Search in sources :

Example 16 with ContainerTokenIdentifier

use of org.apache.hadoop.yarn.security.ContainerTokenIdentifier in project hadoop by apache.

the class TestContainerManagerSecurity method testNMTokens.

private void testNMTokens(Configuration conf) throws Exception {
    NMTokenSecretManagerInRM nmTokenSecretManagerRM = yarnCluster.getResourceManager().getRMContext().getNMTokenSecretManager();
    NMTokenSecretManagerInNM nmTokenSecretManagerNM = yarnCluster.getNodeManager(0).getNMContext().getNMTokenSecretManager();
    RMContainerTokenSecretManager containerTokenSecretManager = yarnCluster.getResourceManager().getRMContext().getContainerTokenSecretManager();
    NodeManager nm = yarnCluster.getNodeManager(0);
    waitForNMToReceiveNMTokenKey(nmTokenSecretManagerNM, nm);
    // Both id should be equal.
    Assert.assertEquals(nmTokenSecretManagerNM.getCurrentKey().getKeyId(), nmTokenSecretManagerRM.getCurrentKey().getKeyId());
    /*
     * Below cases should be tested.
     * 1) If Invalid NMToken is used then it should be rejected.
     * 2) If valid NMToken but belonging to another Node is used then that
     * too should be rejected.
     * 3) NMToken for say appAttempt-1 is used for starting/stopping/retrieving
     * status for container with containerId for say appAttempt-2 should
     * be rejected.
     * 4) After start container call is successful nmtoken should have been
     * saved in NMTokenSecretManagerInNM.
     * 5) If start container call was successful (no matter if container is
     * still running or not), appAttempt->NMToken should be present in
     * NMTokenSecretManagerInNM's cache. Any future getContainerStatus call
     * for containerId belonging to that application attempt using
     * applicationAttempt's older nmToken should not get any invalid
     * nmToken error. (This can be best tested if we roll over NMToken
     * master key twice).
     */
    YarnRPC rpc = YarnRPC.create(conf);
    String user = "test";
    Resource r = Resource.newInstance(1024, 1);
    ApplicationId appId = ApplicationId.newInstance(1, 1);
    MockRMApp m = new MockRMApp(appId.getId(), appId.getClusterTimestamp(), RMAppState.NEW);
    yarnCluster.getResourceManager().getRMContext().getRMApps().put(appId, m);
    ApplicationAttemptId validAppAttemptId = ApplicationAttemptId.newInstance(appId, 1);
    ContainerId validContainerId = ContainerId.newContainerId(validAppAttemptId, 0);
    NodeId validNode = yarnCluster.getNodeManager(0).getNMContext().getNodeId();
    NodeId invalidNode = NodeId.newInstance("InvalidHost", 1234);
    org.apache.hadoop.yarn.api.records.Token validNMToken = nmTokenSecretManagerRM.createNMToken(validAppAttemptId, validNode, user);
    org.apache.hadoop.yarn.api.records.Token validContainerToken = containerTokenSecretManager.createContainerToken(validContainerId, 0, validNode, user, r, Priority.newInstance(10), 1234);
    ContainerTokenIdentifier identifier = BuilderUtils.newContainerTokenIdentifier(validContainerToken);
    Assert.assertEquals(Priority.newInstance(10), identifier.getPriority());
    Assert.assertEquals(1234, identifier.getCreationTime());
    StringBuilder sb;
    // testInvalidNMToken ... creating NMToken using different secret manager.
    NMTokenSecretManagerInRM tempManager = new NMTokenSecretManagerInRM(conf);
    tempManager.rollMasterKey();
    do {
        tempManager.rollMasterKey();
        tempManager.activateNextMasterKey();
    // Making sure key id is different.
    } while (tempManager.getCurrentKey().getKeyId() == nmTokenSecretManagerRM.getCurrentKey().getKeyId());
    // Testing that NM rejects the requests when we don't send any token.
    if (UserGroupInformation.isSecurityEnabled()) {
        sb = new StringBuilder("Client cannot authenticate via:[TOKEN]");
