Examples with Credentials org.apache.hadoop.security.Credentials used on opensource projects

Example 36 with Credentials

use of org.apache.hadoop.security.Credentials in project hadoop by apache.

the class TestLocalizedResource method testNotification.

@Test
// mocked generic
@SuppressWarnings("unchecked")
public void testNotification() throws Exception {
    DrainDispatcher dispatcher = new DrainDispatcher();
    dispatcher.init(new Configuration());
    try {
        dispatcher.start();
        EventHandler<ContainerEvent> containerBus = mock(EventHandler.class);
        EventHandler<LocalizerEvent> localizerBus = mock(EventHandler.class);
        dispatcher.register(ContainerEventType.class, containerBus);
        dispatcher.register(LocalizerEventType.class, localizerBus);
        // mock resource
        LocalResource apiRsrc = createMockResource();
        final ContainerId container0 = getMockContainer(0L);
        final Credentials creds0 = new Credentials();
        final LocalResourceVisibility vis0 = LocalResourceVisibility.PRIVATE;
        final LocalizerContext ctxt0 = new LocalizerContext("yak", container0, creds0);
        LocalResourceRequest rsrcA = new LocalResourceRequest(apiRsrc);
        LocalizedResource local = new LocalizedResource(rsrcA, dispatcher);
        local.handle(new ResourceRequestEvent(rsrcA, vis0, ctxt0));
        dispatcher.await();
        // Register C0, verify request event
        LocalizerEventMatcher matchesL0Req = new LocalizerEventMatcher(container0, creds0, vis0, LocalizerEventType.REQUEST_RESOURCE_LOCALIZATION);
        verify(localizerBus).handle(argThat(matchesL0Req));
        assertEquals(ResourceState.DOWNLOADING, local.getState());
        // Register C1, verify request event
        final Credentials creds1 = new Credentials();
        final ContainerId container1 = getMockContainer(1L);
        final LocalizerContext ctxt1 = new LocalizerContext("yak", container1, creds1);
        final LocalResourceVisibility vis1 = LocalResourceVisibility.PUBLIC;
        local.handle(new ResourceRequestEvent(rsrcA, vis1, ctxt1));
        dispatcher.await();
        LocalizerEventMatcher matchesL1Req = new LocalizerEventMatcher(container1, creds1, vis1, LocalizerEventType.REQUEST_RESOURCE_LOCALIZATION);
        verify(localizerBus).handle(argThat(matchesL1Req));
        // Release C0 container localization, verify no notification
        local.handle(new ResourceReleaseEvent(rsrcA, container0));
        dispatcher.await();
        verify(containerBus, never()).handle(isA(ContainerEvent.class));
        assertEquals(ResourceState.DOWNLOADING, local.getState());
        // Release C1 container localization, verify no notification
        local.handle(new ResourceReleaseEvent(rsrcA, container1));
        dispatcher.await();
        verify(containerBus, never()).handle(isA(ContainerEvent.class));
        assertEquals(ResourceState.DOWNLOADING, local.getState());
        // Register C2, C3
        final ContainerId container2 = getMockContainer(2L);
        final LocalResourceVisibility vis2 = LocalResourceVisibility.PRIVATE;
        final Credentials creds2 = new Credentials();
        final LocalizerContext ctxt2 = new LocalizerContext("yak", container2, creds2);
        final ContainerId container3 = getMockContainer(3L);
        final LocalResourceVisibility vis3 = LocalResourceVisibility.PRIVATE;
        final Credentials creds3 = new Credentials();
        final LocalizerContext ctxt3 = new LocalizerContext("yak", container3, creds3);
        local.handle(new ResourceRequestEvent(rsrcA, vis2, ctxt2));
        local.handle(new ResourceRequestEvent(rsrcA, vis3, ctxt3));
        dispatcher.await();
        LocalizerEventMatcher matchesL2Req = new LocalizerEventMatcher(container2, creds2, vis2, LocalizerEventType.REQUEST_RESOURCE_LOCALIZATION);
        verify(localizerBus).handle(argThat(matchesL2Req));
        LocalizerEventMatcher matchesL3Req = new LocalizerEventMatcher(container3, creds3, vis3, LocalizerEventType.REQUEST_RESOURCE_LOCALIZATION);
        verify(localizerBus).handle(argThat(matchesL3Req));
        // Successful localization. verify notification C2, C3
        Path locA = new Path("file:///cache/rsrcA");
        local.handle(new ResourceLocalizedEvent(rsrcA, locA, 10));
        dispatcher.await();
        ContainerEventMatcher matchesC2Localized = new ContainerEventMatcher(container2, ContainerEventType.RESOURCE_LOCALIZED);
        ContainerEventMatcher matchesC3Localized = new ContainerEventMatcher(container3, ContainerEventType.RESOURCE_LOCALIZED);
        verify(containerBus).handle(argThat(matchesC2Localized));
        verify(containerBus).handle(argThat(matchesC3Localized));
        assertEquals(ResourceState.LOCALIZED, local.getState());
        // Register C4, verify notification
        final ContainerId container4 = getMockContainer(4L);
        final Credentials creds4 = new Credentials();
        final LocalizerContext ctxt4 = new LocalizerContext("yak", container4, creds4);
        final LocalResourceVisibility vis4 = LocalResourceVisibility.PRIVATE;
        local.handle(new ResourceRequestEvent(rsrcA, vis4, ctxt4));
        dispatcher.await();
        ContainerEventMatcher matchesC4Localized = new ContainerEventMatcher(container4, ContainerEventType.RESOURCE_LOCALIZED);
        verify(containerBus).handle(argThat(matchesC4Localized));
        assertEquals(ResourceState.LOCALIZED, local.getState());
    } finally {
        dispatcher.stop();
    }
}

