You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ji...@apache.org on 2016/12/22 19:32:02 UTC
[36/51] [abbrv] hadoop git commit: YARN-5218. Initial core change for
DNS for YARN. Contributed by Jonathan Maron
http://git-wip-us.apache.org/repos/asf/hadoop/blob/3031e921/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/server/dns/TestRegistryDNS.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/server/dns/TestRegistryDNS.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/server/dns/TestRegistryDNS.java
new file mode 100644
index 0000000..37f0d23
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/server/dns/TestRegistryDNS.java
@@ -0,0 +1,561 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.registry.server.dns;
+
+import org.apache.commons.net.util.Base64;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.registry.client.api.RegistryConstants;
+import org.apache.hadoop.registry.client.binding.RegistryUtils;
+import org.apache.hadoop.registry.client.types.ServiceRecord;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.xbill.DNS.AAAARecord;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.CNAMERecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
+import org.xbill.DNS.Flags;
+import org.xbill.DNS.Message;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.OPTRecord;
+import org.xbill.DNS.PTRRecord;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Rcode;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.SRVRecord;
+import org.xbill.DNS.Section;
+import org.xbill.DNS.Type;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.spec.RSAPrivateKeySpec;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.concurrent.TimeUnit;
+
+import static org.apache.hadoop.registry.client.api.RegistryConstants.KEY_DNS_ZONE_MASK;
+import static org.apache.hadoop.registry.client.api.RegistryConstants.KEY_DNS_ZONE_SUBNET;
+
+/**
+ *
+ */
+public class TestRegistryDNS extends Assert {
+
+ private RegistryDNS registryDNS;
+ private RegistryUtils.ServiceRecordMarshal marshal;
+
+ private static final String APPLICATION_RECORD = "{\n"
+ + " \"type\" : \"JSONServiceRecord\",\n"
+ + " \"description\" : \"Slider Application Master\",\n"
+ + " \"external\" : [ {\n"
+ + " \"api\" : \"classpath:org.apache.slider.appmaster.ipc\",\n"
+ + " \"addressType\" : \"host/port\",\n"
+ + " \"protocolType\" : \"hadoop/IPC\",\n"
+ + " \"addresses\" : [ {\n"
+ + " \"host\" : \"192.168.1.5\",\n"
+ + " \"port\" : \"1026\"\n"
+ + " } ]\n"
+ + " }, {\n"
+ + " \"api\" : \"http://\",\n"
+ + " \"addressType\" : \"uri\",\n"
+ + " \"protocolType\" : \"webui\",\n"
+ + " \"addresses\" : [ {\n"
+ + " \"uri\" : \"http://192.168.1.5:1027\"\n"
+ + " } ]\n"
+ + " }, {\n"
+ + " \"api\" : \"classpath:org.apache.slider.management\",\n"
+ + " \"addressType\" : \"uri\",\n"
+ + " \"protocolType\" : \"REST\",\n"
+ + " \"addresses\" : [ {\n"
+ + " \"uri\" : \"http://192.168.1.5:1027/ws/v1/slider/mgmt\"\n"
+ + " } ]\n"
+ + " } ],\n"
+ + " \"internal\" : [ {\n"
+ + " \"api\" : \"classpath:org.apache.slider.agents.secure\",\n"
+ + " \"addressType\" : \"uri\",\n"
+ + " \"protocolType\" : \"REST\",\n"
+ + " \"addresses\" : [ {\n"
+ + " \"uri\" : \"https://192.168.1.5:47700/ws/v1/slider/agents\"\n"
+ + " } ]\n"
+ + " }, {\n"
+ + " \"api\" : \"classpath:org.apache.slider.agents.oneway\",\n"
