Example 6 with YarnRPC
use of org.apache.hadoop.yarn.ipc.YarnRPC in project hadoop by apache.
the class AdminService method startServer.
protected void startServer() throws Exception {
Configuration conf = getConfig();
YarnRPC rpc = YarnRPC.create(conf);
this.server = (Server) rpc.getServer(ResourceManagerAdministrationProtocol.class, this, masterServiceBindAddress, conf, null, conf.getInt(YarnConfiguration.RM_ADMIN_CLIENT_THREAD_COUNT, YarnConfiguration.DEFAULT_RM_ADMIN_CLIENT_THREAD_COUNT));
// Enable service authorization?
if (conf.getBoolean(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, false)) {
refreshServiceAcls(getConfiguration(conf, YarnConfiguration.HADOOP_POLICY_CONFIGURATION_FILE), RMPolicyProvider.getInstance());
}
if (rmContext.isHAEnabled()) {
RPC.setProtocolEngine(conf, HAServiceProtocolPB.class, ProtobufRpcEngine.class);
HAServiceProtocolServerSideTranslatorPB haServiceProtocolXlator = new HAServiceProtocolServerSideTranslatorPB(this);
BlockingService haPbService = HAServiceProtocolProtos.HAServiceProtocolService.newReflectiveBlockingService(haServiceProtocolXlator);
server.addProtocol(RPC.RpcKind.RPC_PROTOCOL_BUFFER, HAServiceProtocol.class, haPbService);
}
this.server.start();
conf.updateConnectAddr(YarnConfiguration.RM_BIND_HOST, YarnConfiguration.RM_ADMIN_ADDRESS, YarnConfiguration.DEFAULT_RM_ADMIN_ADDRESS, server.getListenerAddress());
}
Also used :
HAServiceProtocolServerSideTranslatorPB(org.apache.hadoop.ha.protocolPB.HAServiceProtocolServerSideTranslatorPB)
Configuration(org.apache.hadoop.conf.Configuration)
DynamicResourceConfiguration(org.apache.hadoop.yarn.server.resourcemanager.resource.DynamicResourceConfiguration)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
BlockingService(com.google.protobuf.BlockingService)
YarnRPC(org.apache.hadoop.yarn.ipc.YarnRPC)
Example 7 with YarnRPC
use of org.apache.hadoop.yarn.ipc.YarnRPC in project hadoop by apache.
the class ResourceTrackerService method serviceStart.
@Override
protected void serviceStart() throws Exception {
super.serviceStart();
// ResourceTrackerServer authenticates NodeManager via Kerberos if
// security is enabled, so no secretManager.
Configuration conf = getConfig();
YarnRPC rpc = YarnRPC.create(conf);
this.server = rpc.getServer(ResourceTracker.class, this, resourceTrackerAddress, conf, null, conf.getInt(YarnConfiguration.RM_RESOURCE_TRACKER_CLIENT_THREAD_COUNT, YarnConfiguration.DEFAULT_RM_RESOURCE_TRACKER_CLIENT_THREAD_COUNT));
// Enable service authorization?
if (conf.getBoolean(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, false)) {
InputStream inputStream = this.rmContext.getConfigurationProvider().getConfigurationInputStream(conf, YarnConfiguration.HADOOP_POLICY_CONFIGURATION_FILE);
if (inputStream != null) {
conf.addResource(inputStream);
}
refreshServiceAcls(conf, RMPolicyProvider.getInstance());
}
this.server.start();
conf.updateConnectAddr(YarnConfiguration.RM_BIND_HOST, YarnConfiguration.RM_RESOURCE_TRACKER_ADDRESS, YarnConfiguration.DEFAULT_RM_RESOURCE_TRACKER_ADDRESS, server.getListenerAddress());
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
DynamicResourceConfiguration(org.apache.hadoop.yarn.server.resourcemanager.resource.DynamicResourceConfiguration)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
ResourceTracker(org.apache.hadoop.yarn.server.api.ResourceTracker)
InputStream(java.io.InputStream)
YarnRPC(org.apache.hadoop.yarn.ipc.YarnRPC)
Example 8 with YarnRPC
use of org.apache.hadoop.yarn.ipc.YarnRPC in project hadoop by apache.
the class AMLauncher method getContainerMgrProxy.