Example 37 with Credentials

use of org.apache.hadoop.security.Credentials in project hadoop by apache.

the class TestContainerLocalizer method createFakeCredentials.

@SuppressWarnings({ "rawtypes", "unchecked" })
static DataInputBuffer createFakeCredentials(Random r, int nTok) throws IOException {
    Credentials creds = new Credentials();
    byte[] password = new byte[20];
    Text kind = new Text();
    Text service = new Text();
    Text alias = new Text();
    for (int i = 0; i < nTok; ++i) {
        byte[] identifier = ("idef" + i).getBytes();
        r.nextBytes(password);
        kind.set("kind" + i);
        service.set("service" + i);
        alias.set("token" + i);
        Token token = new Token(identifier, password, kind, service);
        creds.addToken(alias, token);
    }
    DataOutputBuffer buf = new DataOutputBuffer();
    creds.writeTokenStorageToStream(buf);
    DataInputBuffer ret = new DataInputBuffer();
    ret.reset(buf.getData(), 0, buf.getLength());
    return ret;
}

Example 38 with Credentials

use of org.apache.hadoop.security.Credentials in project hadoop by apache.

the class DelegationTokenRenewer method requestNewHdfsDelegationTokenAsProxyUser.

private void requestNewHdfsDelegationTokenAsProxyUser(Collection<ApplicationId> referringAppIds, String user, boolean shouldCancelAtEnd) throws IOException, InterruptedException {
    if (!hasProxyUserPrivileges) {
        LOG.info("RM proxy-user privilege is not enabled. Skip requesting hdfs tokens.");
        return;
    }
    // Get new hdfs tokens for this user
    Credentials credentials = new Credentials();
    Token<?>[] newTokens = obtainSystemTokensForUser(user, credentials);
    // Add new tokens to the toRenew list.
    LOG.info("Received new tokens for " + referringAppIds + ". Received " + newTokens.length + " tokens.");
    if (newTokens.length > 0) {
        for (Token<?> token : newTokens) {
            if (token.isManaged()) {
                DelegationTokenToRenew tokenToRenew = new DelegationTokenToRenew(referringAppIds, token, getConfig(), Time.now(), shouldCancelAtEnd, user);
                // renew the token to get the next expiration date.
                renewToken(tokenToRenew);
                setTimerForTokenRenewal(tokenToRenew);
                for (ApplicationId applicationId : referringAppIds) {
                    appTokens.get(applicationId).add(tokenToRenew);
                }
                LOG.info("Received new token " + token);
            }
        }
    }
    DataOutputBuffer dob = new DataOutputBuffer();
    credentials.writeTokenStorageToStream(dob);
    ByteBuffer byteBuffer = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
    for (ApplicationId applicationId : referringAppIds) {
        rmContext.getSystemCredentialsForApps().put(applicationId, byteBuffer);
    }
}

