:" + certExists);
-
- this.applicationName = appName;
-
- if (!certExists) {
- generateAMKeystore(hostname, containerId);
- }
-
- }
-
- /**
- * Checks root certificate state.
- * @return "true" if certificate exists
- */
- private boolean isCertExists() {
-
- String srvrKstrDir = SecurityUtils.getSecurityDir();
- String srvrCrtName = SliderKeys.CRT_FILE_NAME;
- File certFile = new File(srvrKstrDir + File.separator + srvrCrtName);
- LOG.debug("srvrKstrDir = " + srvrKstrDir);
- LOG.debug("srvrCrtName = " + srvrCrtName);
- LOG.debug("certFile = " + certFile.getAbsolutePath());
-
- return certFile.exists();
- }
-
- public void setPassphrase(String passphrase) {
- this.passphrase = passphrase;
- }
-
- class StreamConsumer extends Thread
- {
- InputStream is;
- boolean logOutput;
-
- StreamConsumer(InputStream is, boolean logOutput)
- {
- this.is = is;
- this.logOutput = logOutput;
- }
-
- StreamConsumer(InputStream is)
- {
- this(is, false);
- }
-
- public void run()
- {
- try
- {
- InputStreamReader isr = new InputStreamReader(is,
- Charset.forName("UTF8"));
- BufferedReader br = new BufferedReader(isr);
- String line;
- while ( (line = br.readLine()) != null)
- if (logOutput) {
- LOG.info(line);
- }
- } catch (IOException e)
- {
- LOG.error("Error during processing of process stream", e);
- }
- }
- }
-
-
- /**
- * Runs os command
- *
- * @return command execution exit code
- */
- private int runCommand(String command) throws SliderException {
- int exitCode = -1;
- String line = null;
- Process process = null;
- BufferedReader br= null;
- try {
- process = Runtime.getRuntime().exec(command);
- StreamConsumer outputConsumer =
- new StreamConsumer(process.getInputStream(), true);
- StreamConsumer errorConsumer =
- new StreamConsumer(process.getErrorStream(), true);
-
- outputConsumer.start();
- errorConsumer.start();
-
- try {
- process.waitFor();
- SecurityUtils.logOpenSslExitCode(command, process.exitValue());
- exitCode = process.exitValue();
- if (exitCode != 0) {
- throw new SliderException(exitCode, "Error running command %s", command);
- }
- } catch (InterruptedException e) {
- e.printStackTrace();
- }
- } catch (IOException e) {
- e.printStackTrace();
- } finally {
- if (br != null) {
- try {
- br.close();
- } catch (IOException ioe) {
- ioe.printStackTrace();
- }
- }
- }
-
- return exitCode;//some exception occurred
-
- }
-
- public synchronized void generateContainerCertificate(String hostname,
- String identifier) {
- LOG.info("Generation of certificate for {}", hostname);
-
- String srvrKstrDir = SecurityUtils.getSecurityDir();
- Object[] scriptArgs = {srvrKstrDir, getSubjectDN(hostname, identifier,
- this.applicationName), identifier, SecurityUtils.getSecurityDir()};
-
- try {
- String command = MessageFormat.format(GEN_AGENT_KEY, scriptArgs);
- runCommand(command);
-
- signAgentCertificate(identifier);
-
- } catch (SliderException e) {
- LOG.error("Error generating the agent certificate", e);
- }
- }
-
- public synchronized SecurityStore generateContainerKeystore(String hostname,
- String requesterId,
- String role,
- String keystorePass)
- throws SliderException {
- LOG.info("Generation of container keystore for container {} on {}",
- requesterId, hostname);
-
- generateContainerCertificate(hostname, requesterId);
-
- // come up with correct args to invoke keystore command
- String srvrCrtPass = SecurityUtils.getKeystorePass();
- String srvrKstrDir = SecurityUtils.getSecurityDir();
- String containerCrtName = requesterId + ".crt";
- String containerKeyName = requesterId + ".key";
- String kstrName = getKeystoreFileName(requesterId, role);
-
- Object[] scriptArgs = {srvrCrtPass, keystorePass, srvrKstrDir,
- containerKeyName, containerCrtName, kstrName};