    } else {
        sb = new StringBuilder("SIMPLE authentication is not enabled.  Available:[TOKEN]");
    }
    String errorMsg = testStartContainer(rpc, validAppAttemptId, validNode, validContainerToken, null, true);
    Assert.assertTrue(errorMsg.contains(sb.toString()));
    org.apache.hadoop.yarn.api.records.Token invalidNMToken = tempManager.createNMToken(validAppAttemptId, validNode, user);
    sb = new StringBuilder("Given NMToken for application : ");
    sb.append(validAppAttemptId.toString()).append(" seems to have been generated illegally.");
    Assert.assertTrue(sb.toString().contains(testStartContainer(rpc, validAppAttemptId, validNode, validContainerToken, invalidNMToken, true)));
    // valid NMToken but belonging to other node
    invalidNMToken = nmTokenSecretManagerRM.createNMToken(validAppAttemptId, invalidNode, user);
    sb = new StringBuilder("Given NMToken for application : ");
    sb.append(validAppAttemptId).append(" is not valid for current node manager.expected : ").append(validNode.toString()).append(" found : ").append(invalidNode.toString());
    Assert.assertTrue(sb.toString().contains(testStartContainer(rpc, validAppAttemptId, validNode, validContainerToken, invalidNMToken, true)));
    // using correct tokens. nmtoken for app attempt should get saved.
    conf.setInt(YarnConfiguration.RM_CONTAINER_ALLOC_EXPIRY_INTERVAL_MS, 4 * 60 * 1000);
    validContainerToken = containerTokenSecretManager.createContainerToken(validContainerId, 0, validNode, user, r, Priority.newInstance(0), 0);
    Assert.assertTrue(testStartContainer(rpc, validAppAttemptId, validNode, validContainerToken, validNMToken, false).isEmpty());
    Assert.assertTrue(nmTokenSecretManagerNM.isAppAttemptNMTokenKeyPresent(validAppAttemptId));
    // using a new compatible version nmtoken, expect container can be started 
    // successfully.
    ApplicationAttemptId validAppAttemptId2 = ApplicationAttemptId.newInstance(appId, 2);
    ContainerId validContainerId2 = ContainerId.newContainerId(validAppAttemptId2, 0);
    org.apache.hadoop.yarn.api.records.Token validContainerToken2 = containerTokenSecretManager.createContainerToken(validContainerId2, 0, validNode, user, r, Priority.newInstance(0), 0);
    org.apache.hadoop.yarn.api.records.Token validNMToken2 = nmTokenSecretManagerRM.createNMToken(validAppAttemptId2, validNode, user);
    // First, get a new NMTokenIdentifier.
    NMTokenIdentifier newIdentifier = new NMTokenIdentifier();
    byte[] tokenIdentifierContent = validNMToken2.getIdentifier().array();
    DataInputBuffer dib = new DataInputBuffer();
    dib.reset(tokenIdentifierContent, tokenIdentifierContent.length);
    newIdentifier.readFields(dib);
    // Then, generate a new version NMTokenIdentifier (NMTokenIdentifierNewForTest)
    // with additional field of message.
    NMTokenIdentifierNewForTest newVersionIdentifier = new NMTokenIdentifierNewForTest(newIdentifier, "message");
    // check new version NMTokenIdentifier has correct info.
    Assert.assertEquals("The ApplicationAttemptId is changed after set to " + "newVersionIdentifier", validAppAttemptId2.getAttemptId(), newVersionIdentifier.getApplicationAttemptId().getAttemptId());
    Assert.assertEquals("The message is changed after set to newVersionIdentifier", "message", newVersionIdentifier.getMessage());
    Assert.assertEquals("The NodeId is changed after set to newVersionIdentifier", validNode, newVersionIdentifier.getNodeId());
    // create new Token based on new version NMTokenIdentifier.
    org.apache.hadoop.yarn.api.records.Token newVersionedNMToken = BaseNMTokenSecretManager.newInstance(nmTokenSecretManagerRM.retrievePassword(newVersionIdentifier), newVersionIdentifier);
    // Verify startContainer is successful and no exception is thrown.