+ + " \"addressType\" : \"uri\",\n"
+ + " \"protocolType\" : \"REST\",\n"
+ + " \"addresses\" : [ {\n"
+ + " \"uri\" : \"https://192.168.1.5:35531/ws/v1/slider/agents\"\n"
+ + " } ]\n"
+ + " } ],\n"
+ + " \"yarn:id\" : \"application_1451931954322_0016\",\n"
+ + " \"yarn:persistence\" : \"application\"\n"
+ + "}\n";
+ static final String CONTAINER_RECORD = "{\n"
+ + " \"type\" : \"JSONServiceRecord\",\n"
+ + " \"description\" : \"YCLOUD\",\n"
+ + " \"external\" : [ ],\n"
+ + " \"internal\" : [ ],\n"
+ + " \"yarn:id\" : \"container_e50_1451931954322_0016_01_000002\",\n"
+ + " \"yarn:persistence\" : \"container\",\n"
+ + " \"yarn:ip\" : \"172.17.0.19\",\n"
+ + " \"yarn:hostname\" : \"0a134d6329ba\"\n"
+ + "}\n";
+
+ private static final String CONTAINER_RECORD_NO_IP = "{\n"
+ + " \"type\" : \"JSONServiceRecord\",\n"
+ + " \"description\" : \"YCLOUD\",\n"
+ + " \"external\" : [ ],\n"
+ + " \"internal\" : [ ],\n"
+ + " \"yarn:id\" : \"container_e50_1451931954322_0016_01_000002\",\n"
+ + " \"yarn:persistence\" : \"container\"\n"
+ + "}\n";
+
+ @Before
+ public void initialize() throws Exception {
+ setRegistryDNS(new RegistryDNS("TestRegistry"));
+ Configuration conf = createConfiguration();
+
+ getRegistryDNS().setDomainName(conf);
+ getRegistryDNS().initializeZones(conf);
+
+ setMarshal(new RegistryUtils.ServiceRecordMarshal());
+ }
+
+ protected Configuration createConfiguration() {
+ Configuration conf = new Configuration();
+ conf.set(RegistryConstants.KEY_DNS_DOMAIN, "hwx.test");
+ conf.set(RegistryConstants.KEY_DNS_ZONE_SUBNET, "172.17.0");
+ conf.setTimeDuration(RegistryConstants.KEY_DNS_TTL, 30L, TimeUnit.SECONDS);
+ return conf;
+ }
+
+ protected boolean isSecure() {
+ return false;
+ }
+
+ @After
+ public void closeRegistry() throws Exception {
+ getRegistryDNS().stopExecutor();
+ }
+
+ @Test
+ public void testAppRegistration() throws Exception {
+ ServiceRecord record = getMarshal().fromBytes("somepath",
+ APPLICATION_RECORD.getBytes());
+ getRegistryDNS().register(
+ "/registry/users/root/services/org-apache-slider/test1/", record);
+
+ // start assessing whether correct records are available
+ Record[] recs = assertDNSQuery("test1.root.hwx.test.");
+ assertEquals("wrong result", "192.168.1.5",
+ ((ARecord) recs[0]).getAddress().getHostAddress());
+
+ recs = assertDNSQuery("management-api.test1.root.hwx.test.", 2);
+ assertEquals("wrong target name", "test1.root.hwx.test.",
+ ((CNAMERecord) recs[0]).getTarget().toString());
+ assertTrue("not an ARecord", recs[isSecure() ? 2 : 1] instanceof ARecord);
+
+ recs = assertDNSQuery("appmaster-ipc-api.test1.root.hwx.test.",
+ Type.SRV, 1);
+ assertTrue("not an SRV record", recs[0] instanceof SRVRecord);
+ assertEquals("wrong port", 1026, ((SRVRecord) recs[0]).getPort());
+
+ recs = assertDNSQuery("appmaster-ipc-api.test1.root.hwx.test.", 2);
+ assertEquals("wrong target name", "test1.root.hwx.test.",
+ ((CNAMERecord) recs[0]).getTarget().toString());
+ assertTrue("not an ARecord", recs[isSecure() ? 2 : 1] instanceof ARecord);
+
+ recs = assertDNSQuery("http-api.test1.root.hwx.test.", 2);
+ assertEquals("wrong target name", "test1.root.hwx.test.",
+ ((CNAMERecord) recs[0]).getTarget().toString());
+ assertTrue("not an ARecord", recs[isSecure() ? 2 : 1] instanceof ARecord);