-
- String command = MessageFormat.format(EXPRT_KSTR, scriptArgs);
- runCommand(command);
-
- return new SecurityStore(new File(srvrKstrDir, kstrName),
- SecurityStore.StoreType.keystore);
- }
-
- private static String getKeystoreFileName(String containerId,
- String role) {
- return String.format("keystore-%s-%s.p12", containerId,
- role != null ? role : "");
- }
-
- private void generateAMKeystore(String hostname, String containerId)
- throws SliderException {
- LOG.info("Generation of server certificate");
-
- String srvrKstrDir = SecurityUtils.getSecurityDir();
- String srvrCrtName = SliderKeys.CRT_FILE_NAME;
- String srvrCsrName = SliderKeys.CSR_FILE_NAME;
- String srvrKeyName = SliderKeys.KEY_FILE_NAME;
- String kstrName = SliderKeys.KEYSTORE_FILE_NAME;
- String srvrCrtPass = SecurityUtils.getKeystorePass();
-
- Object[] scriptArgs = {srvrCrtPass, srvrKstrDir, srvrKeyName,
- srvrCrtName, kstrName, srvrCsrName, getSubjectDN(hostname, containerId,
- this.applicationName)};
-
- String command = MessageFormat.format(GEN_SRVR_KEY, scriptArgs);
- runCommand(command);
-
- command = MessageFormat.format(GEN_SRVR_REQ, scriptArgs);
- runCommand(command);
-
- command = MessageFormat.format(SIGN_SRVR_CRT, scriptArgs);
- runCommand(command);
-
- Object[] keystoreArgs = {srvrCrtPass, srvrCrtPass, srvrKstrDir, srvrKeyName,
- srvrCrtName, kstrName, srvrCsrName};
- command = MessageFormat.format(EXPRT_KSTR, keystoreArgs);
- runCommand(command);
- }
-
- public SecurityStore generateContainerTruststore(String containerId,
- String role,
- String truststorePass)
- throws SliderException {
-
- String srvrKstrDir = SecurityUtils.getSecurityDir();
- String srvrCrtName = SliderKeys.CRT_FILE_NAME;
- String srvrCsrName = SliderKeys.CSR_FILE_NAME;
- String srvrKeyName = SliderKeys.KEY_FILE_NAME;
- String kstrName = getTruststoreFileName(role, containerId);
- String srvrCrtPass = SecurityUtils.getKeystorePass();
-
- Object[] scriptArgs = {srvrCrtPass, truststorePass, srvrKstrDir, srvrKeyName,
- srvrCrtName, kstrName, srvrCsrName};
-
- String command = MessageFormat.format(EXPRT_KSTR, scriptArgs);
- runCommand(command);
-
- return new SecurityStore(new File(srvrKstrDir, kstrName),
- SecurityStore.StoreType.truststore);
- }
-
- private static String getTruststoreFileName(String role, String containerId) {
- return String.format("truststore-%s-%s.p12", containerId,
- role != null ? role : "");
- }
-
- /**
- * Returns server certificate content
- * @return string with server certificate content
- */
- public String getServerCert() {
- File certFile = getServerCertficateFilePath();
- String srvrCrtContent = null;
- try {
- srvrCrtContent = FileUtils.readFileToString(certFile);
- } catch (IOException e) {
- LOG.error(e.getMessage());
- }
- return srvrCrtContent;
- }
-
- public static File getServerCertficateFilePath() {
- return new File(String.format("%s%s%s",
- SecurityUtils.getSecurityDir(),
- File.separator,
- SliderKeys.CRT_FILE_NAME));
- }
-
- public static File getAgentCertficateFilePath(String containerId) {
- return new File(String.format("%s%s%s.crt",
- SecurityUtils.getSecurityDir(),
- File.separator,
- containerId));
- }
-
- public static File getContainerKeystoreFilePath(String containerId,
- String role) {
- return new File(SecurityUtils.getSecurityDir(), getKeystoreFileName(
- containerId,
- role
- ));
- }
-
- public static File getContainerTruststoreFilePath(String role,
- String containerId) {
- return new File(SecurityUtils.getSecurityDir(),
- getTruststoreFileName(role, containerId));
- }
-
- public static File getAgentKeyFilePath(String containerId) {
- return new File(String.format("%s%s%s.key",
- SecurityUtils.getSecurityDir(),
- File.separator,
- containerId));
- }
