Java Code Examples for org.apache.hadoop.yarn.security.ContainerTokenIdentifier

The following examples show how to use org.apache.hadoop.yarn.security.ContainerTokenIdentifier. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: TestRPC.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public StartContainersResponse startContainers(
    StartContainersRequest requests) throws YarnException {
  StartContainersResponse response =
      recordFactory.newRecordInstance(StartContainersResponse.class);
  for (StartContainerRequest request : requests.getStartContainerRequests()) {
    Token containerToken = request.getContainerToken();
    ContainerTokenIdentifier tokenId = null;

    try {
      tokenId = newContainerTokenIdentifier(containerToken);
    } catch (IOException e) {
      throw RPCUtil.getRemoteException(e);
    }
    ContainerStatus status =
        recordFactory.newRecordInstance(ContainerStatus.class);
    status.setState(ContainerState.RUNNING);
    status.setContainerId(tokenId.getContainerID());
    status.setExitStatus(0);
    statuses.add(status);

  }
  return response;
}
 
Example 2
Source Project: hadoop   Source File: NMContainerTokenSecretManager.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Container start has gone through. We need to store the containerId in order
 * to block future container start requests with same container token. This
 * container token needs to be saved till its container token expires.
 */
public synchronized void startContainerSuccessful(
    ContainerTokenIdentifier tokenId) {

  removeAnyContainerTokenIfExpired();
  
  ContainerId containerId = tokenId.getContainerID();
  Long expTime = tokenId.getExpiryTimeStamp();
  // We might have multiple containers with same expiration time.
  if (!recentlyStartedContainerTracker.containsKey(expTime)) {
    recentlyStartedContainerTracker
      .put(expTime, new ArrayList<ContainerId>());
  }
  recentlyStartedContainerTracker.get(expTime).add(containerId);
  try {
    stateStore.storeContainerToken(containerId, expTime);
  } catch (IOException e) {
    LOG.error("Unable to store token for container " + containerId, e);
  }
}
 
Example 3
Source Project: hadoop   Source File: NMContainerTokenSecretManager.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Container will be remembered based on expiration time of the container
 * token used for starting the container. It is safe to use expiration time
 * as there is one to many mapping between expiration time and containerId.
 * @return true if the current token identifier is not present in cache.
 */
public synchronized boolean isValidStartContainerRequest(
    ContainerTokenIdentifier containerTokenIdentifier) {

  removeAnyContainerTokenIfExpired();

  Long expTime = containerTokenIdentifier.getExpiryTimeStamp();
  List<ContainerId> containers =
      this.recentlyStartedContainerTracker.get(expTime);
  if (containers == null
      || !containers.contains(containerTokenIdentifier.getContainerID())) {
    return true;
  } else {
    return false;
  }
}
 
Example 4
Source Project: hadoop   Source File: ContainerManagerImpl.java    License: Apache License 2.0 6 votes vote down vote up
protected ContainerTokenIdentifier verifyAndGetContainerTokenIdentifier(
    org.apache.hadoop.yarn.api.records.Token token,
    ContainerTokenIdentifier containerTokenIdentifier) throws YarnException,
    InvalidToken {
  byte[] password =
      context.getContainerTokenSecretManager().retrievePassword(
        containerTokenIdentifier);
  byte[] tokenPass = token.getPassword().array();
  if (password == null || tokenPass == null
      || !Arrays.equals(password, tokenPass)) {
    throw new InvalidToken(
      "Invalid container token used for starting container on : "
          + context.getNodeId().toString());
  }
  return containerTokenIdentifier;
}
 