+
+ recs = assertDNSQuery("http-api.test1.root.hwx.test.", Type.SRV,
+ 1);
+ assertTrue("not an SRV record", recs[0] instanceof SRVRecord);
+ assertEquals("wrong port", 1027, ((SRVRecord) recs[0]).getPort());
+
+ assertDNSQuery("test1.root.hwx.test.", Type.TXT, 3);
+ assertDNSQuery("appmaster-ipc-api.test1.root.hwx.test.", Type.TXT, 1);
+ assertDNSQuery("http-api.test1.root.hwx.test.", Type.TXT, 1);
+ assertDNSQuery("management-api.test1.root.hwx.test.", Type.TXT, 1);
+ }
+
+ @Test
+ public void testContainerRegistration() throws Exception {
+ ServiceRecord record = getMarshal().fromBytes("somepath",
+ CONTAINER_RECORD.getBytes());
+ getRegistryDNS().register(
+ "/registry/users/root/services/org-apache-slider/test1/components/"
+ + "container-e50-1451931954322-0016-01-000002",
+ record);
+
+ // start assessing whether correct records are available
+ Record[] recs =
+ assertDNSQuery("ctr-e50-1451931954322-0016-01-000002.hwx.test.");
+ assertEquals("wrong result", "172.17.0.19",
+ ((ARecord) recs[0]).getAddress().getHostAddress());
+
+ recs = assertDNSQuery("ycloud.test1.root.hwx.test.", 1);
+ assertTrue("not an ARecord", recs[0] instanceof ARecord);
+ }
+
+ @Test
+ public void testRecordTTL() throws Exception {
+ ServiceRecord record = getMarshal().fromBytes("somepath",
+ CONTAINER_RECORD.getBytes());
+ getRegistryDNS().register(
+ "/registry/users/root/services/org-apache-slider/test1/components/"
+ + "container-e50-1451931954322-0016-01-000002",
+ record);
+
+ // start assessing whether correct records are available
+ Record[] recs = assertDNSQuery(
+ "ctr-e50-1451931954322-0016-01-000002.hwx.test.");
+ assertEquals("wrong result", "172.17.0.19",
+ ((ARecord) recs[0]).getAddress().getHostAddress());
+ assertEquals("wrong ttl", 30L, recs[0].getTTL());
+
+ recs = assertDNSQuery("ycloud.test1.root.hwx.test.", 1);
+ assertTrue("not an ARecord", recs[0] instanceof ARecord);
+
+ assertEquals("wrong ttl", 30L, recs[0].getTTL());
+ }
+
+ @Test
+ public void testReverseLookup() throws Exception {
+ ServiceRecord record = getMarshal().fromBytes("somepath",
+ CONTAINER_RECORD.getBytes());
+ getRegistryDNS().register(
+ "/registry/users/root/services/org-apache-slider/test1/components/"
+ + "container-e50-1451931954322-0016-01-000002",
+ record);
+
+ // start assessing whether correct records are available
+ Record[] recs = assertDNSQuery("19.0.17.172.in-addr.arpa.", Type.PTR, 1);
+ assertEquals("wrong result",
+ "ctr-e50-1451931954322-0016-01-000002.hwx.test.",
+ ((PTRRecord) recs[0]).getTarget().toString());
+ }
+
+ @Test
+ public void testReverseLookupInLargeNetwork() throws Exception {
+ setRegistryDNS(new RegistryDNS("TestRegistry"));
+ Configuration conf = createConfiguration();
+ conf.set(RegistryConstants.KEY_DNS_DOMAIN, "hwx.test");
+ conf.set(KEY_DNS_ZONE_SUBNET, "172.17.0.0");
+ conf.set(KEY_DNS_ZONE_MASK, "255.255.224.0");
+ conf.setTimeDuration(RegistryConstants.KEY_DNS_TTL, 30L, TimeUnit.SECONDS);
+
+ getRegistryDNS().setDomainName(conf);
+ getRegistryDNS().initializeZones(conf);
+
+ ServiceRecord record = getMarshal().fromBytes("somepath",
+ CONTAINER_RECORD.getBytes());
+ getRegistryDNS().register(
+ "/registry/users/root/services/org-apache-slider/test1/components/"
+ + "container-e50-1451931954322-0016-01-000002",
+ record);
+