    Assert.assertTrue(testStartContainer(rpc, validAppAttemptId2, validNode, validContainerToken2, newVersionedNMToken, false).isEmpty());
    Assert.assertTrue(nmTokenSecretManagerNM.isAppAttemptNMTokenKeyPresent(validAppAttemptId2));
    //Now lets wait till container finishes and is removed from node manager.
    waitForContainerToFinishOnNM(validContainerId);
    sb = new StringBuilder("Attempt to relaunch the same container with id ");
    sb.append(validContainerId);
    Assert.assertTrue(testStartContainer(rpc, validAppAttemptId, validNode, validContainerToken, validNMToken, true).contains(sb.toString()));
    // Container is removed from node manager's memory by this time.
    // trying to stop the container. It should not throw any exception.
    testStopContainer(rpc, validAppAttemptId, validNode, validContainerId, validNMToken, false);
    // Rolling over master key twice so that we can check whether older keys
    // are used for authentication.
    rollNMTokenMasterKey(nmTokenSecretManagerRM, nmTokenSecretManagerNM);
    // Key rolled over once.. rolling over again
    rollNMTokenMasterKey(nmTokenSecretManagerRM, nmTokenSecretManagerNM);
    // trying get container status. Now saved nmToken should be used for
    // authentication... It should complain saying container was recently
    // stopped.
    sb = new StringBuilder("Container ");
    sb.append(validContainerId);
    sb.append(" was recently stopped on node manager");
    Assert.assertTrue(testGetContainer(rpc, validAppAttemptId, validNode, validContainerId, validNMToken, true).contains(sb.toString()));
    // Now lets remove the container from nm-memory
    nm.getNodeStatusUpdater().clearFinishedContainersFromCache();
    // This should fail as container is removed from recently tracked finished
    // containers.
    sb = new StringBuilder("Container ");
    sb.append(validContainerId.toString());
    sb.append(" is not handled by this NodeManager");
    Assert.assertTrue(testGetContainer(rpc, validAppAttemptId, validNode, validContainerId, validNMToken, false).contains(sb.toString()));
    // using appAttempt-1 NMtoken for launching container for appAttempt-2 should
    // succeed.
    ApplicationAttemptId attempt2 = ApplicationAttemptId.newInstance(appId, 2);
    Token attempt1NMToken = nmTokenSecretManagerRM.createNMToken(validAppAttemptId, validNode, user);
    org.apache.hadoop.yarn.api.records.Token newContainerToken = containerTokenSecretManager.createContainerToken(ContainerId.newContainerId(attempt2, 1), 0, validNode, user, r, Priority.newInstance(0), 0);
    Assert.assertTrue(testStartContainer(rpc, attempt2, validNode, newContainerToken, attempt1NMToken, false).isEmpty());
}
Also used : NMTokenIdentifier(org.apache.hadoop.yarn.security.NMTokenIdentifier) MockRMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.MockRMApp) Resource(org.apache.hadoop.yarn.api.records.Resource) NMTokenSecretManagerInNM(org.apache.hadoop.yarn.server.nodemanager.security.NMTokenSecretManagerInNM) InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken) Token(org.apache.hadoop.yarn.api.records.Token) YarnRPC(org.apache.hadoop.yarn.ipc.YarnRPC) ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId) NMTokenSecretManagerInRM(org.apache.hadoop.yarn.server.resourcemanager.security.NMTokenSecretManagerInRM) ContainerTokenIdentifier(org.apache.hadoop.yarn.security.ContainerTokenIdentifier) NodeManager(org.apache.hadoop.yarn.server.nodemanager.NodeManager) Token(org.apache.hadoop.yarn.api.records.Token) DataInputBuffer(org.apache.hadoop.io.DataInputBuffer) ContainerId(org.apache.hadoop.yarn.api.records.ContainerId) NodeId(org.apache.hadoop.yarn.api.records.NodeId) RMContainerTokenSecretManager(org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager) ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)

