protected NMTokenSecretManagerInRM createNMTokenSecretManager( Configuration conf) { return new NMTokenSecretManagerInRM(conf); }
@Override public void run() { // Activation will happen after an absolute time interval. It will be good // if we can force activation after an NM updates and acknowledges a // roll-over. But that is only possible when we move to per-NM keys. TODO: activateNextMasterKey(); } }
@Override public void run() { rollMasterKey(); } }
nmTokenSecretManagerRM.getCurrentKey().getKeyId()); nmTokenSecretManagerRM.createNMToken(validAppAttemptId, validNode, user); NMTokenSecretManagerInRM tempManager = new NMTokenSecretManagerInRM(testConf); tempManager.rollMasterKey(); do { tempManager.rollMasterKey(); tempManager.activateNextMasterKey(); } while (tempManager.getCurrentKey().getKeyId() == nmTokenSecretManagerRM .getCurrentKey().getKeyId()); tempManager.createNMToken(validAppAttemptId, validNode, user); sb = new StringBuilder("Given NMToken for application : "); sb.append(validAppAttemptId.toString()) nmTokenSecretManagerRM.createNMToken(validAppAttemptId, invalidNode, user); sb = new StringBuilder("Given NMToken for application : "); nmTokenSecretManagerRM.createNMToken(validAppAttemptId2, validNode, user); nmTokenSecretManagerRM.retrievePassword(newVersionIdentifier), newVersionIdentifier); Token attempt1NMToken = nmTokenSecretManagerRM .createNMToken(validAppAttemptId, validNode, user);
@Before public void setUp() { Configuration conf = new Configuration(); // Dispatcher that processes events inline Dispatcher dispatcher = new InlineDispatcher(); RMContext context = new RMContextImpl(dispatcher, null, null, null, null, null, null, null, null, null); dispatcher.register(SchedulerEventType.class, new InlineDispatcher.EmptyEventHandler()); dispatcher.register(RMNodeEventType.class, new NodeEventDispatcher(context)); NMLivelinessMonitor nmLivelinessMonitor = new TestNmLivelinessMonitor( dispatcher); nmLivelinessMonitor.init(conf); nmLivelinessMonitor.start(); NodesListManager nodesListManager = new NodesListManager(context); nodesListManager.init(conf); RMContainerTokenSecretManager containerTokenSecretManager = new RMContainerTokenSecretManager(conf); containerTokenSecretManager.start(); NMTokenSecretManagerInRM nmTokenSecretManager = new NMTokenSecretManagerInRM(conf); nmTokenSecretManager.start(); resourceTrackerService = new ResourceTrackerService(context, nodesListManager, nmLivelinessMonitor, containerTokenSecretManager, nmTokenSecretManager); resourceTrackerService.init(conf); resourceTrackerService.start(); }
@Before public void setUp() { Configuration conf = new Configuration(); // Dispatcher that processes events inline Dispatcher dispatcher = new InlineDispatcher(); dispatcher.register(SchedulerEventType.class, new EventHandler<Event>() { @Override public void handle(Event event) { ; // ignore } }); RMContext context = new RMContextImpl(dispatcher, null, null, null, null, null, new RMContainerTokenSecretManager(conf), new NMTokenSecretManagerInRM(conf), null, null); dispatcher.register(RMNodeEventType.class, new ResourceManager.NodeEventDispatcher(context)); NodesListManager nodesListManager = new NodesListManager(context); nodesListManager.init(conf); context.getContainerTokenSecretManager().rollMasterKey(); context.getNMTokenSecretManager().rollMasterKey(); resourceTrackerService = new ResourceTrackerService(context, nodesListManager, new NMLivelinessMonitor(dispatcher), context.getContainerTokenSecretManager(), context.getNMTokenSecretManager()); resourceTrackerService.init(conf); }