// Protected. For tests.
protected ContainerManagementProtocol getContainerMgrProxy(final ContainerId containerId) {
final NodeId node = masterContainer.getNodeId();
final InetSocketAddress containerManagerConnectAddress = NetUtils.createSocketAddrForHost(node.getHost(), node.getPort());
final YarnRPC rpc = getYarnRPC();
UserGroupInformation currentUser = UserGroupInformation.createRemoteUser(containerId.getApplicationAttemptId().toString());
String user = rmContext.getRMApps().get(containerId.getApplicationAttemptId().getApplicationId()).getUser();
org.apache.hadoop.yarn.api.records.Token token = rmContext.getNMTokenSecretManager().createNMToken(containerId.getApplicationAttemptId(), node, user);
currentUser.addToken(ConverterUtils.convertFromYarn(token, containerManagerConnectAddress));
return NMProxy.createNMProxy(conf, ContainerManagementProtocol.class, currentUser, rpc, containerManagerConnectAddress);
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
NodeId(org.apache.hadoop.yarn.api.records.NodeId)
YarnRPC(org.apache.hadoop.yarn.ipc.YarnRPC)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 9 with YarnRPC
use of org.apache.hadoop.yarn.ipc.YarnRPC in project hadoop by apache.
the class TestClientRMService method testRMStartWithDecommissionedNode.
@Test
public void testRMStartWithDecommissionedNode() throws Exception {
String excludeFile = "excludeFile";
createExcludeFile(excludeFile);
YarnConfiguration conf = new YarnConfiguration();
conf.set(YarnConfiguration.RM_NODES_EXCLUDE_FILE_PATH, excludeFile);
MockRM rm = new MockRM(conf) {
protected ClientRMService createClientRMService() {
return new ClientRMService(this.rmContext, scheduler, this.rmAppManager, this.applicationACLsManager, this.queueACLsManager, this.getRMContext().getRMDelegationTokenSecretManager());
}
;
};
rm.start();
YarnRPC rpc = YarnRPC.create(conf);
InetSocketAddress rmAddress = rm.getClientRMService().getBindAddress();
LOG.info("Connecting to ResourceManager at " + rmAddress);
ApplicationClientProtocol client = (ApplicationClientProtocol) rpc.getProxy(ApplicationClientProtocol.class, rmAddress, conf);
// Make call
GetClusterNodesRequest request = GetClusterNodesRequest.newInstance(EnumSet.allOf(NodeState.class));
List<NodeReport> nodeReports = client.getClusterNodes(request).getNodeReports();
Assert.assertEquals(1, nodeReports.size());
rm.stop();
rpc.stopProxy(client, conf);
new File(excludeFile).delete();
}
Also used :
NodeState(org.apache.hadoop.yarn.api.records.NodeState)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
InetSocketAddress(java.net.InetSocketAddress)
Matchers.anyString(org.mockito.Matchers.anyString)
YarnRPC(org.apache.hadoop.yarn.ipc.YarnRPC)
ApplicationClientProtocol(org.apache.hadoop.yarn.api.ApplicationClientProtocol)
GetClusterNodesRequest(org.apache.hadoop.yarn.api.protocolrecords.GetClusterNodesRequest)
File(java.io.File)
NodeReport(org.apache.hadoop.yarn.api.records.NodeReport)
Test(org.junit.Test)
Example 10 with YarnRPC
use of org.apache.hadoop.yarn.ipc.YarnRPC in project hadoop by apache.
the class TestAMAuthorization method testUnauthorizedAccess.