+ // start assessing whether correct records are available
+ Record[] recs = assertDNSQuery("19.0.17.172.in-addr.arpa.", Type.PTR, 1);
+ assertEquals("wrong result",
+ "ctr-e50-1451931954322-0016-01-000002.hwx.test.",
+ ((PTRRecord) recs[0]).getTarget().toString());
+ }
+
+ @Test
+ public void testMissingReverseLookup() throws Exception {
+ ServiceRecord record = getMarshal().fromBytes("somepath",
+ CONTAINER_RECORD.getBytes());
+ getRegistryDNS().register(
+ "/registry/users/root/services/org-apache-slider/test1/components/"
+ + "container-e50-1451931954322-0016-01-000002",
+ record);
+
+ // start assessing whether correct records are available
+ Name name = Name.fromString("19.1.17.172.in-addr.arpa.");
+ Record question = Record.newRecord(name, Type.PTR, DClass.IN);
+ Message query = Message.newQuery(question);
+ OPTRecord optRecord = new OPTRecord(4096, 0, 0, Flags.DO, null);
+ query.addRecord(optRecord, Section.ADDITIONAL);
+ byte[] responseBytes = getRegistryDNS().generateReply(query, null);
+ Message response = new Message(responseBytes);
+ assertEquals("No answer should be returned", Rcode.NOTAUTH,
+ response.getRcode());
+ }
+
+ @Test
+ public void testNoContainerIP() throws Exception {
+ ServiceRecord record = getMarshal().fromBytes("somepath",
+ CONTAINER_RECORD_NO_IP.getBytes());
+ getRegistryDNS().register(
+ "/registry/users/root/services/org-apache-slider/test1/components/"
+ + "container-e50-1451931954322-0016-01-000002",
+ record);
+
+ // start assessing whether correct records are available
+ Name name =
+ Name.fromString("ctr-e50-1451931954322-0016-01-000002.hwx.test.");
+ Record question = Record.newRecord(name, Type.A, DClass.IN);
+ Message query = Message.newQuery(question);
+
+ byte[] responseBytes = getRegistryDNS().generateReply(query, null);
+ Message response = new Message(responseBytes);
+ assertEquals("wrong status", Rcode.NXDOMAIN, response.getRcode());
+ }
+
+ private Record[] assertDNSQuery(String lookup) throws IOException {
+ return assertDNSQuery(lookup, Type.A, 1);
+ }
+
+ private Record[] assertDNSQuery(String lookup, int numRecs)
+ throws IOException {
+ return assertDNSQuery(lookup, Type.A, numRecs);
+ }
+
+ Record[] assertDNSQuery(String lookup, int type, int numRecs)
+ throws IOException {
+ Name name = Name.fromString(lookup);
+ Record question = Record.newRecord(name, type, DClass.IN);
+ Message query = Message.newQuery(question);
+ OPTRecord optRecord = new OPTRecord(4096, 0, 0, Flags.DO, null);
+ query.addRecord(optRecord, Section.ADDITIONAL);
+ byte[] responseBytes = getRegistryDNS().generateReply(query, null);
+ Message response = new Message(responseBytes);
+ assertEquals("not successful", Rcode.NOERROR, response.getRcode());
+ assertNotNull("Null response", response);
+ assertEquals("Questions do not match", query.getQuestion(),
+ response.getQuestion());
+ Record[] recs = response.getSectionArray(Section.ANSWER);
+ assertEquals("wrong number of answer records",
+ isSecure() ? numRecs * 2 : numRecs, recs.length);
+ if (isSecure()) {
+ boolean signed = false;
+ for (Record record : recs) {
+ signed = record.getType() == Type.RRSIG;
+ if (signed) {
+ break;
+ }
+ }
+ assertTrue("No signatures found", signed);
+ }
+ return recs;
+ }
+
+ @Test
+ public void testDNSKEYRecord() throws Exception {
