Java Code Examples for org.apache.hadoop.yarn.security.AMRMTokenIdentifier

The following examples show how to use org.apache.hadoop.yarn.security.AMRMTokenIdentifier. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: Bats   Source File: LaunchContainerRunnable.java    License: Apache License 2.0 6 votes vote down vote up
public static ByteBuffer getTokens(UserGroupInformation ugi, Token<StramDelegationTokenIdentifier> delegationToken)
{
  try {
    Collection<Token<? extends TokenIdentifier>> tokens = ugi.getCredentials().getAllTokens();
    Credentials credentials = new Credentials();
    for (Token<? extends TokenIdentifier> token : tokens) {
      if (!token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) {
        credentials.addToken(token.getService(), token);
        LOG.debug("Passing container token {}", token);
      }
    }
    credentials.addToken(delegationToken.getService(), delegationToken);
    DataOutputBuffer dataOutput = new DataOutputBuffer();
    credentials.writeTokenStorageToStream(dataOutput);
    byte[] tokenBytes = dataOutput.getData();
    ByteBuffer cTokenBuf = ByteBuffer.wrap(tokenBytes);
    return cTokenBuf.duplicate();
  } catch (IOException e) {
    throw new RuntimeException("Error generating delegation token", e);
  }
}
 
Example 2
Source Project: hadoop   Source File: AMRMTokenSecretManager.java    License: Apache License 2.0 6 votes vote down vote up
public Token<AMRMTokenIdentifier> createAndGetAMRMToken(
    ApplicationAttemptId appAttemptId) {
  this.writeLock.lock();
  try {
    LOG.info("Create AMRMToken for ApplicationAttempt: " + appAttemptId);
    AMRMTokenIdentifier identifier =
        new AMRMTokenIdentifier(appAttemptId, getMasterKey().getMasterKey()
          .getKeyId());
    byte[] password = this.createPassword(identifier);
    appAttemptSet.add(appAttemptId);
    return new Token<AMRMTokenIdentifier>(identifier.getBytes(), password,
      identifier.getKind(), new Text());
  } finally {
    this.writeLock.unlock();
  }
}
 
Example 3
Source Project: hadoop   Source File: MockRM.java    License: Apache License 2.0 6 votes vote down vote up
public MockAM sendAMLaunched(ApplicationAttemptId appAttemptId)
    throws Exception {
  MockAM am = new MockAM(getRMContext(), masterService, appAttemptId);
  am.waitForState(RMAppAttemptState.ALLOCATED);
  //create and set AMRMToken
  Token<AMRMTokenIdentifier> amrmToken =
      this.rmContext.getAMRMTokenSecretManager().createAndGetAMRMToken(
        appAttemptId);
  ((RMAppAttemptImpl) this.rmContext.getRMApps()
    .get(appAttemptId.getApplicationId()).getRMAppAttempt(appAttemptId))
    .setAMRMToken(amrmToken);
  getRMContext()
      .getDispatcher()
      .getEventHandler()
      .handle(
          new RMAppAttemptEvent(appAttemptId, RMAppAttemptEventType.LAUNCHED));
  return am;
}
 
Example 4
Source Project: hadoop   Source File: RMStateStoreTestBase.java    License: Apache License 2.0 6 votes vote down vote up
protected ContainerId storeAttempt(RMStateStore store,
    ApplicationAttemptId attemptId,
    String containerIdStr, Token<AMRMTokenIdentifier> appToken,
    SecretKey clientTokenMasterKey, TestDispatcher dispatcher)
    throws Exception {