@Test
public void testUnauthorizedAccess() throws Exception {
MyContainerManager containerManager = new MyContainerManager();
rm = new MockRMWithAMS(conf, containerManager);
rm.start();
MockNM nm1 = rm.registerNode("localhost:1234", 5120);
RMApp app = rm.submitApp(1024);
nm1.nodeHeartbeat(true);
int waitCount = 0;
while (containerManager.containerTokens == null && waitCount++ < 40) {
LOG.info("Waiting for AM Launch to happen..");
Thread.sleep(1000);
}
Assert.assertNotNull(containerManager.containerTokens);
RMAppAttempt attempt = app.getCurrentAppAttempt();
ApplicationAttemptId applicationAttemptId = attempt.getAppAttemptId();
waitForLaunchedState(attempt);
final Configuration conf = rm.getConfig();
final YarnRPC rpc = YarnRPC.create(conf);
final InetSocketAddress serviceAddr = conf.getSocketAddr(YarnConfiguration.RM_SCHEDULER_ADDRESS, YarnConfiguration.DEFAULT_RM_SCHEDULER_ADDRESS, YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT);
UserGroupInformation currentUser = UserGroupInformation.createRemoteUser(applicationAttemptId.toString());
// First try contacting NM without tokens
ApplicationMasterProtocol client = currentUser.doAs(new PrivilegedAction<ApplicationMasterProtocol>() {
@Override
public ApplicationMasterProtocol run() {
return (ApplicationMasterProtocol) rpc.getProxy(ApplicationMasterProtocol.class, serviceAddr, conf);
}
});
RegisterApplicationMasterRequest request = Records.newRecord(RegisterApplicationMasterRequest.class);
try {
client.registerApplicationMaster(request);
Assert.fail("Should fail with authorization error");
} catch (Exception e) {
if (isCause(AccessControlException.class, e)) {
// Because there are no tokens, the request should be rejected as the
// server side will assume we are trying simple auth.
String expectedMessage = "";
if (UserGroupInformation.isSecurityEnabled()) {
expectedMessage = "Client cannot authenticate via:[TOKEN]";
} else {
expectedMessage = "SIMPLE authentication is not enabled. Available:[TOKEN]";
}
Assert.assertTrue(e.getCause().getMessage().contains(expectedMessage));
} else {
throw e;
}
}
// TODO: Add validation of invalid authorization when there's more data in
// the AMRMToken
}
Also used :
RMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)
RMAppAttempt(org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttempt)
Configuration(org.apache.hadoop.conf.Configuration)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
InetSocketAddress(java.net.InetSocketAddress)
AccessControlException(org.apache.hadoop.security.AccessControlException)
ApplicationMasterProtocol(org.apache.hadoop.yarn.api.ApplicationMasterProtocol)
ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId)
YarnRPC(org.apache.hadoop.yarn.ipc.YarnRPC)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
IOException(java.io.IOException)
AccessControlException(org.apache.hadoop.security.AccessControlException)
RegisterApplicationMasterRequest(org.apache.hadoop.yarn.api.protocolrecords.RegisterApplicationMasterRequest)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Aggregations
YarnRPC (org.apache.hadoop.yarn.ipc.YarnRPC)54
Configuration (org.apache.hadoop.conf.Configuration)39
YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)38
InetSocketAddress (java.net.InetSocketAddress)34
Test (org.junit.Test)18
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)14
IOException (java.io.IOException)13
ApplicationAttemptId (org.apache.hadoop.yarn.api.records.ApplicationAttemptId)12
NodeId (org.apache.hadoop.yarn.api.records.NodeId)12
ApplicationClientProtocol (org.apache.hadoop.yarn.api.ApplicationClientProtocol)8
ContainerManagementProtocol (org.apache.hadoop.yarn.api.ContainerManagementProtocol)8
ContainerId (org.apache.hadoop.yarn.api.records.ContainerId)8
HashMap (java.util.HashMap)7
Server (org.apache.hadoop.ipc.Server)7
MRClientProtocol (org.apache.hadoop.mapreduce.v2.api.MRClientProtocol)7
ApplicationMasterProtocol (org.apache.hadoop.yarn.api.ApplicationMasterProtocol)7
RegisterApplicationMasterRequest (org.apache.hadoop.yarn.api.protocolrecords.RegisterApplicationMasterRequest)7
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)7
RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)7
RMAppAttempt (org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttempt)7