protected void rollNMTokenMasterKey( NMTokenSecretManagerInRM nmTokenSecretManagerRM, NMTokenSecretManagerInNM nmTokenSecretManagerNM) throws Exception { int oldKeyId = nmTokenSecretManagerRM.getCurrentKey().getKeyId(); nmTokenSecretManagerRM.rollMasterKey(); int interval = 40; while (nmTokenSecretManagerNM.getCurrentKey().getKeyId() == oldKeyId && interval-- > 0) { Thread.sleep(1000); } nmTokenSecretManagerRM.activateNextMasterKey(); Assert.assertTrue((nmTokenSecretManagerNM.getCurrentKey().getKeyId() == nmTokenSecretManagerRM.getCurrentKey().getKeyId())); }
.isApplicationAttemptRegistered(attempt.getAppAttemptId())); .isApplicationAttemptNMTokenPresent(attempt.getAppAttemptId(), nm2.getNodeId()) && interval-- > 0) { LOG.info("waiting for nmToken to be cleared for : " + nm2.getNodeId()); .isApplicationAttemptRegistered(attempt.getAppAttemptId())); .isApplicationAttemptNMTokenPresent(attempt.getAppAttemptId(), nm1.getNodeId())); Assert.assertTrue(nmTokenSecretManager .isApplicationAttemptNMTokenPresent(attempt.getAppAttemptId(), nm2.getNodeId())); nmTokenSecretManager.rollMasterKey(); nmTokenSecretManager.activateNextMasterKey(); .isApplicationAttemptNMTokenPresent(attempt.getAppAttemptId(), nm1.getNodeId())); Assert.assertFalse(nmTokenSecretManager .isApplicationAttemptNMTokenPresent(attempt.getAppAttemptId(), nm2.getNodeId())); .isApplicationAttemptRegistered(attempt.getAppAttemptId())); Assert.assertEquals(1, nmTokens.size()); Assert.assertTrue(nmTokenSecretManager .isApplicationAttemptNMTokenPresent(attempt.getAppAttemptId(), nm2.getNodeId()));
nmTokenSecretManagerInRM.getCurrentKey().getKeyId()); nmTokenSecretManagerInRM.createNMToken(appAttemptId, nodeId, user);
rm.getRMContext().getNMTokenSecretManager().rollMasterKey(); rm.getRMContext().getNMTokenSecretManager().activateNextMasterKey();
.getCurrentKey()); response.setNMTokenMasterKey(nmTokenSecretManager .getCurrentKey()); this.nmTokenSecretManager.removeNodeKey(nodeId); this.nmLivelinessMonitor.register(nodeId);
public NMToken createAndGetNMToken(String applicationSubmitter, ApplicationAttemptId appAttemptId, Container container) { try { this.readLock.lock(); HashSet<NodeId> nodeSet = this.appAttemptToNodeKeyMap.get(appAttemptId); NMToken nmToken = null; if (nodeSet != null) { if (!nodeSet.contains(container.getNodeId())) { LOG.info("Sending NMToken for nodeId : " + container.getNodeId() + " for container : " + container.getId()); Token token = createNMToken(container.getId().getApplicationAttemptId(), container.getNodeId(), applicationSubmitter); nmToken = NMToken.newInstance(container.getNodeId(), token); nodeSet.add(container.getNodeId()); } } return nmToken; } finally { this.readLock.unlock(); } }
.clearNodeSetForAttempt(applicationAttemptId); try { NMToken token = getRmContext().getNMTokenSecretManager() .createAndGetNMToken(app.getUser(), applicationAttemptId, container); if (null != token) {
/** * {@link RMAppAttemptState#ALLOCATED} */ @SuppressWarnings("unchecked") private void testAppAttemptAllocatedState(Container amContainer) { assertEquals(RMAppAttemptState.ALLOCATED, applicationAttempt.getAppAttemptState()); assertEquals(amContainer, applicationAttempt.getMasterContainer()); // Check events verify(applicationMasterLauncher).handle(any(AMLauncherEvent.class)); verify(scheduler, times(2)).allocate(any(ApplicationAttemptId.class), any(List.class), any(List.class), any(List.class), any(List.class), any(List.class), any(ContainerUpdates.class)); verify(nmTokenManager).clearNodeSetForAttempt( applicationAttempt.getAppAttemptId()); }