Example 39 with Credentials

use of org.apache.hadoop.security.Credentials in project hadoop by apache.

the class TestDistCpSyncReverseBase method testSync.

/**
   * Test the basic functionality.
   */
@Test
public void testSync() throws Exception {
    if (isSrcNotSameAsTgt) {
        initData(source);
    }
    initData(target);
    enableAndCreateFirstSnapshot();
    final FsShell shell = new FsShell(conf);
    lsrSource("Before source: ", shell, source);
    lsr("Before target: ", shell, target);
    // make changes under target
    int numDeletedModified = changeData(target);
    createSecondSnapshotAtTarget();
    SnapshotDiffReport report = dfs.getSnapshotDiffReport(target, "s2", "s1");
    System.out.println(report);
    DistCpSync distCpSync = new DistCpSync(options, conf);
    lsr("Before sync target: ", shell, target);
    // do the sync
    Assert.assertTrue(distCpSync.sync());
    lsr("After sync target: ", shell, target);
    // make sure the source path has been updated to the snapshot path
    final Path spath = new Path(source, HdfsConstants.DOT_SNAPSHOT_DIR + Path.SEPARATOR + "s1");
    Assert.assertEquals(spath, options.getSourcePaths().get(0));
    // build copy listing
    final Path listingPath = new Path("/tmp/META/fileList.seq");
    CopyListing listing = new SimpleCopyListing(conf, new Credentials(), distCpSync);
    listing.buildListing(listingPath, options);
    Map<Text, CopyListingFileStatus> copyListing = getListing(listingPath);
    CopyMapper copyMapper = new CopyMapper();
    StubContext stubContext = new StubContext(conf, null, 0);
    Mapper<Text, CopyListingFileStatus, Text, Text>.Context<Text, CopyListingFileStatus, Text, Text> context = stubContext.getContext();
    // Enable append
    context.getConfiguration().setBoolean(DistCpOptionSwitch.APPEND.getConfigLabel(), true);
    copyMapper.setup(context);
    for (Map.Entry<Text, CopyListingFileStatus> entry : copyListing.entrySet()) {
        copyMapper.map(entry.getKey(), entry.getValue(), context);
    }
    lsrSource("After mapper source: ", shell, source);
    lsr("After mapper target: ", shell, target);
    // verify that we only list modified and created files/directories
    Assert.assertEquals(numDeletedModified, copyListing.size());
    // verify that we only copied new appended data of f2 and the new file f1
    Assert.assertEquals(blockSize * 3, stubContext.getReporter().getCounter(CopyMapper.Counter.BYTESCOPIED).getValue());
    // verify the source and target now has the same structure
    verifyCopy(dfs.getFileStatus(spath), dfs.getFileStatus(target), false);
}

Example 40 with Credentials

use of org.apache.hadoop.security.Credentials in project hadoop by apache.

the class Client method run.