  RMAppAttemptMetrics mockRmAppAttemptMetrics = 
      mock(RMAppAttemptMetrics.class);
  Container container = new ContainerPBImpl();
  container.setId(ConverterUtils.toContainerId(containerIdStr));
  RMAppAttempt mockAttempt = mock(RMAppAttempt.class);
  when(mockAttempt.getAppAttemptId()).thenReturn(attemptId);
  when(mockAttempt.getMasterContainer()).thenReturn(container);
  when(mockAttempt.getAMRMToken()).thenReturn(appToken);
  when(mockAttempt.getClientTokenMasterKey())
      .thenReturn(clientTokenMasterKey);
  when(mockAttempt.getRMAppAttemptMetrics())
      .thenReturn(mockRmAppAttemptMetrics);
  when(mockRmAppAttemptMetrics.getAggregateAppResourceUsage())
      .thenReturn(new AggregateAppResourceUsage(0, 0, 0));
  dispatcher.attemptId = attemptId;
  store.storeNewApplicationAttempt(mockAttempt);
  waitNotify(dispatcher);
  return container.getId();
}
 
Example 5
@Before
public void initialize() throws Exception {
  startHACluster(0, false, false, true);
  attemptId = this.cluster.createFakeApplicationAttemptId();
  amClient = ClientRMProxy
      .createRMProxy(this.conf, ApplicationMasterProtocol.class);

  Token<AMRMTokenIdentifier> appToken =
      this.cluster.getResourceManager().getRMContext()
        .getAMRMTokenSecretManager().createAndGetAMRMToken(attemptId);
  appToken.setService(ClientRMProxy.getAMRMTokenService(conf));
  UserGroupInformation.setLoginUser(UserGroupInformation
      .createRemoteUser(UserGroupInformation.getCurrentUser()
          .getUserName()));
  UserGroupInformation.getCurrentUser().addToken(appToken);
  syncToken(appToken);
}
 
Example 6
Source Project: big-c   Source File: AMRMTokenSecretManager.java    License: Apache License 2.0 6 votes vote down vote up
public Token<AMRMTokenIdentifier> createAndGetAMRMToken(
    ApplicationAttemptId appAttemptId) {
  this.writeLock.lock();
  try {
    LOG.info("Create AMRMToken for ApplicationAttempt: " + appAttemptId);
    AMRMTokenIdentifier identifier =
        new AMRMTokenIdentifier(appAttemptId, getMasterKey().getMasterKey()
          .getKeyId());
    byte[] password = this.createPassword(identifier);
    appAttemptSet.add(appAttemptId);
    return new Token<AMRMTokenIdentifier>(identifier.getBytes(), password,
      identifier.getKind(), new Text());
  } finally {
    this.writeLock.unlock();
  }
}
 
Example 7
Source Project: big-c   Source File: MockRM.java    License: Apache License 2.0 6 votes vote down vote up
public MockAM sendAMLaunched(ApplicationAttemptId appAttemptId)
    throws Exception {
  MockAM am = new MockAM(getRMContext(), masterService, appAttemptId);
  am.waitForState(RMAppAttemptState.ALLOCATED);
  //create and set AMRMToken
  Token<AMRMTokenIdentifier> amrmToken =
      this.rmContext.getAMRMTokenSecretManager().createAndGetAMRMToken(
        appAttemptId);
  ((RMAppAttemptImpl) this.rmContext.getRMApps()
    .get(appAttemptId.getApplicationId()).getRMAppAttempt(appAttemptId))
    .setAMRMToken(amrmToken);
  getRMContext()
      .getDispatcher()
      .getEventHandler()
      .handle(
          new RMAppAttemptEvent(appAttemptId, RMAppAttemptEventType.LAUNCHED));
  return am;
}
 
Example 8
Source Project: big-c   Source File: MockAM.java    License: Apache License 2.0 6 votes vote down vote up
public void unregisterAppAttempt(final FinishApplicationMasterRequest req,
    boolean waitForStateRunning) throws Exception {
  if (waitForStateRunning) {
    waitForState(RMAppAttemptState.RUNNING);
  }
  if (ugi == null) {
    ugi =  UserGroupInformation.createRemoteUser(attemptId.toString());
    Token<AMRMTokenIdentifier> token =
        context.getRMApps()
            .get(attemptId.getApplicationId())
            .getRMAppAttempt(attemptId).getAMRMToken();
    ugi.addTokenIdentifier(token.decodeIdentifier());
  }
  try {
    ugi.doAs(new PrivilegedExceptionAction<Object>() {
      @Override
      public Object run() throws Exception {
        amRMProtocol.finishApplicationMaster(req);
        return null;
      }
    });
  } catch (UndeclaredThrowableException e) {
    throw (Exception) e.getCause();
  }
}
 