Example 5
Source Project: hadoop   Source File: ContainerImpl.java    License: Apache License 2.0 6 votes vote down vote up
public ContainerImpl(Configuration conf, Dispatcher dispatcher,
    NMStateStoreService stateStore, ContainerLaunchContext launchContext,
    Credentials creds, NodeManagerMetrics metrics,
    ContainerTokenIdentifier containerTokenIdentifier) {
  this.daemonConf = conf;
  this.dispatcher = dispatcher;
  this.stateStore = stateStore;
  this.launchContext = launchContext;
  this.containerTokenIdentifier = containerTokenIdentifier;
  this.containerId = containerTokenIdentifier.getContainerID();
  this.resource = containerTokenIdentifier.getResource();
  this.diagnostics = new StringBuilder();
  this.credentials = creds;
  this.metrics = metrics;
  user = containerTokenIdentifier.getApplicationSubmitter();
  ReadWriteLock readWriteLock = new ReentrantReadWriteLock();
  this.readLock = readWriteLock.readLock();
  this.writeLock = readWriteLock.writeLock();

  stateMachine = stateMachineFactory.make(this);
}
 
Example 6
Source Project: hadoop   Source File: TestContainerAllocation.java    License: Apache License 2.0 6 votes vote down vote up
private LogAggregationContext getLogAggregationContextFromContainerToken(
    MockRM rm1, MockNM nm1, LogAggregationContext logAggregationContext)
    throws Exception {
  RMApp app2 = rm1.submitApp(200, logAggregationContext);
  MockAM am2 = MockRM.launchAndRegisterAM(app2, rm1, nm1);
  nm1.nodeHeartbeat(true);
  // request a container.
  am2.allocate("127.0.0.1", 512, 1, new ArrayList<ContainerId>());
  ContainerId containerId =
      ContainerId.newContainerId(am2.getApplicationAttemptId(), 2);
  rm1.waitForState(nm1, containerId, RMContainerState.ALLOCATED);

  // acquire the container.
  List<Container> containers =
      am2.allocate(new ArrayList<ResourceRequest>(),
        new ArrayList<ContainerId>()).getAllocatedContainers();
  Assert.assertEquals(containerId, containers.get(0).getId());
  // container token is generated.
  Assert.assertNotNull(containers.get(0).getContainerToken());
  ContainerTokenIdentifier token =
      BuilderUtils.newContainerTokenIdentifier(containers.get(0)
        .getContainerToken());
  return token.getLogAggregationContext();
}
 
Example 7
Source Project: big-c   Source File: TestRPC.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public StartContainersResponse startContainers(
    StartContainersRequest requests) throws YarnException {
  StartContainersResponse response =
      recordFactory.newRecordInstance(StartContainersResponse.class);
  for (StartContainerRequest request : requests.getStartContainerRequests()) {
    Token containerToken = request.getContainerToken();
    ContainerTokenIdentifier tokenId = null;

    try {
      tokenId = newContainerTokenIdentifier(containerToken);
    } catch (IOException e) {
      throw RPCUtil.getRemoteException(e);
    }
    ContainerStatus status =
        recordFactory.newRecordInstance(ContainerStatus.class);
    status.setState(ContainerState.RUNNING);
    status.setContainerId(tokenId.getContainerID());
    status.setExitStatus(0);
    statuses.add(status);

  }
  return response;
}
 
Example 8
Source Project: big-c   Source File: NMContainerTokenSecretManager.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Container start has gone through. We need to store the containerId in order
 * to block future container start requests with same container token. This
 * container token needs to be saved till its container token expires.
 */
public synchronized void startContainerSuccessful(
    ContainerTokenIdentifier tokenId) {

  removeAnyContainerTokenIfExpired();
  
  ContainerId containerId = tokenId.getContainerID();
  Long expTime = tokenId.getExpiryTimeStamp();
  // We might have multiple containers with same expiration time.
  if (!recentlyStartedContainerTracker.containsKey(expTime)) {
    recentlyStartedContainerTracker
      .put(expTime, new ArrayList<ContainerId>());
  }
  recentlyStartedContainerTracker.get(expTime).add(containerId);
  try {
    stateStore.storeContainerToken(containerId, expTime);
  } catch (IOException e) {
    LOG.error("Unable to store token for container " + containerId, e);
  }
}
 
