Example 26 with InvalidToken
use of org.apache.hadoop.security.token.SecretManager.InvalidToken in project hadoop by apache.
the class ContainerManagerImpl method startContainers.
/**
* Start a list of containers on this NodeManager.
*/
@Override
public StartContainersResponse startContainers(StartContainersRequest requests) throws YarnException, IOException {
if (blockNewContainerRequests.get()) {
throw new NMNotYetReadyException("Rejecting new containers as NodeManager has not" + " yet connected with ResourceManager");
}
UserGroupInformation remoteUgi = getRemoteUgi();
NMTokenIdentifier nmTokenIdentifier = selectNMTokenIdentifier(remoteUgi);
authorizeUser(remoteUgi, nmTokenIdentifier);
List<ContainerId> succeededContainers = new ArrayList<ContainerId>();
Map<ContainerId, SerializedException> failedContainers = new HashMap<ContainerId, SerializedException>();
// been added to the containers map in NMContext.
synchronized (this.context) {
for (StartContainerRequest request : requests.getStartContainerRequests()) {
ContainerId containerId = null;
try {
if (request.getContainerToken() == null || request.getContainerToken().getIdentifier() == null) {
throw new IOException(INVALID_CONTAINERTOKEN_MSG);
}
ContainerTokenIdentifier containerTokenIdentifier = BuilderUtils.newContainerTokenIdentifier(request.getContainerToken());
verifyAndGetContainerTokenIdentifier(request.getContainerToken(), containerTokenIdentifier);
containerId = containerTokenIdentifier.getContainerID();
// type AM and if the AMRMProxy service is enabled
if (amrmProxyEnabled && containerTokenIdentifier.getContainerType().equals(ContainerType.APPLICATION_MASTER)) {
this.getAMRMProxyService().processApplicationStartRequest(request);
}
performContainerPreStartChecks(nmTokenIdentifier, request, containerTokenIdentifier);
startContainerInternal(containerTokenIdentifier, request);
succeededContainers.add(containerId);
} catch (YarnException e) {
failedContainers.put(containerId, SerializedException.newInstance(e));
} catch (InvalidToken ie) {
failedContainers.put(containerId, SerializedException.newInstance(ie));
throw ie;
} catch (IOException e) {
throw RPCUtil.getRemoteException(e);
}
}
return StartContainersResponse.newInstance(getAuxServiceMetaData(), succeededContainers, failedContainers);
}
}
Also used :
NMTokenIdentifier(org.apache.hadoop.yarn.security.NMTokenIdentifier)
HashMap(java.util.HashMap)
SerializedException(org.apache.hadoop.yarn.api.records.SerializedException)
ArrayList(java.util.ArrayList)
NMNotYetReadyException(org.apache.hadoop.yarn.exceptions.NMNotYetReadyException)
IOException(java.io.IOException)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
StartContainerRequest(org.apache.hadoop.yarn.api.protocolrecords.StartContainerRequest)
ContainerTokenIdentifier(org.apache.hadoop.yarn.security.ContainerTokenIdentifier)
ContainerId(org.apache.hadoop.yarn.api.records.ContainerId)
InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 27 with InvalidToken
use of org.apache.hadoop.security.token.SecretManager.InvalidToken in project hadoop by apache.
the class ContainerManagerImpl method increaseContainersResource.
/**
* Increase resource of a list of containers on this NodeManager.
*/
@Override
public IncreaseContainersResourceResponse increaseContainersResource(IncreaseContainersResourceRequest requests) throws YarnException, IOException {
if (blockNewContainerRequests.get()) {
throw new NMNotYetReadyException("Rejecting container resource increase as NodeManager has not" + " yet connected with ResourceManager");
}
UserGroupInformation remoteUgi = getRemoteUgi();
NMTokenIdentifier nmTokenIdentifier = selectNMTokenIdentifier(remoteUgi);
authorizeUser(remoteUgi, nmTokenIdentifier);
List<ContainerId> successfullyIncreasedContainers = new ArrayList<ContainerId>();
Map<ContainerId, SerializedException> failedContainers = new HashMap<ContainerId, SerializedException>();
// map in NMContext.