Example 9
Source Project: big-c   Source File: RMStateStoreTestBase.java    License: Apache License 2.0 6 votes vote down vote up
protected ContainerId storeAttempt(RMStateStore store,
    ApplicationAttemptId attemptId,
    String containerIdStr, Token<AMRMTokenIdentifier> appToken,
    SecretKey clientTokenMasterKey, TestDispatcher dispatcher)
    throws Exception {

  RMAppAttemptMetrics mockRmAppAttemptMetrics = 
      mock(RMAppAttemptMetrics.class);
  Container container = new ContainerPBImpl();
  container.setId(ConverterUtils.toContainerId(containerIdStr));
  RMAppAttempt mockAttempt = mock(RMAppAttempt.class);
  when(mockAttempt.getAppAttemptId()).thenReturn(attemptId);
  when(mockAttempt.getMasterContainer()).thenReturn(container);
  when(mockAttempt.getAMRMToken()).thenReturn(appToken);
  when(mockAttempt.getClientTokenMasterKey())
      .thenReturn(clientTokenMasterKey);
  when(mockAttempt.getRMAppAttemptMetrics())
      .thenReturn(mockRmAppAttemptMetrics);
  when(mockRmAppAttemptMetrics.getAggregateAppResourceUsage())
      .thenReturn(new AggregateAppResourceUsage(0, 0));
  dispatcher.attemptId = attemptId;
  store.storeNewApplicationAttempt(mockAttempt);
  waitNotify(dispatcher);
  return container.getId();
}
 
Example 10
Source Project: attic-apex-core   Source File: LaunchContainerRunnable.java    License: Apache License 2.0 6 votes vote down vote up
public static ByteBuffer getTokens(UserGroupInformation ugi, Token<StramDelegationTokenIdentifier> delegationToken)
{
  try {
    Collection<Token<? extends TokenIdentifier>> tokens = ugi.getCredentials().getAllTokens();
    Credentials credentials = new Credentials();
    for (Token<? extends TokenIdentifier> token : tokens) {
      if (!token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) {
        credentials.addToken(token.getService(), token);
        LOG.debug("Passing container token {}", token);
      }
    }
    credentials.addToken(delegationToken.getService(), delegationToken);
    DataOutputBuffer dataOutput = new DataOutputBuffer();
    credentials.writeTokenStorageToStream(dataOutput);
    byte[] tokenBytes = dataOutput.getData();
    ByteBuffer cTokenBuf = ByteBuffer.wrap(tokenBytes);
    return cTokenBuf.duplicate();
  } catch (IOException e) {
    throw new RuntimeException("Error generating delegation token", e);
  }
}
 
Example 11
@Before
public void initialize() throws Exception {
  startHACluster(0, false, false, true);
  attemptId = this.cluster.createFakeApplicationAttemptId();
  amClient = ClientRMProxy
      .createRMProxy(this.conf, ApplicationMasterProtocol.class);

  Token<AMRMTokenIdentifier> appToken =
      this.cluster.getResourceManager().getRMContext()
        .getAMRMTokenSecretManager().createAndGetAMRMToken(attemptId);
  appToken.setService(ClientRMProxy.getAMRMTokenService(conf));
  UserGroupInformation.setLoginUser(UserGroupInformation
      .createRemoteUser(UserGroupInformation.getCurrentUser()
          .getUserName()));
  UserGroupInformation.getCurrentUser().addToken(appToken);
  syncToken(appToken);
}
 