/**
   * Main run function for the client
   * @return true if application completed successfully
   * @throws IOException
   * @throws YarnException
   */
public boolean run() throws IOException, YarnException {
    LOG.info("Running Client");
    yarnClient.start();
    YarnClusterMetrics clusterMetrics = yarnClient.getYarnClusterMetrics();
    LOG.info("Got Cluster metric info from ASM" + ", numNodeManagers=" + clusterMetrics.getNumNodeManagers());
    List<NodeReport> clusterNodeReports = yarnClient.getNodeReports(NodeState.RUNNING);
    LOG.info("Got Cluster node info from ASM");
    for (NodeReport node : clusterNodeReports) {
        LOG.info("Got node report from ASM for" + ", nodeId=" + node.getNodeId() + ", nodeAddress=" + node.getHttpAddress() + ", nodeRackName=" + node.getRackName() + ", nodeNumContainers=" + node.getNumContainers());
    }
    QueueInfo queueInfo = yarnClient.getQueueInfo(this.amQueue);
    LOG.info("Queue info" + ", queueName=" + queueInfo.getQueueName() + ", queueCurrentCapacity=" + queueInfo.getCurrentCapacity() + ", queueMaxCapacity=" + queueInfo.getMaximumCapacity() + ", queueApplicationCount=" + queueInfo.getApplications().size() + ", queueChildQueueCount=" + queueInfo.getChildQueues().size());
    List<QueueUserACLInfo> listAclInfo = yarnClient.getQueueAclsInfo();
    for (QueueUserACLInfo aclInfo : listAclInfo) {
        for (QueueACL userAcl : aclInfo.getUserAcls()) {
            LOG.info("User ACL Info for Queue" + ", queueName=" + aclInfo.getQueueName() + ", userAcl=" + userAcl.name());
        }
    }
    if (domainId != null && domainId.length() > 0 && toCreateDomain) {
        prepareTimelineDomain();
    }
    // Get a new application id
    YarnClientApplication app = yarnClient.createApplication();
    GetNewApplicationResponse appResponse = app.getNewApplicationResponse();
    // TODO get min/max resource capabilities from RM and change memory ask if needed
    // If we do not have min/max, we may not be able to correctly request 
    // the required resources from the RM for the app master
    // Memory ask has to be a multiple of min and less than max. 
    // Dump out information about cluster capability as seen by the resource manager
    long maxMem = appResponse.getMaximumResourceCapability().getMemorySize();
    LOG.info("Max mem capability of resources in this cluster " + maxMem);
    // A resource ask cannot exceed the max. 
    if (amMemory > maxMem) {
        LOG.info("AM memory specified above max threshold of cluster. Using max value." + ", specified=" + amMemory + ", max=" + maxMem);
        amMemory = maxMem;
    }
    int maxVCores = appResponse.getMaximumResourceCapability().getVirtualCores();
    LOG.info("Max virtual cores capability of resources in this cluster " + maxVCores);
    if (amVCores > maxVCores) {
        LOG.info("AM virtual cores specified above max threshold of cluster. " + "Using max value." + ", specified=" + amVCores + ", max=" + maxVCores);
        amVCores = maxVCores;
    }
    // set the application name
    ApplicationSubmissionContext appContext = app.getApplicationSubmissionContext();
    ApplicationId appId = appContext.getApplicationId();
    appContext.setKeepContainersAcrossApplicationAttempts(keepContainers);
    appContext.setApplicationName(appName);
    if (attemptFailuresValidityInterval >= 0) {
        appContext.setAttemptFailuresValidityInterval(attemptFailuresValidityInterval);
    }
    Set<String> tags = new HashSet<String>();
    if (flowName != null) {
        tags.add(TimelineUtils.generateFlowNameTag(flowName));
    }
    if (flowVersion != null) {
        tags.add(TimelineUtils.generateFlowVersionTag(flowVersion));
    }
    if (flowRunId != 0) {
        tags.add(TimelineUtils.generateFlowRunIdTag(flowRunId));
    }
    appContext.setApplicationTags(tags);
    // set local resources for the application master
    // local files or archives as needed
    // In this scenario, the jar file for the application master is part of the local resources			