+ String publicK =
+ "AwEAAe1Jev0Az1khlQCvf0nud1/CNHQwwPEu8BNchZthdDxKPVn29yrD "
+ + "CHoAWjwiGsOSw3SzIPrawSbHzyJsjn0oLBhGrH6QedFGnydoxjNsw3m/ "
+ + "SCmOjR/a7LGBAMDFKqFioi4gOyuN66svBeY+/5uw72+0ei9AQ20gqf6q "
+ + "l9Ozs5bV";
+ // byte[] publicBytes = Base64.decodeBase64(publicK);
+ // X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicBytes);
+ // KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+ // PublicKey pubKey = keyFactory.generatePublic(keySpec);
+ DNSKEYRecord dnskeyRecord =
+ new DNSKEYRecord(Name.fromString("hwxstg.site."), DClass.IN, 0,
+ DNSKEYRecord.Flags.ZONE_KEY,
+ DNSKEYRecord.Protocol.DNSSEC,
+ DNSSEC.Algorithm.RSASHA256,
+ Base64.decodeBase64(publicK.getBytes()));
+ assertNotNull(dnskeyRecord);
+ RSAPrivateKeySpec privateSpec = new RSAPrivateKeySpec(new BigInteger(1,
+ Base64.decodeBase64(
+ "7Ul6/QDPWSGVAK9/Se53X8I0dDDA8S7wE1yFm2F0PEo9Wfb3KsMIegBaPCIaw5LDd"
+ + "LMg+trBJsfPImyOfSgsGEasfpB50UafJ2jGM2zDeb9IKY6NH9rssYEAwMUq"
+ + "oWKiLiA7K43rqy8F5j7/m7Dvb7R6L0BDbSCp/qqX07OzltU=")),
+ new BigInteger(1, Base64.decodeBase64(
+ "MgbQ6DBYhskeufNGGdct0cGG/4wb0X183ggenwCv2dopDyOTPq+5xMb4Pz9Ndzgk/"
+ + "yCY7mpaWIu9rttGOzrR+LBRR30VobPpMK1bMnzu2C0x08oYAguVwZB79DLC"
+ + "705qmZpiaaFB+LnhG7VtpPiOBm3UzZxdrBfeq/qaKrXid60=")));
+ KeyFactory factory = KeyFactory.getInstance("RSA");
+ PrivateKey priv = factory.generatePrivate(privateSpec);
+
+ ARecord aRecord = new ARecord(Name.fromString("some.test."), DClass.IN, 0,
+ InetAddress.getByName("192.168.0.1"));
+ Calendar cal = Calendar.getInstance();
+ Date inception = cal.getTime();
+ cal.add(Calendar.YEAR, 1);
+ Date expiration = cal.getTime();
+ RRset rrset = new RRset(aRecord);
+ RRSIGRecord rrsigRecord = DNSSEC.sign(rrset,
+ dnskeyRecord,
+ priv,
+ inception,
+ expiration);
+ DNSSEC.verify(rrset, rrsigRecord, dnskeyRecord);
+
+ }
+
+ @Test
+ public void testIpv4toIpv6() throws Exception {
+ InetAddress address =
+ BaseServiceRecordProcessor
+ .getIpv6Address(InetAddress.getByName("172.17.0.19"));
+ assertTrue("not an ipv6 address", address instanceof Inet6Address);
+ assertEquals("wrong IP", "172.17.0.19",
+ InetAddress.getByAddress(address.getAddress()).getHostAddress());
+ }
+
+ @Test
+ public void testAAAALookup() throws Exception {
+ ServiceRecord record = getMarshal().fromBytes("somepath",
+ CONTAINER_RECORD.getBytes());
+ getRegistryDNS().register(
+ "/registry/users/root/services/org-apache-slider/test1/components/"
+ + "container-e50-1451931954322-0016-01-000002",
+ record);
+
+ // start assessing whether correct records are available
+ Record[] recs = assertDNSQuery(
+ "ctr-e50-1451931954322-0016-01-000002.hwx.test.", Type.AAAA, 1);
+ assertEquals("wrong result", "172.17.0.19",
+ ((AAAARecord) recs[0]).getAddress().getHostAddress());
+
+ recs = assertDNSQuery("ycloud.test1.root.hwx.test.", Type.AAAA, 1);
+ assertTrue("not an ARecord", recs[0] instanceof AAAARecord);
+ }
+
+ @Test
+ public void testNegativeLookup() throws Exception {
+ ServiceRecord record = getMarshal().fromBytes("somepath",
+ CONTAINER_RECORD.getBytes());
+ getRegistryDNS().register(
+ "/registry/users/root/services/org-apache-slider/test1/components/"
+ + "container-e50-1451931954322-0016-01-000002",
+ record);
+
+ // start assessing whether correct records are available