@Override public void serviceStart() throws Exception { amRmTokenSecretManager.start(); containerTokenSecretManager.start(); nmTokenSecretManager.start(); try { rmDTSecretManager.startThreads(); } catch(IOException ie) { throw new YarnRuntimeException("Failed to start secret manager threads", ie); } super.serviceStart(); }
private void updateNMToken(Container container) { NMToken nmToken = rmContext.getNMTokenSecretManager().createAndGetNMToken(getUser(), getApplicationAttemptId(), container); if (nmToken != null) { updatedNMTokens.add(nmToken); } }
/** * Activate the new master-key */ @Private public void activateNextMasterKey() { super.writeLock.lock(); try { LOG.info("Activating next master key with id: " + this.nextMasterKey.getMasterKey().getKeyId()); this.currentMasterKey = this.nextMasterKey; this.nextMasterKey = null; clearApplicationNMTokenKeys(); } finally { super.writeLock.unlock(); } }
/** * Creates a new master-key and sets it as the primary. */ @Private public void rollMasterKey() { super.writeLock.lock(); try { LOG.info("Rolling master-key for nm-tokens"); if (this.currentMasterKey == null) { // Setting up for the first time. this.currentMasterKey = createNewMasterKey(); } else { this.nextMasterKey = createNewMasterKey(); LOG.info("Going to activate master-key with key-id " + this.nextMasterKey.getMasterKey().getKeyId() + " in " + this.activationDelay + "ms"); this.timer.schedule(new NextKeyActivator(), this.activationDelay); } } finally { super.writeLock.unlock(); } }
nmTokenSecretManagerRM.getCurrentKey().getKeyId()); nmTokenSecretManagerRM.createNMToken(validAppAttemptId, validNode, user); NMTokenSecretManagerInRM tempManager = new NMTokenSecretManagerInRM(conf); tempManager.rollMasterKey(); do { tempManager.rollMasterKey(); tempManager.activateNextMasterKey(); } while (tempManager.getCurrentKey().getKeyId() == nmTokenSecretManagerRM .getCurrentKey().getKeyId()); tempManager.createNMToken(validAppAttemptId, validNode, user); sb = new StringBuilder("Given NMToken for application : "); sb.append(validAppAttemptId.toString()) nmTokenSecretManagerRM.createNMToken(validAppAttemptId, invalidNode, user); sb = new StringBuilder("Given NMToken for application : "); nmTokenSecretManagerRM.createNMToken(validAppAttemptId2, validNode, user); nmTokenSecretManagerRM.retrievePassword(newVersionIdentifier), newVersionIdentifier); Token attempt1NMToken = nmTokenSecretManagerRM .createNMToken(validAppAttemptId, validNode, user);
@Before public void setUp() { Configuration conf = new Configuration(); // Dispatcher that processes events inline Dispatcher dispatcher = new InlineDispatcher(); RMContext context = new RMContextImpl(dispatcher, null, null, null, null, null, null, null, null, null); dispatcher.register(SchedulerEventType.class, new InlineDispatcher.EmptyEventHandler()); dispatcher.register(RMNodeEventType.class, new NodeEventDispatcher(context)); NMLivelinessMonitor nmLivelinessMonitor = new TestNmLivelinessMonitor( dispatcher); nmLivelinessMonitor.init(conf); nmLivelinessMonitor.start(); NodesListManager nodesListManager = new NodesListManager(context); nodesListManager.init(conf); RMContainerTokenSecretManager containerTokenSecretManager = new RMContainerTokenSecretManager(conf); containerTokenSecretManager.start(); NMTokenSecretManagerInRM nmTokenSecretManager = new NMTokenSecretManagerInRM(conf); nmTokenSecretManager.start(); resourceTrackerService = new ResourceTrackerService(context, nodesListManager, nmLivelinessMonitor, containerTokenSecretManager, nmTokenSecretManager); resourceTrackerService.init(conf); resourceTrackerService.start(); }