    Map<String, LocalResource> localResources = new HashMap<String, LocalResource>();
    LOG.info("Copy App Master jar from local filesystem and add to local environment");
    // Copy the application master jar to the filesystem 
    // Create a local resource to point to the destination jar path 
    FileSystem fs = FileSystem.get(conf);
    addToLocalResources(fs, appMasterJar, appMasterJarPath, appId.toString(), localResources, null);
    // Set the log4j properties if needed 
    if (!log4jPropFile.isEmpty()) {
        addToLocalResources(fs, log4jPropFile, log4jPath, appId.toString(), localResources, null);
    }
    // The shell script has to be made available on the final container(s)
    // where it will be executed. 
    // To do this, we need to first copy into the filesystem that is visible 
    // to the yarn framework. 
    // We do not need to set this as a local resource for the application 
    // master as the application master does not need it. 		
    String hdfsShellScriptLocation = "";
    long hdfsShellScriptLen = 0;
    long hdfsShellScriptTimestamp = 0;
    if (!shellScriptPath.isEmpty()) {
        Path shellSrc = new Path(shellScriptPath);
        String shellPathSuffix = appName + "/" + appId.toString() + "/" + SCRIPT_PATH;
        Path shellDst = new Path(fs.getHomeDirectory(), shellPathSuffix);
        fs.copyFromLocalFile(false, true, shellSrc, shellDst);
        hdfsShellScriptLocation = shellDst.toUri().toString();
        FileStatus shellFileStatus = fs.getFileStatus(shellDst);
        hdfsShellScriptLen = shellFileStatus.getLen();
        hdfsShellScriptTimestamp = shellFileStatus.getModificationTime();
    }
    if (!shellCommand.isEmpty()) {
        addToLocalResources(fs, null, shellCommandPath, appId.toString(), localResources, shellCommand);
    }
    if (shellArgs.length > 0) {
        addToLocalResources(fs, null, shellArgsPath, appId.toString(), localResources, StringUtils.join(shellArgs, " "));
    }
    // Set the necessary security tokens as needed
    //amContainer.setContainerTokens(containerToken);
    // Set the env variables to be setup in the env where the application master will be run
    LOG.info("Set the environment for the application master");
    Map<String, String> env = new HashMap<String, String>();
    // put location of shell script into env
    // using the env info, the application master will create the correct local resource for the 
    // eventual containers that will be launched to execute the shell scripts
    env.put(DSConstants.DISTRIBUTEDSHELLSCRIPTLOCATION, hdfsShellScriptLocation);
    env.put(DSConstants.DISTRIBUTEDSHELLSCRIPTTIMESTAMP, Long.toString(hdfsShellScriptTimestamp));
    env.put(DSConstants.DISTRIBUTEDSHELLSCRIPTLEN, Long.toString(hdfsShellScriptLen));
    if (domainId != null && domainId.length() > 0) {
        env.put(DSConstants.DISTRIBUTEDSHELLTIMELINEDOMAIN, domainId);
    }
    // Add AppMaster.jar location to classpath 		
    // At some point we should not be required to add 
    // the hadoop specific classpaths to the env. 
    // It should be provided out of the box. 
    // For now setting all required classpaths including
    // the classpath to "." for the application jar
    StringBuilder classPathEnv = new StringBuilder(Environment.CLASSPATH.$$()).append(ApplicationConstants.CLASS_PATH_SEPARATOR).append("./*");
    for (String c : conf.getStrings(YarnConfiguration.YARN_APPLICATION_CLASSPATH, YarnConfiguration.DEFAULT_YARN_CROSS_PLATFORM_APPLICATION_CLASSPATH)) {
        classPathEnv.append(ApplicationConstants.CLASS_PATH_SEPARATOR);
        classPathEnv.append(c.trim());
    }
    classPathEnv.append(ApplicationConstants.CLASS_PATH_SEPARATOR).append("./log4j.properties");
    // add the runtime classpath needed for tests to work
    if (conf.getBoolean(YarnConfiguration.IS_MINI_YARN_CLUSTER, false)) {
        classPathEnv.append(':');