Example 9
Source Project: big-c   Source File: NMContainerTokenSecretManager.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Container will be remembered based on expiration time of the container
 * token used for starting the container. It is safe to use expiration time
 * as there is one to many mapping between expiration time and containerId.
 * @return true if the current token identifier is not present in cache.
 */
public synchronized boolean isValidStartContainerRequest(
    ContainerTokenIdentifier containerTokenIdentifier) {

  removeAnyContainerTokenIfExpired();

  Long expTime = containerTokenIdentifier.getExpiryTimeStamp();
  List<ContainerId> containers =
      this.recentlyStartedContainerTracker.get(expTime);
  if (containers == null
      || !containers.contains(containerTokenIdentifier.getContainerID())) {
    return true;
  } else {
    return false;
  }
}
 
Example 10
Source Project: big-c   Source File: ContainerManagerImpl.java    License: Apache License 2.0 6 votes vote down vote up
protected ContainerTokenIdentifier verifyAndGetContainerTokenIdentifier(
    org.apache.hadoop.yarn.api.records.Token token,
    ContainerTokenIdentifier containerTokenIdentifier) throws YarnException,
    InvalidToken {
  byte[] password =
      context.getContainerTokenSecretManager().retrievePassword(
        containerTokenIdentifier);
  byte[] tokenPass = token.getPassword().array();
  if (password == null || tokenPass == null
      || !Arrays.equals(password, tokenPass)) {
    throw new InvalidToken(
      "Invalid container token used for starting container on : "
          + context.getNodeId().toString());
  }
  return containerTokenIdentifier;
}
 
Example 11
Source Project: big-c   Source File: ContainerImpl.java    License: Apache License 2.0 6 votes vote down vote up
public ContainerImpl(Context context,Configuration conf, Dispatcher dispatcher,
    NMStateStoreService stateStore, ContainerLaunchContext launchContext,
    Credentials creds, NodeManagerMetrics metrics,
    ContainerTokenIdentifier containerTokenIdentifier,Set<Integer> cpuCores) {
  this.daemonConf = conf;
  this.dispatcher = dispatcher;
  this.stateStore = stateStore;
  this.launchContext = launchContext;
  this.containerTokenIdentifier = containerTokenIdentifier;
  this.containerId = containerTokenIdentifier.getContainerID();
  this.resource = containerTokenIdentifier.getResource();
  this.currentResource = resource;
  this.diagnostics = new StringBuilder();
  this.credentials = creds;
  this.metrics = metrics;
  user = containerTokenIdentifier.getApplicationSubmitter();
  ReadWriteLock readWriteLock = new ReentrantReadWriteLock();
  this.readLock = readWriteLock.readLock();
  this.writeLock = readWriteLock.writeLock();
  this.cpuCores  = cpuCores;
  this.context = context;

  stateMachine = stateMachineFactory.make(this);
}
 
Example 12
Source Project: big-c   Source File: TestContainerManager.java    License: Apache License 2.0 6 votes vote down vote up
public static Token createContainerToken(ContainerId cId, long rmIdentifier,
    NodeId nodeId, String user,
    NMContainerTokenSecretManager containerTokenSecretManager,
    LogAggregationContext logAggregationContext)
    throws IOException {
  Resource r = BuilderUtils.newResource(1024, 1);
  ContainerTokenIdentifier containerTokenIdentifier =
      new ContainerTokenIdentifier(cId, nodeId.toString(), user, r,
        System.currentTimeMillis() + 100000L, 123, rmIdentifier,
        Priority.newInstance(0), 0, logAggregationContext);
  Token containerToken =
      BuilderUtils
        .newContainerToken(nodeId, containerTokenSecretManager
          .retrievePassword(containerTokenIdentifier),
          containerTokenIdentifier);
  return containerToken;
}
 