Example 17 with ContainerTokenIdentifier

use of org.apache.hadoop.yarn.security.ContainerTokenIdentifier in project hadoop by apache.

the class TestDistributedScheduling method testOpportunisticExecutionTypeRequestE2E.

/**
   * Validates if Allocate Requests containing only OPPORTUNISTIC container
   * requests are satisfied instantly.
   *
   * @throws Exception
   */
@Test(timeout = 60000)
public void testOpportunisticExecutionTypeRequestE2E() throws Exception {
    LOG.info("testDistributedSchedulingE2E - Register");
    RegisterApplicationMasterResponse responseRegister = client.registerApplicationMaster(RegisterApplicationMasterRequest.newInstance(NetUtils.getHostname(), 1024, ""));
    Assert.assertNotNull(responseRegister);
    Assert.assertNotNull(responseRegister.getQueue());
    Assert.assertNotNull(responseRegister.getApplicationACLs());
    Assert.assertNotNull(responseRegister.getClientToAMTokenMasterKey());
    Assert.assertNotNull(responseRegister.getContainersFromPreviousAttempts());
    Assert.assertNotNull(responseRegister.getSchedulerResourceTypes());
    Assert.assertNotNull(responseRegister.getMaximumResourceCapability());
    // Wait until the RM has been updated and verify
    Map<ApplicationId, RMApp> rmApps = cluster.getResourceManager().getRMContext().getRMApps();
    boolean rmUpdated = false;
    for (int i = 0; i < 10 && !rmUpdated; i++) {
        sleep(100);
        RMApp rmApp = rmApps.get(appId);
        if (rmApp.getState() == RMAppState.RUNNING) {
            rmUpdated = true;
        }
    }
    RMApp rmApp = rmApps.get(appId);
    Assert.assertEquals(RMAppState.RUNNING, rmApp.getState());
    LOG.info("testDistributedSchedulingE2E - Allocate");
    AllocateRequest request = createAllocateRequest(rmClient.getNodeReports(NodeState.RUNNING));
    // Replace 'ANY' requests with OPPORTUNISTIC aks and remove
    // everything else
    List<ResourceRequest> newAskList = new ArrayList<>();
    for (ResourceRequest rr : request.getAskList()) {
        if (ResourceRequest.ANY.equals(rr.getResourceName())) {
            ResourceRequest newRR = ResourceRequest.newInstance(rr.getPriority(), rr.getResourceName(), rr.getCapability(), rr.getNumContainers(), rr.getRelaxLocality(), rr.getNodeLabelExpression(), ExecutionTypeRequest.newInstance(ExecutionType.OPPORTUNISTIC, true));
            newAskList.add(newRR);
        }
    }
    request.setAskList(newAskList);
    AllocateResponse allocResponse = client.allocate(request);
    Assert.assertNotNull(allocResponse);
    // Ensure that all the requests are satisfied immediately
    Assert.assertEquals(2, allocResponse.getAllocatedContainers().size());
    // Verify that the allocated containers are OPPORTUNISTIC
    for (Container allocatedContainer : allocResponse.getAllocatedContainers()) {
        ContainerTokenIdentifier containerTokenIdentifier = BuilderUtils.newContainerTokenIdentifier(allocatedContainer.getContainerToken());
        Assert.assertEquals(ExecutionType.OPPORTUNISTIC, containerTokenIdentifier.getExecutionType());
    }
    // Check that the RM sees OPPORTUNISTIC containers
    ResourceScheduler scheduler = cluster.getResourceManager().getResourceScheduler();
    for (Container allocatedContainer : allocResponse.getAllocatedContainers()) {
        ContainerId containerId = allocatedContainer.getId();
        RMContainer rmContainer = scheduler.getRMContainer(containerId);
        Assert.assertEquals(ExecutionType.OPPORTUNISTIC, rmContainer.getExecutionType());
    }
    LOG.info("testDistributedSchedulingE2E - Finish");
}
Also used : RMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp) AllocateRequest(org.apache.hadoop.yarn.api.protocolrecords.AllocateRequest) ArrayList(java.util.ArrayList) RMContainer(org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.RMContainer) ContainerTokenIdentifier(org.apache.hadoop.yarn.security.ContainerTokenIdentifier) AllocateResponse(org.apache.hadoop.yarn.api.protocolrecords.AllocateResponse) RMContainer(org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.RMContainer) Container(org.apache.hadoop.yarn.api.records.Container) ContainerId(org.apache.hadoop.yarn.api.records.ContainerId) RegisterApplicationMasterResponse(org.apache.hadoop.yarn.api.protocolrecords.RegisterApplicationMasterResponse) ResourceScheduler(org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler) ResourceRequest(org.apache.hadoop.yarn.api.records.ResourceRequest) ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId) Test(org.junit.Test)

Example 18 with ContainerTokenIdentifier

use of org.apache.hadoop.yarn.security.ContainerTokenIdentifier in project hadoop by apache.

the class TestDistributedScheduling method testMixedExecutionTypeRequestE2E.