synchronized (this.context) {
// Process container resource increase requests
for (org.apache.hadoop.yarn.api.records.Token token : requests.getContainersToIncrease()) {
ContainerId containerId = null;
try {
if (token.getIdentifier() == null) {
throw new IOException(INVALID_CONTAINERTOKEN_MSG);
}
ContainerTokenIdentifier containerTokenIdentifier = BuilderUtils.newContainerTokenIdentifier(token);
verifyAndGetContainerTokenIdentifier(token, containerTokenIdentifier);
authorizeStartAndResourceIncreaseRequest(nmTokenIdentifier, containerTokenIdentifier, false);
containerId = containerTokenIdentifier.getContainerID();
// Reuse the startContainer logic to update NMToken,
// as container resource increase request will have come with
// an updated NMToken.
updateNMTokenIdentifier(nmTokenIdentifier);
Resource resource = containerTokenIdentifier.getResource();
changeContainerResourceInternal(containerId, containerTokenIdentifier.getVersion(), resource, true);
successfullyIncreasedContainers.add(containerId);
} catch (YarnException | InvalidToken e) {
failedContainers.put(containerId, SerializedException.newInstance(e));
} catch (IOException e) {
throw RPCUtil.getRemoteException(e);
}
}
}
return IncreaseContainersResourceResponse.newInstance(successfullyIncreasedContainers, failedContainers);
}
Also used :
NMTokenIdentifier(org.apache.hadoop.yarn.security.NMTokenIdentifier)
HashMap(java.util.HashMap)
SerializedException(org.apache.hadoop.yarn.api.records.SerializedException)
ArrayList(java.util.ArrayList)
Resource(org.apache.hadoop.yarn.api.records.Resource)
NMNotYetReadyException(org.apache.hadoop.yarn.exceptions.NMNotYetReadyException)
IOException(java.io.IOException)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
ContainerTokenIdentifier(org.apache.hadoop.yarn.security.ContainerTokenIdentifier)
ContainerId(org.apache.hadoop.yarn.api.records.ContainerId)
InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 28 with InvalidToken
use of org.apache.hadoop.security.token.SecretManager.InvalidToken in project hadoop by apache.
the class TestContainerLaunch method createContainerToken.
protected Token createContainerToken(ContainerId cId, Priority priority, long createTime) throws InvalidToken {
Resource r = BuilderUtils.newResource(1024, 1);
ContainerTokenIdentifier containerTokenIdentifier = new ContainerTokenIdentifier(cId, context.getNodeId().toString(), user, r, System.currentTimeMillis() + 10000L, 123, DUMMY_RM_IDENTIFIER, priority, createTime);
Token containerToken = BuilderUtils.newContainerToken(context.getNodeId(), context.getContainerTokenSecretManager().retrievePassword(containerTokenIdentifier), containerTokenIdentifier);
return containerToken;
}
Also used :
Resource(org.apache.hadoop.yarn.api.records.Resource)
LocalResource(org.apache.hadoop.yarn.api.records.LocalResource)
InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken)
Token(org.apache.hadoop.yarn.api.records.Token)
ContainerTokenIdentifier(org.apache.hadoop.yarn.security.ContainerTokenIdentifier)
Aggregations
InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)28
Test (org.junit.Test)16
IOException (java.io.IOException)14
DataInputStream (java.io.DataInputStream)7
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)7
Configuration (org.apache.hadoop.conf.Configuration)6
Text (org.apache.hadoop.io.Text)6
YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)6
ByteArrayInputStream (java.io.ByteArrayInputStream)5
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)5
ByteBuffer (java.nio.ByteBuffer)4
Credentials (org.apache.hadoop.security.Credentials)4
Token (org.apache.hadoop.security.token.Token)4
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)3
ExtendedBlockId (org.apache.hadoop.hdfs.ExtendedBlockId)3
ShortCircuitCache (org.apache.hadoop.hdfs.shortcircuit.ShortCircuitCache)3
AccessControlException (org.apache.hadoop.security.AccessControlException)3
ContainerTokenIdentifier (org.apache.hadoop.yarn.security.ContainerTokenIdentifier)3
EOFException (java.io.EOFException)2
InetSocketAddress (java.net.InetSocketAddress)2
