You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by vi...@apache.org on 2014/11/03 21:50:00 UTC
git commit: YARN-2798. Fixed YarnClient to populate the renewer
correctly for Timeline delegation tokens. Contributed by Zhijie Shen.
Repository: hadoop
Updated Branches:
refs/heads/trunk 6157ace54 -> 71fbb474f
YARN-2798. Fixed YarnClient to populate the renewer correctly for Timeline delegation tokens. Contributed by Zhijie Shen.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/71fbb474
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/71fbb474
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/71fbb474
Branch: refs/heads/trunk
Commit: 71fbb474f531f60c5d908cf724f18f90dfd5fa9f
Parents: 6157ace
Author: Vinod Kumar Vavilapalli <vi...@apache.org>
Authored: Mon Nov 3 12:36:44 2014 -0800
Committer: Vinod Kumar Vavilapalli <vi...@apache.org>
Committed: Mon Nov 3 12:49:42 2014 -0800
----------------------------------------------------------------------
hadoop-yarn-project/CHANGES.txt | 3 +++
.../yarn/client/api/impl/YarnClientImpl.java | 22 ++++++++++++++------
.../yarn/client/api/impl/TestYarnClient.java | 20 +++++++++++++++++-
.../yarn/security/TestYARNTokenIdentifier.java | 19 +++++++++++++++++
4 files changed, 57 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/71fbb474/hadoop-yarn-project/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt
index 1bb116b..c3ee0b0 100644
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@@ -842,6 +842,9 @@ Release 2.6.0 - UNRELEASED
YARN-2730. DefaultContainerExecutor runs only one localizer at a time
(Siqi Li via jlowe)
+ YARN-2798. Fixed YarnClient to populate the renewer correctly for Timeline
+ delegation tokens. (Zhijie Shen via vinodkv)
+
Release 2.5.1 - 2014-09-05
INCOMPATIBLE CHANGES
http://git-wip-us.apache.org/repos/asf/hadoop/blob/71fbb474/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/YarnClientImpl.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/YarnClientImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/YarnClientImpl.java
index 1193cb4..e4f31f2 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/YarnClientImpl.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/YarnClientImpl.java
@@ -36,7 +36,7 @@ import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.security.Credentials;
-import org.apache.hadoop.security.HadoopKerberosName;
+import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.yarn.api.ApplicationClientProtocol;
@@ -51,7 +51,6 @@ import org.apache.hadoop.yarn.api.protocolrecords.GetApplicationsResponse;
import org.apache.hadoop.yarn.api.protocolrecords.GetClusterMetricsRequest;
import org.apache.hadoop.yarn.api.protocolrecords.GetClusterMetricsResponse;
import org.apache.hadoop.yarn.api.protocolrecords.GetClusterNodeLabelsRequest;
-import org.apache.hadoop.yarn.api.protocolrecords.GetClusterNodeLabelsResponse;
import org.apache.hadoop.yarn.api.protocolrecords.GetClusterNodesRequest;
import org.apache.hadoop.yarn.api.protocolrecords.GetClusterNodesResponse;
import org.apache.hadoop.yarn.api.protocolrecords.GetContainerReportRequest;
@@ -124,6 +123,8 @@ public class YarnClientImpl extends YarnClient {
protected TimelineClient timelineClient;
@VisibleForTesting
Text timelineService;
+ @VisibleForTesting
+ String timelineDTRenewer;
protected boolean timelineServiceEnabled;
private static final String ROOT = "root";
@@ -161,6 +162,7 @@ public class YarnClientImpl extends YarnClient {
timelineServiceEnabled = true;
timelineClient = TimelineClient.createTimelineClient();
timelineClient.init(conf);
+ timelineDTRenewer = getTimelineDelegationTokenRenewer(conf);
timelineService = TimelineUtils.buildTimelineTokenService(conf);
}
super.serviceInit(conf);
@@ -320,14 +322,22 @@ public class YarnClientImpl extends YarnClient {
@VisibleForTesting
org.apache.hadoop.security.token.Token<TimelineDelegationTokenIdentifier>