/**
   * Validates if Allocate Requests containing both GUARANTEED and OPPORTUNISTIC
   * container requests works as expected.
   *
   * @throws Exception
   */
@Test(timeout = 60000)
public void testMixedExecutionTypeRequestE2E() throws Exception {
    LOG.info("testDistributedSchedulingE2E - Register");
    RegisterApplicationMasterResponse responseRegister = client.registerApplicationMaster(RegisterApplicationMasterRequest.newInstance(NetUtils.getHostname(), 1024, ""));
    Assert.assertNotNull(responseRegister);
    Assert.assertNotNull(responseRegister.getQueue());
    Assert.assertNotNull(responseRegister.getApplicationACLs());
    Assert.assertNotNull(responseRegister.getClientToAMTokenMasterKey());
    Assert.assertNotNull(responseRegister.getContainersFromPreviousAttempts());
    Assert.assertNotNull(responseRegister.getSchedulerResourceTypes());
    Assert.assertNotNull(responseRegister.getMaximumResourceCapability());
    RMApp rmApp = cluster.getResourceManager().getRMContext().getRMApps().get(appId);
    Assert.assertEquals(RMAppState.RUNNING, rmApp.getState());
    LOG.info("testDistributedSchedulingE2E - Allocate");
    AllocateRequest request = createAllocateRequest(rmClient.getNodeReports(NodeState.RUNNING));
    List<ResourceRequest> askList = request.getAskList();
    List<ResourceRequest> newAskList = new ArrayList<>(askList);
    // Duplicate all ANY requests marking them as opportunistic
    for (ResourceRequest rr : askList) {
        if (ResourceRequest.ANY.equals(rr.getResourceName())) {
            ResourceRequest newRR = ResourceRequest.newInstance(rr.getPriority(), rr.getResourceName(), rr.getCapability(), rr.getNumContainers(), rr.getRelaxLocality(), rr.getNodeLabelExpression(), ExecutionTypeRequest.newInstance(ExecutionType.OPPORTUNISTIC, true));
            newAskList.add(newRR);
        }
    }
    request.setAskList(newAskList);
    AllocateResponse allocResponse = client.allocate(request);
    Assert.assertNotNull(allocResponse);
    // Ensure that all the requests are satisfied immediately
    Assert.assertEquals(2, allocResponse.getAllocatedContainers().size());
    // Verify that the allocated containers are OPPORTUNISTIC
    for (Container allocatedContainer : allocResponse.getAllocatedContainers()) {
        ContainerTokenIdentifier containerTokenIdentifier = BuilderUtils.newContainerTokenIdentifier(allocatedContainer.getContainerToken());
        Assert.assertEquals(ExecutionType.OPPORTUNISTIC, containerTokenIdentifier.getExecutionType());
    }
    request.setAskList(new ArrayList<ResourceRequest>());
    request.setResponseId(request.getResponseId() + 1);
    Thread.sleep(1000);
    // RM should allocate GUARANTEED containers within 2 calls to allocate()
    allocResponse = client.allocate(request);
    Assert.assertNotNull(allocResponse);
    Assert.assertEquals(2, allocResponse.getAllocatedContainers().size());
    // Verify that the allocated containers are GUARANTEED
    for (Container allocatedContainer : allocResponse.getAllocatedContainers()) {
        ContainerTokenIdentifier containerTokenIdentifier = BuilderUtils.newContainerTokenIdentifier(allocatedContainer.getContainerToken());
        Assert.assertEquals(ExecutionType.GUARANTEED, containerTokenIdentifier.getExecutionType());
    }
    LOG.info("testDistributedSchedulingE2E - Finish");
}
Also used : AllocateResponse(org.apache.hadoop.yarn.api.protocolrecords.AllocateResponse) RMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp) RMContainer(org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.RMContainer) Container(org.apache.hadoop.yarn.api.records.Container) RegisterApplicationMasterResponse(org.apache.hadoop.yarn.api.protocolrecords.RegisterApplicationMasterResponse) AllocateRequest(org.apache.hadoop.yarn.api.protocolrecords.AllocateRequest) ArrayList(java.util.ArrayList) ResourceRequest(org.apache.hadoop.yarn.api.records.ResourceRequest) ContainerTokenIdentifier(org.apache.hadoop.yarn.security.ContainerTokenIdentifier) Test(org.junit.Test)