Example 13
Source Project: big-c   Source File: TestContainerAllocation.java    License: Apache License 2.0 6 votes vote down vote up
private LogAggregationContext getLogAggregationContextFromContainerToken(
    MockRM rm1, MockNM nm1, LogAggregationContext logAggregationContext)
    throws Exception {
  RMApp app2 = rm1.submitApp(200, logAggregationContext);
  MockAM am2 = MockRM.launchAndRegisterAM(app2, rm1, nm1);
  nm1.nodeHeartbeat(true);
  // request a container.
  am2.allocate("127.0.0.1", 512, 1, new ArrayList<ContainerId>());
  ContainerId containerId =
      ContainerId.newContainerId(am2.getApplicationAttemptId(), 2);
  rm1.waitForState(nm1, containerId, RMContainerState.ALLOCATED);

  // acquire the container.
  List<Container> containers =
      am2.allocate(new ArrayList<ResourceRequest>(),
        new ArrayList<ContainerId>()).getAllocatedContainers();
  Assert.assertEquals(containerId, containers.get(0).getId());
  // container token is generated.
  Assert.assertNotNull(containers.get(0).getContainerToken());
  ContainerTokenIdentifier token =
      BuilderUtils.newContainerTokenIdentifier(containers.get(0)
        .getContainerToken());
  return token.getLogAggregationContext();
}
 
Example 14
Source Project: hadoop   Source File: TestRPC.java    License: Apache License 2.0 5 votes vote down vote up
public static ContainerTokenIdentifier newContainerTokenIdentifier(
    Token containerToken) throws IOException {
  org.apache.hadoop.security.token.Token<ContainerTokenIdentifier> token =
      new org.apache.hadoop.security.token.Token<ContainerTokenIdentifier>(
          containerToken.getIdentifier()
              .array(), containerToken.getPassword().array(), new Text(
              containerToken.getKind()),
          new Text(containerToken.getService()));
  return token.decodeIdentifier();
}
 
Example 15
Source Project: hadoop   Source File: TestRPC.java    License: Apache License 2.0 5 votes vote down vote up
public static Token newContainerToken(NodeId nodeId, byte[] password,
    ContainerTokenIdentifier tokenIdentifier) {
  // RPC layer client expects ip:port as service for tokens
  InetSocketAddress addr =
      NetUtils.createSocketAddrForHost(nodeId.getHost(), nodeId.getPort());
  // NOTE: use SecurityUtil.setTokenService if this becomes a "real" token
  Token containerToken =
      Token.newInstance(tokenIdentifier.getBytes(),
        ContainerTokenIdentifier.KIND.toString(), password, SecurityUtil
          .buildTokenService(addr).toString());
  return containerToken;
}
 
Example 16
Source Project: hadoop   Source File: BaseContainerTokenSecretManager.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public byte[] createPassword(ContainerTokenIdentifier identifier) {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Creating password for " + identifier.getContainerID()
        + " for user " + identifier.getUser() + " to be run on NM "
        + identifier.getNmHostAddress());
  }
  this.readLock.lock();
  try {
    return createPassword(identifier.getBytes(),
      this.currentMasterKey.getSecretKey());
  } finally {
    this.readLock.unlock();
  }
}
 
Example 17
Source Project: big-c   Source File: TestApplicationMasterLauncher.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public StartContainersResponse
    startContainers(StartContainersRequest requests)
        throws YarnException {
  StartContainerRequest request = requests.getStartContainerRequests().get(0);
  LOG.info("Container started by MyContainerManager: " + request);
  launched = true;
  Map<String, String> env =
      request.getContainerLaunchContext().getEnvironment();

  Token containerToken = request.getContainerToken();
  ContainerTokenIdentifier tokenId = null;

  try {
    tokenId = BuilderUtils.newContainerTokenIdentifier(containerToken);
  } catch (IOException e) {
    throw RPCUtil.getRemoteException(e);
  }