Example 12
@Test(timeout = 60000) // timeout after a minute.
@Override
public void testDetachedMode() throws InterruptedException, IOException {
	super.testDetachedMode();
	final String[] mustHave = {"Login successful for user", "using keytab file"};
	final boolean jobManagerRunsWithKerberos = verifyStringsInNamedLogFiles(
		mustHave,
		"jobmanager.log");
	final boolean taskManagerRunsWithKerberos = verifyStringsInNamedLogFiles(
		mustHave, "taskmanager.log");

	Assert.assertThat(
		"The JobManager and the TaskManager should both run with Kerberos.",
		jobManagerRunsWithKerberos && taskManagerRunsWithKerberos,
		Matchers.is(true));

	final List<String> amRMTokens = Lists.newArrayList(AMRMTokenIdentifier.KIND_NAME.toString());
	final String jobmanagerContainerId = getContainerIdByLogName("jobmanager.log");
	final String taskmanagerContainerId = getContainerIdByLogName("taskmanager.log");
	final boolean jobmanagerWithAmRmToken = verifyTokenKindInContainerCredentials(amRMTokens, jobmanagerContainerId);
	final boolean taskmanagerWithAmRmToken = verifyTokenKindInContainerCredentials(amRMTokens, taskmanagerContainerId);

	Assert.assertThat(
		"The JobManager should have AMRMToken.",
		jobmanagerWithAmRmToken,
		Matchers.is(true));
	Assert.assertThat(
		"The TaskManager should not have AMRMToken.",
		taskmanagerWithAmRmToken,
		Matchers.is(false));
}
 
Example 13
Source Project: big-c   Source File: MRAMSimulator.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * send out request for AM container
 */
protected void requestAMContainer()
        throws YarnException, IOException, InterruptedException {
  List<ResourceRequest> ask = new ArrayList<ResourceRequest>();
  ResourceRequest amRequest = createResourceRequest(
          BuilderUtils.newResource(MR_AM_CONTAINER_RESOURCE_MEMORY_MB,
                  MR_AM_CONTAINER_RESOURCE_VCORES),
          ResourceRequest.ANY, 1, 1);
  ask.add(amRequest);
  LOG.debug(MessageFormat.format("Application {0} sends out allocate " +
          "request for its AM", appId));
  final AllocateRequest request = this.createAllocateRequest(ask);

  UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps()
          .get(appAttemptId.getApplicationId())
          .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  AllocateResponse response = ugi.doAs(
          new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return rm.getApplicationMasterService().allocate(request);
    }
  });
  if (response != null) {
    responseQueue.put(response);
  }
}
 
Example 14
Source Project: flink   Source File: YARNSessionFIFOSecuredITCase.java    License: Apache License 2.0 5 votes vote down vote up
@Test(timeout = 60000) // timeout after a minute.
@Override
public void testDetachedMode() throws Exception {
	runTest(() -> {
		runDetachedModeTest();
		final String[] mustHave = {"Login successful for user", "using keytab file"};
		final boolean jobManagerRunsWithKerberos = verifyStringsInNamedLogFiles(
			mustHave,
			"jobmanager.log");
		final boolean taskManagerRunsWithKerberos = verifyStringsInNamedLogFiles(
			mustHave, "taskmanager.log");

		Assert.assertThat(
			"The JobManager and the TaskManager should both run with Kerberos.",
			jobManagerRunsWithKerberos && taskManagerRunsWithKerberos,
			Matchers.is(true));

		final List<String> amRMTokens = Lists.newArrayList(AMRMTokenIdentifier.KIND_NAME.toString());
		final String jobmanagerContainerId = getContainerIdByLogName("jobmanager.log");
		final String taskmanagerContainerId = getContainerIdByLogName("taskmanager.log");
		final boolean jobmanagerWithAmRmToken = verifyTokenKindInContainerCredentials(amRMTokens, jobmanagerContainerId);
		final boolean taskmanagerWithAmRmToken = verifyTokenKindInContainerCredentials(amRMTokens, taskmanagerContainerId);

		Assert.assertThat(
			"The JobManager should have AMRMToken.",
			jobmanagerWithAmRmToken,
			Matchers.is(true));
		Assert.assertThat(
			"The TaskManager should not have AMRMToken.",
			taskmanagerWithAmRmToken,
			Matchers.is(false));
	});
}
 