Example 19 with ContainerTokenIdentifier

use of org.apache.hadoop.yarn.security.ContainerTokenIdentifier in project hadoop by apache.

the class TestContainerLaunchRPC method testRPCTimeout.

private void testRPCTimeout(String rpcClass) throws Exception {
    Configuration conf = new Configuration();
    // set timeout low for the test
    conf.setInt("yarn.rpc.nm-command-timeout", 3000);
    conf.set(YarnConfiguration.IPC_RPC_IMPL, rpcClass);
    YarnRPC rpc = YarnRPC.create(conf);
    String bindAddr = "localhost:0";
    InetSocketAddress addr = NetUtils.createSocketAddr(bindAddr);
    Server server = rpc.getServer(ContainerManagementProtocol.class, new DummyContainerManager(), addr, conf, null, 1);
    server.start();
    try {
        ContainerManagementProtocol proxy = (ContainerManagementProtocol) rpc.getProxy(ContainerManagementProtocol.class, server.getListenerAddress(), conf);
        ContainerLaunchContext containerLaunchContext = recordFactory.newRecordInstance(ContainerLaunchContext.class);
        ApplicationId applicationId = ApplicationId.newInstance(0, 0);
        ApplicationAttemptId applicationAttemptId = ApplicationAttemptId.newInstance(applicationId, 0);
        ContainerId containerId = ContainerId.newContainerId(applicationAttemptId, 100);
        NodeId nodeId = NodeId.newInstance("localhost", 1234);
        Resource resource = Resource.newInstance(1234, 2);
        ContainerTokenIdentifier containerTokenIdentifier = new ContainerTokenIdentifier(containerId, "localhost", "user", resource, System.currentTimeMillis() + 10000, 42, 42, Priority.newInstance(0), 0);
        Token containerToken = newContainerToken(nodeId, "password".getBytes(), containerTokenIdentifier);
        StartContainerRequest scRequest = StartContainerRequest.newInstance(containerLaunchContext, containerToken);
        List<StartContainerRequest> list = new ArrayList<StartContainerRequest>();
        list.add(scRequest);
        StartContainersRequest allRequests = StartContainersRequest.newInstance(list);
        try {
            proxy.startContainers(allRequests);
        } catch (Exception e) {
            LOG.info(StringUtils.stringifyException(e));
            Assert.assertEquals("Error, exception is not: " + SocketTimeoutException.class.getName(), SocketTimeoutException.class.getName(), e.getClass().getName());
            return;
        }
    } finally {
        server.stop();
    }
    Assert.fail("timeout exception should have occurred!");
}
Also used : StartContainersRequest(org.apache.hadoop.yarn.api.protocolrecords.StartContainersRequest) Configuration(org.apache.hadoop.conf.Configuration) YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration) Server(org.apache.hadoop.ipc.Server) InetSocketAddress(java.net.InetSocketAddress) Resource(org.apache.hadoop.yarn.api.records.Resource) ArrayList(java.util.ArrayList) Token(org.apache.hadoop.yarn.api.records.Token) YarnRPC(org.apache.hadoop.yarn.ipc.YarnRPC) ContainerLaunchContext(org.apache.hadoop.yarn.api.records.ContainerLaunchContext) ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId) YarnException(org.apache.hadoop.yarn.exceptions.YarnException) SocketTimeoutException(java.net.SocketTimeoutException) IOException(java.io.IOException) ContainerTokenIdentifier(org.apache.hadoop.yarn.security.ContainerTokenIdentifier) StartContainerRequest(org.apache.hadoop.yarn.api.protocolrecords.StartContainerRequest) ContainerManagementProtocol(org.apache.hadoop.yarn.api.ContainerManagementProtocol) SocketTimeoutException(java.net.SocketTimeoutException) ContainerId(org.apache.hadoop.yarn.api.records.ContainerId) NodeId(org.apache.hadoop.yarn.api.records.NodeId) ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)

Example 20 with ContainerTokenIdentifier

use of org.apache.hadoop.yarn.security.ContainerTokenIdentifier in project hadoop by apache.

the class TestContainerResourceIncreaseRPC method testRPCTimeout.