-
- /**
- * Signs agent certificate
- * Adds agent certificate to server keystore
- * @return string with agent signed certificate content
- */
- public synchronized SignCertResponse signAgentCrt(String agentHostname,
- String agentCrtReqContent,
- String passphraseAgent) {
- SignCertResponse response = new SignCertResponse();
- LOG.info("Signing of agent certificate");
- LOG.info("Verifying passphrase");
-
- if (!this.passphrase.equals(passphraseAgent.trim())) {
- LOG.warn("Incorrect passphrase from the agent");
- response.setResult(SignCertResponse.ERROR_STATUS);
- response.setMessage("Incorrect passphrase from the agent");
- return response;
- }
-
- String srvrKstrDir = SecurityUtils.getSecurityDir();
- String srvrCrtPass = SecurityUtils.getKeystorePass();
- String srvrCrtName = SliderKeys.CRT_FILE_NAME;
- String srvrKeyName = SliderKeys.KEY_FILE_NAME;
- String agentCrtReqName = agentHostname + ".csr";
- String agentCrtName = agentHostname + ".crt";
-
- Object[] scriptArgs = {srvrKstrDir, agentCrtReqName, agentCrtName,
- srvrCrtPass, srvrKeyName, srvrCrtName};
-
- //Revoke previous agent certificate if exists
- File agentCrtFile = new File(srvrKstrDir + File.separator + agentCrtName);
-
- String command = null;
- if (agentCrtFile.exists()) {
- LOG.info("Revoking of " + agentHostname + " certificate.");
- command = MessageFormat.format(REVOKE_AGENT_CRT, scriptArgs);
- try {
- runCommand(command);
- } catch (SliderException e) {
- int commandExitCode = e.getExitCode();
- response.setResult(SignCertResponse.ERROR_STATUS);
- response.setMessage(
- SecurityUtils.getOpenSslCommandResult(command, commandExitCode));
- return response;
- }
- }
-
- File agentCrtReqFile = new File(srvrKstrDir + File.separator +
- agentCrtReqName);
- try {
- FileUtils.writeStringToFile(agentCrtReqFile, agentCrtReqContent);
- } catch (IOException e1) {
- // TODO Auto-generated catch block
- e1.printStackTrace();
- }
-
- command = MessageFormat.format(SIGN_AGENT_CRT, scriptArgs);
-
- LOG.debug(SecurityUtils.hideOpenSslPassword(command));
- try {
- runCommand(command);
- } catch (SliderException e) {
- int commandExitCode = e.getExitCode();
- response.setResult(SignCertResponse.ERROR_STATUS);
- response.setMessage(
- SecurityUtils.getOpenSslCommandResult(command, commandExitCode));
- return response;
- }
-
- String agentCrtContent = "";
- try {
- agentCrtContent = FileUtils.readFileToString(agentCrtFile);
- } catch (IOException e) {
- e.printStackTrace();
- LOG.error("Error reading signed agent certificate");
- response.setResult(SignCertResponse.ERROR_STATUS);
- response.setMessage("Error reading signed agent certificate");
- return response;
- }
- response.setResult(SignCertResponse.OK_STATUS);
- response.setSignedCa(agentCrtContent);
- //LOG.info(ShellCommandUtil.getOpenSslCommandResult(command, commandExitCode));
- return response;
- }
-
- private String signAgentCertificate (String containerId)
- throws SliderException {
- String srvrKstrDir = SecurityUtils.getSecurityDir();
- String srvrCrtPass = SecurityUtils.getKeystorePass();
- String srvrCrtName = SliderKeys.CRT_FILE_NAME;
- String srvrKeyName = SliderKeys.KEY_FILE_NAME;
- String agentCrtReqName = containerId + ".csr";
- String agentCrtName = containerId + ".crt";
-
- // server certificate must exist already
- if (!(new File(srvrKstrDir, srvrCrtName).exists())) {
- throw new SliderException("CA certificate not generated");
- }
-
- Object[] scriptArgs = {srvrKstrDir, agentCrtReqName, agentCrtName,
- srvrCrtPass, srvrKeyName, srvrCrtName};
-
- //Revoke previous agent certificate if exists
- File agentCrtFile = new File(srvrKstrDir + File.separator + agentCrtName);
-
- String command;
- if (agentCrtFile.exists()) {