Example 15
Source Project: hadoop   Source File: ClientRMProxy.java    License: Apache License 2.0 5 votes vote down vote up
private static void setAMRMTokenService(final Configuration conf)
    throws IOException {
  for (Token<? extends TokenIdentifier> token : UserGroupInformation
    .getCurrentUser().getTokens()) {
    if (token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) {
      token.setService(getAMRMTokenService(conf));
    }
  }
}
 
Example 16
Source Project: hadoop   Source File: AMRMTokenSecretManager.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Populate persisted password of AMRMToken back to AMRMTokenSecretManager.
 */
public void addPersistedPassword(Token<AMRMTokenIdentifier> token)
    throws IOException {
  this.writeLock.lock();
  try {
    AMRMTokenIdentifier identifier = token.decodeIdentifier();
    LOG.debug("Adding password for " + identifier.getApplicationAttemptId());
    appAttemptSet.add(identifier.getApplicationAttemptId());
  } finally {
    this.writeLock.unlock();
  }
}
 
Example 17
Source Project: hadoop   Source File: AMRMTokenSecretManager.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Retrieve the password for the given {@link AMRMTokenIdentifier}.
 * Used by RPC layer to validate a remote {@link AMRMTokenIdentifier}.
 */
@Override
public byte[] retrievePassword(AMRMTokenIdentifier identifier)
    throws InvalidToken {
  this.readLock.lock();
  try {
    ApplicationAttemptId applicationAttemptId =
        identifier.getApplicationAttemptId();
    if (LOG.isDebugEnabled()) {
      LOG.debug("Trying to retrieve password for " + applicationAttemptId);
    }
    if (!appAttemptSet.contains(applicationAttemptId)) {
      throw new InvalidToken(applicationAttemptId
          + " not found in AMRMTokenSecretManager.");
    }
    if (identifier.getKeyId() == this.currentMasterKey.getMasterKey()
      .getKeyId()) {
      return createPassword(identifier.getBytes(),
        this.currentMasterKey.getSecretKey());
    } else if (nextMasterKey != null
        && identifier.getKeyId() == this.nextMasterKey.getMasterKey()
          .getKeyId()) {
      return createPassword(identifier.getBytes(),
        this.nextMasterKey.getSecretKey());
    }
    throw new InvalidToken("Invalid AMRMToken from " + applicationAttemptId);
  } finally {
    this.readLock.unlock();
  }
}
 
Example 18
Source Project: hadoop   Source File: AMRMTokenSecretManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
@Private
protected byte[] createPassword(AMRMTokenIdentifier identifier) {
  this.readLock.lock();
  try {
    ApplicationAttemptId applicationAttemptId =
        identifier.getApplicationAttemptId();
    LOG.info("Creating password for " + applicationAttemptId);
    return createPassword(identifier.getBytes(), getMasterKey()
      .getSecretKey());
  } finally {
    this.readLock.unlock();
  }
}
 
Example 19
Source Project: hadoop   Source File: AMLauncher.java    License: Apache License 2.0 5 votes vote down vote up
private void setupTokens(
    ContainerLaunchContext container, ContainerId containerID)
    throws IOException {
  Map<String, String> environment = container.getEnvironment();
  environment.put(ApplicationConstants.APPLICATION_WEB_PROXY_BASE_ENV,
      application.getWebProxyBase());
  // Set AppSubmitTime and MaxAppAttempts to be consumable by the AM.
  ApplicationId applicationId =
      application.getAppAttemptId().getApplicationId();
  environment.put(
      ApplicationConstants.APP_SUBMIT_TIME_ENV,
      String.valueOf(rmContext.getRMApps()
          .get(applicationId)
          .getSubmitTime()));
  environment.put(ApplicationConstants.MAX_APP_ATTEMPTS_ENV,
      String.valueOf(rmContext.getRMApps().get(
          applicationId).getMaxAppAttempts()));