+ Name name = Name.fromString("missing.hwx.test.");
+ Record question = Record.newRecord(name, Type.A, DClass.IN);
+ Message query = Message.newQuery(question);
+
+ byte[] responseBytes = getRegistryDNS().generateReply(query, null);
+ Message response = new Message(responseBytes);
+ assertEquals("not successful", Rcode.NXDOMAIN, response.getRcode());
+ assertNotNull("Null response", response);
+ assertEquals("Questions do not match", query.getQuestion(),
+ response.getQuestion());
+ Record[] sectionArray = response.getSectionArray(Section.AUTHORITY);
+ assertEquals("Wrong number of recs in AUTHORITY", isSecure() ? 2 : 1,
+ sectionArray.length);
+ boolean soaFound = false;
+ for (Record rec : sectionArray) {
+ soaFound = rec.getType() == Type.SOA;
+ if (soaFound) {
+ break;
+ }
+ }
+ assertTrue("wrong record type",
+ soaFound);
+
+ }
+
+ @Test
+ public void testReadMasterFile() throws Exception {
+ setRegistryDNS(new RegistryDNS("TestRegistry"));
+ Configuration conf = new Configuration();
+ conf.set(RegistryConstants.KEY_DNS_DOMAIN, "hwx.test");
+ conf.set(RegistryConstants.KEY_DNS_ZONE_SUBNET, "172.17.0");
+ conf.setTimeDuration(RegistryConstants.KEY_DNS_TTL, 30L, TimeUnit.SECONDS);
+ conf.set(RegistryConstants.KEY_DNS_ZONES_DIR,
+ getClass().getResource("/").getFile());
+ if (isSecure()) {
+ conf.setBoolean(RegistryConstants.KEY_DNSSEC_ENABLED, true);
+ conf.set(RegistryConstants.KEY_DNSSEC_PUBLIC_KEY,
+ "AwEAAe1Jev0Az1khlQCvf0nud1/CNHQwwPEu8BNchZthdDxKPVn29yrD "
+ + "CHoAWjwiGsOSw3SzIPrawSbHzyJsjn0oLBhGrH6QedFGnydoxjNsw3m/ "
+ + "SCmOjR/a7LGBAMDFKqFioi4gOyuN66svBeY+/5uw72+0ei9AQ20gqf6q "
+ + "l9Ozs5bV");
+ conf.set(RegistryConstants.KEY_DNSSEC_PRIVATE_KEY_FILE,
+ getClass().getResource("/test.private").getFile());
+ }
+
+ getRegistryDNS().setDomainName(conf);
+ getRegistryDNS().initializeZones(conf);
+
+ ServiceRecord record = getMarshal().fromBytes("somepath",
+ CONTAINER_RECORD.getBytes());
+ getRegistryDNS().register(
+ "/registry/users/root/services/org-apache-slider/test1/components/"
+ + "container-e50-1451931954322-0016-01-000002",
+ record);
+
+ // start assessing whether correct records are available
+ Record[] recs =
+ assertDNSQuery("ctr-e50-1451931954322-0016-01-000002.hwx.test.");
+ assertEquals("wrong result", "172.17.0.19",
+ ((ARecord) recs[0]).getAddress().getHostAddress());
+
+ recs = assertDNSQuery("ycloud.test1.root.hwx.test.", 1);
+ assertTrue("not an ARecord", recs[0] instanceof ARecord);
+
+ // lookup dyanmic reverse records
+ recs = assertDNSQuery("19.0.17.172.in-addr.arpa.", Type.PTR, 1);
+ assertEquals("wrong result",
+ "ctr-e50-1451931954322-0016-01-000002.hwx.test.",
+ ((PTRRecord) recs[0]).getTarget().toString());
+
+ // now lookup static reverse records
+ Name name = Name.fromString("5.0.17.172.in-addr.arpa.");
+ Record question = Record.newRecord(name, Type.PTR, DClass.IN);
+ Message query = Message.newQuery(question);
+ OPTRecord optRecord = new OPTRecord(4096, 0, 0, Flags.DO, null);
+ query.addRecord(optRecord, Section.ADDITIONAL);
+ byte[] responseBytes = getRegistryDNS().generateReply(query, null);
+ Message response = new Message(responseBytes);
+ recs = response.getSectionArray(Section.ANSWER);
+ assertEquals("wrong result", "cn005.hwx.test.",
+ ((PTRRecord) recs[0]).getTarget().toString());
+ }
+
+ @Test