  ContainerId containerId = tokenId.getContainerID();
  containerIdAtContainerManager = containerId.toString();
  attemptIdAtContainerManager =
      containerId.getApplicationAttemptId().toString();
  nmHostAtContainerManager = tokenId.getNmHostAddress();
  submitTimeAtContainerManager =
      Long.parseLong(env.get(ApplicationConstants.APP_SUBMIT_TIME_ENV));
  maxAppAttempts =
      Integer.parseInt(env.get(ApplicationConstants.MAX_APP_ATTEMPTS_ENV));
  return StartContainersResponse.newInstance(
    new HashMap<String, ByteBuffer>(), new ArrayList<ContainerId>(),
    new HashMap<ContainerId, SerializedException>());
}
 
Example 18
Source Project: hadoop   Source File: BaseContainerTokenSecretManager.java    License: Apache License 2.0 5 votes vote down vote up
protected byte[] retrievePasswordInternal(ContainerTokenIdentifier identifier,
    MasterKeyData masterKey)
    throws org.apache.hadoop.security.token.SecretManager.InvalidToken {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Retrieving password for " + identifier.getContainerID()
        + " for user " + identifier.getUser() + " to be run on NM "
        + identifier.getNmHostAddress());
  }
  return createPassword(identifier.getBytes(), masterKey.getSecretKey());
}
 
Example 19
Source Project: hadoop   Source File: BuilderUtils.java    License: Apache License 2.0 5 votes vote down vote up
public static Token newContainerToken(ContainerId cId, String host,
    int port, String user, Resource r, long expiryTime, int masterKeyId,
    byte[] password, long rmIdentifier) throws IOException {
  ContainerTokenIdentifier identifier =
      new ContainerTokenIdentifier(cId, host + ":" + port, user, r,
        expiryTime, masterKeyId, rmIdentifier, Priority.newInstance(0), 0);
  return newContainerToken(BuilderUtils.newNodeId(host, port), password,
      identifier);
}
 
Example 20
Source Project: hadoop   Source File: BuilderUtils.java    License: Apache License 2.0 5 votes vote down vote up
@VisibleForTesting
public static Token newContainerToken(NodeId nodeId,
    byte[] password, ContainerTokenIdentifier tokenIdentifier) {
  // RPC layer client expects ip:port as service for tokens
  InetSocketAddress addr =
      NetUtils.createSocketAddrForHost(nodeId.getHost(), nodeId.getPort());
  // NOTE: use SecurityUtil.setTokenService if this becomes a "real" token
  Token containerToken =
      newToken(Token.class, tokenIdentifier.getBytes(),
        ContainerTokenIdentifier.KIND.toString(), password, SecurityUtil
          .buildTokenService(addr).toString());
  return containerToken;
}
 
Example 21
Source Project: hadoop   Source File: BuilderUtils.java    License: Apache License 2.0 5 votes vote down vote up
public static ContainerTokenIdentifier newContainerTokenIdentifier(
    Token containerToken) throws IOException {
  org.apache.hadoop.security.token.Token<ContainerTokenIdentifier> token =
      new org.apache.hadoop.security.token.Token<ContainerTokenIdentifier>(
          containerToken.getIdentifier()
              .array(), containerToken.getPassword().array(), new Text(
              containerToken.getKind()),
          new Text(containerToken.getService()));
  return token.decodeIdentifier();
}
 
Example 22
Source Project: hadoop   Source File: ContainerTokenIdentifierForTest.java    License: Apache License 2.0 5 votes vote down vote up
public ContainerTokenIdentifierForTest(ContainerTokenIdentifier identifier,
    String message) {
  ContainerTokenIdentifierForTestProto.Builder builder =
      ContainerTokenIdentifierForTestProto.newBuilder();
  ContainerIdPBImpl containerID = 
      (ContainerIdPBImpl)identifier.getContainerID();
  if (containerID != null) {
    builder.setContainerId(containerID.getProto());
  }
  builder.setNmHostAddr(identifier.getNmHostAddress());
  builder.setAppSubmitter(identifier.getApplicationSubmitter());
  