  Credentials credentials = new Credentials();
  DataInputByteBuffer dibb = new DataInputByteBuffer();
  if (container.getTokens() != null) {
    // TODO: Don't do this kind of checks everywhere.
    dibb.reset(container.getTokens());
    credentials.readTokenStorageStream(dibb);
  }

  // Add AMRMToken
  Token<AMRMTokenIdentifier> amrmToken = createAndSetAMRMToken();
  if (amrmToken != null) {
    credentials.addToken(amrmToken.getService(), amrmToken);
  }
  DataOutputBuffer dob = new DataOutputBuffer();
  credentials.writeTokenStorageToStream(dob);
  container.setTokens(ByteBuffer.wrap(dob.getData(), 0, dob.getLength()));
}
 
Example 20
Source Project: hadoop   Source File: AMLauncher.java    License: Apache License 2.0 5 votes vote down vote up
@VisibleForTesting
protected Token<AMRMTokenIdentifier> createAndSetAMRMToken() {
  Token<AMRMTokenIdentifier> amrmToken =
      this.rmContext.getAMRMTokenSecretManager().createAndGetAMRMToken(
        application.getAppAttemptId());
  ((RMAppAttemptImpl)application).setAMRMToken(amrmToken);
  return amrmToken;
}
 
Example 21
Source Project: hadoop   Source File: RMAppAttemptImpl.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public Token<AMRMTokenIdentifier> getAMRMToken() {
  this.readLock.lock();
  try {
    return this.amrmToken;
  } finally {
    this.readLock.unlock();
  }
}
 
Example 22
Source Project: hadoop   Source File: RMAppAttemptImpl.java    License: Apache License 2.0 5 votes vote down vote up
@Private
public void setAMRMToken(Token<AMRMTokenIdentifier> lastToken) {
  this.writeLock.lock();
  try {
    this.amrmToken = lastToken;
    this.amrmTokenKeyId = null;
  } finally {
    this.writeLock.unlock();
  }
}
 
Example 23
Source Project: hadoop   Source File: TestAMAuthorization.java    License: Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public static Token<? extends TokenIdentifier> setupAndReturnAMRMToken(
    InetSocketAddress rmBindAddress,
    Collection<Token<? extends TokenIdentifier>> allTokens) {
  for (Token<? extends TokenIdentifier> token : allTokens) {
    if (token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) {
      SecurityUtil.setTokenService(token, rmBindAddress);
      return (Token<AMRMTokenIdentifier>) token;
    }
  }
  return null;
}
 
Example 24
Source Project: hadoop   Source File: TestAMRMRPCResponseId.java    License: Apache License 2.0 5 votes vote down vote up
private AllocateResponse allocate(ApplicationAttemptId attemptId,
    final AllocateRequest req) throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  return ugi.doAs(new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return amService.allocate(req);
    }
  });
}
 
Example 25
Source Project: hadoop   Source File: TestAMRMRPCNodeUpdates.java    License: Apache License 2.0 5 votes vote down vote up
private AllocateResponse allocate(final ApplicationAttemptId attemptId,
    final AllocateRequest req) throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  return ugi.doAs(new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return amService.allocate(req);
    }
  });
}
 
Example 26
private void runNonKerberized(Configuration conf) throws Exception {
    // Original user has the YARN tokens
    UserGroupInformation original = UserGroupInformation.getCurrentUser();

    String user = System.getProperty("splice.spark.yarn.user", "hbase");
    LOG.info("Login with user");
    ugi = UserGroupInformation.createRemoteUser(user);
    Collection<Token<? extends TokenIdentifier>> tokens = UserGroupInformation.getCurrentUser().getCredentials().getAllTokens();
    for (Token<? extends TokenIdentifier> token : tokens) {
        LOG.debug("Token kind is " + token.getKind().toString()
                + " and the token's service name is " + token.getService());
        if (AMRMTokenIdentifier.KIND_NAME.equals(token.getKind())) {
            ugi.addToken(token);
        }
    }