+ public void testReverseZoneNames() throws Exception {
+ Configuration conf = new Configuration();
+ conf.set(KEY_DNS_ZONE_SUBNET, "172.26.32.0");
+ conf.set(KEY_DNS_ZONE_MASK, "255.255.224.0");
+
+ Name name = getRegistryDNS().getReverseZoneName(conf);
+ assertEquals("wrong name", "26.172.in-addr.arpa.", name.toString());
+ }
+
+ public RegistryDNS getRegistryDNS() {
+ return registryDNS;
+ }
+
+ public void setRegistryDNS(
+ RegistryDNS registryDNS) {
+ this.registryDNS = registryDNS;
+ }
+
+ public RegistryUtils.ServiceRecordMarshal getMarshal() {
+ return marshal;
+ }
+
+ public void setMarshal(
+ RegistryUtils.ServiceRecordMarshal marshal) {
+ this.marshal = marshal;
+ }
+}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/3031e921/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/server/dns/TestSecureRegistryDNS.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/server/dns/TestSecureRegistryDNS.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/server/dns/TestSecureRegistryDNS.java
new file mode 100644
index 0000000..ded63bd
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/java/org/apache/hadoop/registry/server/dns/TestSecureRegistryDNS.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.registry.server.dns;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.registry.client.api.RegistryConstants;
+
+/**
+ *
+ */
+public class TestSecureRegistryDNS extends TestRegistryDNS {
+ @Override protected Configuration createConfiguration() {
+ Configuration conf = super.createConfiguration();
+ conf.setBoolean(RegistryConstants.KEY_DNSSEC_ENABLED, true);
+ conf.set(RegistryConstants.KEY_DNSSEC_PUBLIC_KEY,
+ "AwEAAe1Jev0Az1khlQCvf0nud1/CNHQwwPEu8BNchZthdDxKPVn29yrD "
+ + "CHoAWjwiGsOSw3SzIPrawSbHzyJsjn0oLBhGrH6QedFGnydoxjNsw3m/ "
+ + "SCmOjR/a7LGBAMDFKqFioi4gOyuN66svBeY+/5uw72+0ei9AQ20gqf6q "
+ + "l9Ozs5bV");
+ conf.set(RegistryConstants.KEY_DNSSEC_PRIVATE_KEY_FILE,
+ getClass().getResource("/test.private").getFile());
+
+ return conf;
+ }
+
+ @Override protected boolean isSecure() {
+ return true;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/3031e921/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/resources/0.17.172.in-addr.arpa.zone
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/resources/0.17.172.in-addr.arpa.zone b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/resources/0.17.172.in-addr.arpa.zone
new file mode 100644
index 0000000..0165f0d
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/resources/0.17.172.in-addr.arpa.zone
@@ -0,0 +1,36 @@
+;
+; Licensed to the Apache Software Foundation (ASF) under one
+; or more contributor license agreements. See the NOTICE file
+; distributed with this work for additional information
+; regarding copyright ownership. The ASF licenses this file
+; to you under the Apache License, Version 2.0 (the
+; "License"); you may not use this file except in compliance
+; with the License. You may obtain a copy of the License at
+;
+; http://www.apache.org/licenses/LICENSE-2.0
+;
+; Unless required by applicable law or agreed to in writing, software
+; distributed under the License is distributed on an "AS IS" BASIS,
+; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+; See the License for the specific language governing permissions and
+; limitations under the License.