  ResourcePBImpl resource = (ResourcePBImpl)identifier.getResource();
  if (resource != null) {
    builder.setResource(resource.getProto());
  }
  
  builder.setExpiryTimeStamp(identifier.getExpiryTimeStamp());
  builder.setMasterKeyId(identifier.getMasterKeyId());
  builder.setRmIdentifier(identifier.getRMIdentifier());
  
  PriorityPBImpl priority = (PriorityPBImpl)identifier.getPriority();
  if (priority != null) {
    builder.setPriority(priority.getProto());
  }
  
  builder.setCreationTime(identifier.getCreationTime());
  builder.setMessage(message);
  
  LogAggregationContextPBImpl logAggregationContext = 
      (LogAggregationContextPBImpl)identifier.getLogAggregationContext();
  
  if (logAggregationContext != null) {
    builder.setLogAggregationContext(logAggregationContext.getProto());
  }
  
  proto = builder.build();
}
 
Example 23
Source Project: hadoop   Source File: NMContainerTokenSecretManager.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Override of this is to validate ContainerTokens generated by using
 * different {@link MasterKey}s.
 */
@Override
public synchronized byte[] retrievePassword(
    ContainerTokenIdentifier identifier) throws SecretManager.InvalidToken {
  int keyId = identifier.getMasterKeyId();

  MasterKeyData masterKeyToUse = null;
  if (this.previousMasterKey != null
      && keyId == this.previousMasterKey.getMasterKey().getKeyId()) {
    // A container-launch has come in with a token generated off the last
    // master-key
    masterKeyToUse = this.previousMasterKey;
  } else if (keyId == super.currentMasterKey.getMasterKey().getKeyId()) {
    // A container-launch has come in with a token generated off the current
    // master-key
    masterKeyToUse = super.currentMasterKey;
  }

  if (nodeHostAddr != null
      && !identifier.getNmHostAddress().equals(nodeHostAddr)) {
    // Valid container token used for incorrect node.
    throw new SecretManager.InvalidToken("Given Container "
        + identifier.getContainerID().toString()
        + " identifier is not valid for current Node manager. Expected : "
        + nodeHostAddr + " Found : " + identifier.getNmHostAddress());
  }
  
  if (masterKeyToUse != null) {
    return retrievePasswordInternal(identifier, masterKeyToUse);
  }

  // Invalid request. Like startContainer() with token generated off
  // old-master-keys.
  throw new SecretManager.InvalidToken("Given Container "
      + identifier.getContainerID().toString()
      + " seems to have an illegally generated token.");
}
 
Example 24
Source Project: hadoop   Source File: ContainerManagerImpl.java    License: Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
private void recoverContainer(RecoveredContainerState rcs)
    throws IOException {
  StartContainerRequest req = rcs.getStartRequest();
  ContainerLaunchContext launchContext = req.getContainerLaunchContext();
  ContainerTokenIdentifier token =
      BuilderUtils.newContainerTokenIdentifier(req.getContainerToken());
  ContainerId containerId = token.getContainerID();
  ApplicationId appId =
      containerId.getApplicationAttemptId().getApplicationId();

  LOG.info("Recovering " + containerId + " in state " + rcs.getStatus()
      + " with exit code " + rcs.getExitCode());

  if (context.getApplications().containsKey(appId)) {
    Credentials credentials = parseCredentials(launchContext);
    Container container = new ContainerImpl(getConfig(), dispatcher,
        context.getNMStateStore(), req.getContainerLaunchContext(),
        credentials, metrics, token, rcs.getStatus(), rcs.getExitCode(),
        rcs.getDiagnostics(), rcs.getKilled());
    context.getContainers().put(containerId, container);
    dispatcher.getEventHandler().handle(
        new ApplicationContainerInitEvent(container));
  } else {
    if (rcs.getStatus() != RecoveredContainerStatus.COMPLETED) {
      LOG.warn(containerId + " has no corresponding application!");
    }
    LOG.info("Adding " + containerId + " to recently stopped containers");
    nodeStatusUpdater.addCompletedContainer(containerId);
  }
}
 