        classPathEnv.append(System.getProperty("java.class.path"));
    }
    env.put("CLASSPATH", classPathEnv.toString());
    // Set the necessary command to execute the application master 
    Vector<CharSequence> vargs = new Vector<CharSequence>(30);
    // Set java executable command 
    LOG.info("Setting up app master command");
    vargs.add(Environment.JAVA_HOME.$$() + "/bin/java");
    // Set Xmx based on am memory size
    vargs.add("-Xmx" + amMemory + "m");
    // Set class name 
    vargs.add(appMasterMainClass);
    // Set params for Application Master
    vargs.add("--container_memory " + String.valueOf(containerMemory));
    vargs.add("--container_vcores " + String.valueOf(containerVirtualCores));
    vargs.add("--num_containers " + String.valueOf(numContainers));
    if (null != nodeLabelExpression) {
        appContext.setNodeLabelExpression(nodeLabelExpression);
    }
    vargs.add("--priority " + String.valueOf(shellCmdPriority));
    for (Map.Entry<String, String> entry : shellEnv.entrySet()) {
        vargs.add("--shell_env " + entry.getKey() + "=" + entry.getValue());
    }
    if (debugFlag) {
        vargs.add("--debug");
    }
    vargs.addAll(containerRetryOptions);
    vargs.add("1>" + ApplicationConstants.LOG_DIR_EXPANSION_VAR + "/AppMaster.stdout");
    vargs.add("2>" + ApplicationConstants.LOG_DIR_EXPANSION_VAR + "/AppMaster.stderr");
    // Get final commmand
    StringBuilder command = new StringBuilder();
    for (CharSequence str : vargs) {
        command.append(str).append(" ");
    }
    LOG.info("Completed setting up app master command " + command.toString());
    List<String> commands = new ArrayList<String>();
    commands.add(command.toString());
    // Set up the container launch context for the application master
    ContainerLaunchContext amContainer = ContainerLaunchContext.newInstance(localResources, env, commands, null, null, null);
    // Set up resource type requirements
    // For now, both memory and vcores are supported, so we set memory and 
    // vcores requirements
    Resource capability = Resource.newInstance(amMemory, amVCores);
    appContext.setResource(capability);
    // Setup security tokens
    if (UserGroupInformation.isSecurityEnabled()) {
        // Note: Credentials class is marked as LimitedPrivate for HDFS and MapReduce
        Credentials credentials = new Credentials();
        String tokenRenewer = YarnClientUtils.getRmPrincipal(conf);
        if (tokenRenewer == null || tokenRenewer.length() == 0) {
            throw new IOException("Can't get Master Kerberos principal for the RM to use as renewer");
        }
        // For now, only getting tokens for the default file-system.
        final Token<?>[] tokens = fs.addDelegationTokens(tokenRenewer, credentials);
        if (tokens != null) {
            for (Token<?> token : tokens) {
                LOG.info("Got dt for " + fs.getUri() + "; " + token);
            }
        }
        DataOutputBuffer dob = new DataOutputBuffer();
        credentials.writeTokenStorageToStream(dob);
        ByteBuffer fsTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength());
        amContainer.setTokens(fsTokens);
    }
    appContext.setAMContainerSpec(amContainer);
    // Set the priority for the application master
    // TODO - what is the range for priority? how to decide? 
    Priority pri = Priority.newInstance(amPriority);
    appContext.setPriority(pri);
    // Set the queue to which this application is to be submitted in the RM
    appContext.setQueue(amQueue);
    // Submit the application to the applications manager
    // SubmitApplicationResponse submitResp = applicationsManager.submitApplication(appRequest);
    // Ignore the response as either a valid response object is returned on success 
    // or an exception thrown to denote some form of a failure
    LOG.info("Submitting application to ASM");
    yarnClient.submitApplication(appContext);
    // Monitor the application
    return monitorApplication(appId);
}