+;
+;
+$ORIGIN .
+$TTL 1800 ; 30 minutes
+0.17.172.in-addr.arpa IN SOA ns.hwhq.hortonworks.com. it.hortonworks.com. (
+ 2015081000 ; serial
+ 10800 ; refresh (3 hours)
+ 900 ; retry (15 minutes)
+ 1814400 ; expire (3 weeks)
+ 10800 ; minimum (3 hours)
+)
+ NS ns.hwhq.hortonworks.com.
+ NS ns2.hwhq.hortonworks.com.
+
+$ORIGIN 0.17.172.in-addr.arpa.
+5 PTR cn005.hwx.test.
+6 PTR cn006.hwx.test.
+7 PTR cn007.hwx.test.
+8 PTR cn008.hwx.test.
+9 PTR cn009.hwx.test.
http://git-wip-us.apache.org/repos/asf/hadoop/blob/3031e921/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/resources/test.private
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/resources/test.private b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/resources/test.private
new file mode 100644
index 0000000..5f0da9d
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/test/resources/test.private
@@ -0,0 +1,32 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: 7Ul6/QDPWSGVAK9/Se53X8I0dDDA8S7wE1yFm2F0PEo9Wfb3KsMIegBaPCIaw5LDdLMg+trBJsfPImyOfSgsGEasfpB50UafJ2jGM2zDeb9IKY6NH9rssYEAwMUqoWKiLiA7K43rqy8F5j7/m7Dvb7R6L0BDbSCp/qqX07OzltU=
+PublicExponent: AQAB
+PrivateExponent: MgbQ6DBYhskeufNGGdct0cGG/4wb0X183ggenwCv2dopDyOTPq+5xMb4Pz9Ndzgk/yCY7mpaWIu9rttGOzrR+LBRR30VobPpMK1bMnzu2C0x08oYAguVwZB79DLC705qmZpiaaFB+LnhG7VtpPiOBm3UzZxdrBfeq/qaKrXid60=
+Prime1: /HFdjI4cRuJBjK9IGWWmmVZWwaFsQYO9GHLCDwjm691GxaDpXuMdPd0uH9EqQvskyF8JPmzQXI43swyUFjizow==
+Prime2: 8KFxkWEHlhgB2GLi8tk39TKY5vmFUvh4FO28COl1N/rWjKVpfM1p6HQ6YavoGNZQmDBazv4WOZRqSQukHApzJw==
+Exponent1: alX+h/RcqOcpoW88OaZ99N1PkiTDCx3JC4FbiSXAz93Xr+vGIfgdGzAN+80JtklABz8xD6CabEJj6AIGZw3fbQ==
+Exponent2: vvPusqZkJcjBVh0K6hpUXKEdU1W5ZmFEsZ8Cs7PH0Hee4Je3QVGk9NGfLrkDgwo3hL4CofZiXqkXOwYg4husyw==
+Coefficient: omxpbNU6u/swbnkTC6MicaDqbJP7ETnCCJ1iN2+HZO/AlQCFlqVzLwGZmvGMAGA9ZWF+YpqpPhvzi4bWmi5XrQ==
+Created: 20160119155251
+Publish: 20160119155251
+Activate: 20160119155251
+
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org