- LOG.info("Revoking of " + containerId + " certificate.");
- command = MessageFormat.format(REVOKE_AGENT_CRT, scriptArgs);
- runCommand(command);
- }
-
- command = MessageFormat.format(SIGN_AGENT_CRT, scriptArgs);
-
- LOG.debug(SecurityUtils.hideOpenSslPassword(command));
- runCommand(command);
-
- return agentCrtName;
-
- }
-
- private String getSubjectDN(String hostname, String containerId,
- String appName) {
- return String.format("/CN=%s%s%s",
- hostname,
- containerId != null ? "/OU=" + containerId : "",
- appName != null ? "/OU=" + appName : "");
-
-
- }
-}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java
deleted file mode 100644
index e2339d5..0000000
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.server.services.security;
-
-import org.apache.slider.common.SliderKeys;
-import org.apache.slider.core.conf.AggregateConf;
-import org.apache.slider.core.conf.MapOperations;
-import org.apache.slider.core.exceptions.SliderException;
-
-import java.io.File;
-import java.io.IOException;
-
-/**
- *
- */
-public class KeystoreGenerator extends AbstractSecurityStoreGenerator {
-
-
- public KeystoreGenerator(CertificateManager certificateMgr) {
- super(certificateMgr);
- }
-
- @Override
- public SecurityStore generate(String hostname, String containerId,
- AggregateConf instanceDefinition,
- MapOperations compOps, String role)
- throws SliderException, IOException {
- SecurityStore keystore = null;
- String password = getStorePassword(
- instanceDefinition.getAppConf().credentials, compOps, role);
- if (password != null) {
- keystore =
- certificateMgr.generateContainerKeystore(hostname, containerId, role,
- password);
- }
- return keystore;
- }
-
- @Override
- String getPassword(MapOperations compOps) {
- return compOps.get(
- compOps.get(SliderKeys.COMP_KEYSTORE_PASSWORD_PROPERTY_KEY));
- }
-
- @Override
- String getAlias(MapOperations compOps) {
- return compOps.getOption(SliderKeys.COMP_KEYSTORE_PASSWORD_ALIAS_KEY,
- SliderKeys.COMP_KEYSTORE_PASSWORD_ALIAS_DEFAULT);
- }
-}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java
deleted file mode 100644
index fc54267..0000000
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.server.services.security;
-
-import java.io.File;
-
-/**
- *
- */
-public class SecurityStore {
- private File file;
-
- public enum StoreType {truststore, keystore}
-
- private StoreType type;
-
- public String getType() {
- return type.name();
- }
-
- public File getFile() {
- return file;
- }
-
- public SecurityStore(File file,
- StoreType type) {
-
- this.file = file;
- this.type = type;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
-
- SecurityStore that = (SecurityStore) o;
-
- if (file != null ? !file.equals(that.file) : that.file != null)
- return false;
- if (type != that.type) return false;
-
- return true;
- }
-
- @Override
- public int hashCode() {
- int result = file != null ? file.hashCode() : 0;
- result = 31 * result + (type != null ? type.hashCode() : 0);
- return result;
- }
-}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java
deleted file mode 100644
index a814988..0000000
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.server.services.security;
-
-import org.apache.slider.core.conf.AggregateConf;
-import org.apache.slider.core.conf.MapOperations;
-import org.apache.slider.core.exceptions.SliderException;
-
-import java.io.File;
-import java.io.IOException;
-
-/**
- *
- */
-public interface SecurityStoreGenerator {
-
- SecurityStore generate(String hostname,
- String containerId,
- AggregateConf instanceDefinition,
- MapOperations compOps,
- String role)
- throws SliderException, IOException;
-
- boolean isStoreRequested(MapOperations compOps);
-}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org