getTimelineDelegationToken() throws IOException, YarnException {
+ return timelineClient.getDelegationToken(timelineDTRenewer);
+ }
+
+ private static String getTimelineDelegationTokenRenewer(Configuration conf)
+ throws IOException, YarnException {
// Parse the RM daemon user if it exists in the config
- String rmPrincipal = getConfig().get(YarnConfiguration.RM_PRINCIPAL);
+ String rmPrincipal = conf.get(YarnConfiguration.RM_PRINCIPAL);
String renewer = null;
if (rmPrincipal != null && rmPrincipal.length() > 0) {
- HadoopKerberosName renewerKrbName = new HadoopKerberosName(rmPrincipal);
- renewer = renewerKrbName.getShortName();
+ String rmHost = conf.getSocketAddr(
+ YarnConfiguration.RM_ADDRESS,
+ YarnConfiguration.DEFAULT_RM_ADDRESS,
+ YarnConfiguration.DEFAULT_RM_PORT).getHostName();
+ renewer = SecurityUtil.getServerPrincipal(rmPrincipal, rmHost);
}
- return timelineClient.getDelegationToken(renewer);
+ return renewer;
}
@Private
http://git-wip-us.apache.org/repos/asf/hadoop/blob/71fbb474/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestYarnClient.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestYarnClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestYarnClient.java
index d7bea7a..ca7c50a 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestYarnClient.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestYarnClient.java
@@ -852,7 +852,25 @@ public class TestYarnClient {
client.stop();
}
}
-
+
+ @Test
+ public void testParseTimelineDelegationTokenRenewer() throws Exception {
+ // Client side
+ YarnClientImpl client = (YarnClientImpl) YarnClient.createYarnClient();
+ Configuration conf = new YarnConfiguration();
+ conf.setBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED, true);
+ conf.set(YarnConfiguration.RM_PRINCIPAL, "rm/_HOST@EXAMPLE.COM");
+ conf.set(
+ YarnConfiguration.RM_ADDRESS, "localhost:8188");
+ try {
+ client.init(conf);
+ client.start();
+ Assert.assertEquals("rm/localhost@EXAMPLE.COM", client.timelineDTRenewer);
+ } finally {
+ client.stop();
+ }
+ }
+
@Test
public void testReservationAPIs() {
// initialize
http://git-wip-us.apache.org/repos/asf/hadoop/blob/71fbb474/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestYARNTokenIdentifier.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestYARNTokenIdentifier.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestYARNTokenIdentifier.java
index 2052c23..dc4f9e2 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestYARNTokenIdentifier.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestYARNTokenIdentifier.java
@@ -19,14 +19,18 @@ package org.apache.hadoop.yarn.security;
import java.io.IOException;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.io.DataInputBuffer;
import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.HadoopKerberosName;
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.ContainerId;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.api.records.Priority;
import org.apache.hadoop.yarn.api.records.Resource;
+import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.security.client.ClientToAMTokenIdentifier;
import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier;
@@ -299,4 +303,19 @@ public class TestYARNTokenIdentifier {
anotherToken.getMasterKeyId(), masterKeyId);
}
+ @Test
+ public void testParseTimelineDelegationTokenIdentifierRenewer() throws IOException {
+ // Server side when generation a timeline DT
+ Configuration conf = new YarnConfiguration();
+ conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL,
+ "RULE:[2:$1@$0]([nr]m@.*EXAMPLE.COM)s/.*/yarn/");
+ HadoopKerberosName.setConfiguration(conf);
+ Text owner = new Text("owner");
+ Text renewer = new Text("rm/localhost@EXAMPLE.COM");
+ Text realUser = new Text("realUser");
+ TimelineDelegationTokenIdentifier token =
+ new TimelineDelegationTokenIdentifier(owner, renewer, realUser);
+ Assert.assertEquals(new Text("yarn"), token.getRenewer());
+ }
+
}