Example 25
Source Project: hadoop   Source File: ContainerImpl.java    License: Apache License 2.0 5 votes vote down vote up
public ContainerImpl(Configuration conf, Dispatcher dispatcher,
    NMStateStoreService stateStore, ContainerLaunchContext launchContext,
    Credentials creds, NodeManagerMetrics metrics,
    ContainerTokenIdentifier containerTokenIdentifier,
    RecoveredContainerStatus recoveredStatus, int exitCode,
    String diagnostics, boolean wasKilled) {
  this(conf, dispatcher, stateStore, launchContext, creds, metrics,
      containerTokenIdentifier);
  this.recoveredStatus = recoveredStatus;
  this.exitCode = exitCode;
  this.recoveredAsKilled = wasKilled;
  this.diagnostics.append(diagnostics);
}
 
Example 26
Source Project: hadoop   Source File: ContainerImpl.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public ContainerTokenIdentifier getContainerTokenIdentifier() {
  this.readLock.lock();
  try {
    return this.containerTokenIdentifier;
  } finally {
    this.readLock.unlock();
  }
}
 
Example 27
Source Project: hadoop   Source File: TestNMContainerTokenSecretManager.java    License: Apache License 2.0 5 votes vote down vote up
private static ContainerTokenIdentifier createContainerTokenId(
    ContainerId cid, NodeId nodeId, String user,
    NMContainerTokenSecretManager secretMgr) throws IOException {
  long rmid = cid.getApplicationAttemptId().getApplicationId()
      .getClusterTimestamp();
  ContainerTokenIdentifier ctid = new ContainerTokenIdentifier(cid,
      nodeId.toString(), user, BuilderUtils.newResource(1024, 1),
      System.currentTimeMillis() + 100000L,
      secretMgr.getCurrentKey().getKeyId(), rmid,
      Priority.newInstance(0), 0);
  Token token = BuilderUtils.newContainerToken(nodeId,
      secretMgr.createPassword(ctid), ctid);
  return BuilderUtils.newContainerTokenIdentifier(token);
}
 
Example 28
Source Project: big-c   Source File: MRApp.java    License: Apache License 2.0 5 votes vote down vote up
public static Token newContainerToken(NodeId nodeId,
    byte[] password, ContainerTokenIdentifier tokenIdentifier) {
  // RPC layer client expects ip:port as service for tokens
  InetSocketAddress addr =
      NetUtils.createSocketAddrForHost(nodeId.getHost(), nodeId.getPort());
  // NOTE: use SecurityUtil.setTokenService if this becomes a "real" token
  Token containerToken =
      Token.newInstance(tokenIdentifier.getBytes(),
        ContainerTokenIdentifier.KIND.toString(), password, SecurityUtil
          .buildTokenService(addr).toString());
  return containerToken;
}
 
Example 29
Source Project: big-c   Source File: MRApp.java    License: Apache License 2.0 5 votes vote down vote up
public static ContainerTokenIdentifier newContainerTokenIdentifier(
    Token containerToken) throws IOException {
  org.apache.hadoop.security.token.Token<ContainerTokenIdentifier> token =
      new org.apache.hadoop.security.token.Token<ContainerTokenIdentifier>(
          containerToken.getIdentifier()
              .array(), containerToken.getPassword().array(), new Text(
              containerToken.getKind()),
          new Text(containerToken.getService()));
  return token.decodeIdentifier();
}
 
Example 30
Source Project: hadoop   Source File: TestApplication.java    License: Apache License 2.0 5 votes vote down vote up
protected ContainerTokenIdentifier waitForContainerTokenToExpire(
    ContainerTokenIdentifier identifier) {
  int attempts = 5;
  while (System.currentTimeMillis() < identifier.getExpiryTimeStamp()
      && attempts-- > 0) {
    try {
      Thread.sleep(1000);
    } catch (Exception e) {}
  }
  return identifier;
}