    // Transfer tokens from original user to the one we'll use from now on
    SparkHadoopUtil.get().transferCredentials(original, ugi);

    UserGroupInformation.isSecurityEnabled();
    if (mode == Mode.YARN) {
        rmClient = ugi.doAs(new PrivilegedExceptionAction<AMRMClientAsync<AMRMClient.ContainerRequest>>() {
            @Override
            public AMRMClientAsync<AMRMClient.ContainerRequest> run() throws Exception {
                return initClient(conf);
            }
        });
        LOG.info("Registered with Resource Manager");
    }
}
 
Example 27
Source Project: reef   Source File: UnmanagedAmYarnSubmissionHelper.java    License: Apache License 2.0 5 votes vote down vote up
void submit() throws IOException, YarnException {

    LOG.log(Level.INFO, "Submitting REEF Application with UNMANAGED AM to YARN. ID: {0}", this.applicationId);
    this.yarnClient.submitApplication(this.applicationSubmissionContext);

    final Token<AMRMTokenIdentifier> token = this.yarnClient.getAMRMToken(this.applicationId);
    this.yarnProxyUser.set("reef-uam-proxy", UserGroupInformation.getCurrentUser(), token);
    this.tokenProvider.addTokens(UserCredentialSecurityTokenProvider.serializeToken(token));
  }
 
Example 28
Source Project: hadoop   Source File: MockRMWithCustomAMLauncher.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected ApplicationMasterLauncher createAMLauncher() {
  return new ApplicationMasterLauncher(getRMContext()) {
    @Override
    protected Runnable createRunnableLauncher(RMAppAttempt application,
        AMLauncherEventType event) {
      return new AMLauncher(context, application, event, getConfig()) {
        @Override
        protected ContainerManagementProtocol getContainerMgrProxy(
            ContainerId containerId) {
          return containerManager;
        }
        @Override
        protected Token<AMRMTokenIdentifier> createAndSetAMRMToken() {
          Token<AMRMTokenIdentifier> amRmToken =
              super.createAndSetAMRMToken();
          InetSocketAddress serviceAddr =
              getConfig().getSocketAddr(
                YarnConfiguration.RM_SCHEDULER_ADDRESS,
                YarnConfiguration.DEFAULT_RM_SCHEDULER_ADDRESS,
                YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT);
          SecurityUtil.setTokenService(amRmToken, serviceAddr);
          return amRmToken;
        }
      };
    }
  };
}
 
Example 29
Source Project: hadoop   Source File: RMStateStoreTestBase.java    License: Apache License 2.0 5 votes vote down vote up
protected Token<AMRMTokenIdentifier> generateAMRMToken(
    ApplicationAttemptId attemptId,
    AMRMTokenSecretManager appTokenMgr) {
  Token<AMRMTokenIdentifier> appToken =
      appTokenMgr.createAndGetAMRMToken(attemptId);
  appToken.setService(new Text("appToken service"));
  return appToken;
}
 
Example 30
Source Project: incubator-tez   Source File: DAGAppMaster.java    License: Apache License 2.0 5 votes vote down vote up
protected static void initAndStartAppMaster(final DAGAppMaster appMaster,
    final Configuration conf, String jobUserName) throws IOException,
    InterruptedException {
  UserGroupInformation.setConfiguration(conf);
  Credentials credentials = UserGroupInformation.getCurrentUser().getCredentials();

  appMaster.appMasterUgi = UserGroupInformation
      .createRemoteUser(jobUserName);
  appMaster.appMasterUgi.addCredentials(credentials);

  // Now remove the AM->RM token so tasks don't have it
  Iterator<Token<?>> iter = credentials.getAllTokens().iterator();
  while (iter.hasNext()) {
    Token<?> token = iter.next();
    if (token.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) {
      iter.remove();
    }
  }

  appMaster.amTokens = credentials;

  appMaster.appMasterUgi.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws Exception {
      appMaster.init(conf);
      appMaster.start();
      return null;
    }
  });
}