private void testRPCTimeout(String rpcClass) throws Exception {
    Configuration conf = new Configuration();
    // set timeout low for the test
    conf.setInt("yarn.rpc.nm-command-timeout", 3000);
    conf.set(YarnConfiguration.IPC_RPC_IMPL, rpcClass);
    YarnRPC rpc = YarnRPC.create(conf);
    String bindAddr = "localhost:0";
    InetSocketAddress addr = NetUtils.createSocketAddr(bindAddr);
    Server server = rpc.getServer(ContainerManagementProtocol.class, new DummyContainerManager(), addr, conf, null, 1);
    server.start();
    try {
        ContainerManagementProtocol proxy = (ContainerManagementProtocol) rpc.getProxy(ContainerManagementProtocol.class, server.getListenerAddress(), conf);
        ApplicationId applicationId = ApplicationId.newInstance(0, 0);
        ApplicationAttemptId applicationAttemptId = ApplicationAttemptId.newInstance(applicationId, 0);
        ContainerId containerId = ContainerId.newContainerId(applicationAttemptId, 100);
        NodeId nodeId = NodeId.newInstance("localhost", 1234);
        Resource resource = Resource.newInstance(1234, 2);
        ContainerTokenIdentifier containerTokenIdentifier = new ContainerTokenIdentifier(containerId, "localhost", "user", resource, System.currentTimeMillis() + 10000, 42, 42, Priority.newInstance(0), 0);
        Token containerToken = newContainerToken(nodeId, "password".getBytes(), containerTokenIdentifier);
        // Construct container resource increase request,
        List<Token> increaseTokens = new ArrayList<>();
        increaseTokens.add(containerToken);
        IncreaseContainersResourceRequest increaseRequest = IncreaseContainersResourceRequest.newInstance(increaseTokens);
        try {
            proxy.increaseContainersResource(increaseRequest);
        } catch (Exception e) {
            LOG.info(StringUtils.stringifyException(e));
            Assert.assertEquals("Error, exception is not: " + SocketTimeoutException.class.getName(), SocketTimeoutException.class.getName(), e.getClass().getName());
            return;
        }
    } finally {
        server.stop();
    }
    Assert.fail("timeout exception should have occurred!");
}
Also used : YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration) Configuration(org.apache.hadoop.conf.Configuration) Server(org.apache.hadoop.ipc.Server) InetSocketAddress(java.net.InetSocketAddress) Resource(org.apache.hadoop.yarn.api.records.Resource) ArrayList(java.util.ArrayList) IncreaseContainersResourceRequest(org.apache.hadoop.yarn.api.protocolrecords.IncreaseContainersResourceRequest) Token(org.apache.hadoop.yarn.api.records.Token) YarnRPC(org.apache.hadoop.yarn.ipc.YarnRPC) ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId) YarnException(org.apache.hadoop.yarn.exceptions.YarnException) SocketTimeoutException(java.net.SocketTimeoutException) IOException(java.io.IOException) ContainerTokenIdentifier(org.apache.hadoop.yarn.security.ContainerTokenIdentifier) ContainerManagementProtocol(org.apache.hadoop.yarn.api.ContainerManagementProtocol) SocketTimeoutException(java.net.SocketTimeoutException) ContainerId(org.apache.hadoop.yarn.api.records.ContainerId) NodeId(org.apache.hadoop.yarn.api.records.NodeId) ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)

Aggregations

ContainerTokenIdentifier (org.apache.hadoop.yarn.security.ContainerTokenIdentifier)32 ContainerId (org.apache.hadoop.yarn.api.records.ContainerId)19 ArrayList (java.util.ArrayList)14 Resource (org.apache.hadoop.yarn.api.records.Resource)13 Token (org.apache.hadoop.yarn.api.records.Token)13 ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)12 Test (org.junit.Test)11 ApplicationAttemptId (org.apache.hadoop.yarn.api.records.ApplicationAttemptId)10 StartContainerRequest (org.apache.hadoop.yarn.api.protocolrecords.StartContainerRequest)9 InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)8 NodeId (org.apache.hadoop.yarn.api.records.NodeId)8 Container (org.apache.hadoop.yarn.api.records.Container)7 ContainerLaunchContext (org.apache.hadoop.yarn.api.records.ContainerLaunchContext)7 IOException (java.io.IOException)6 HashMap (java.util.HashMap)6 StartContainersRequest (org.apache.hadoop.yarn.api.protocolrecords.StartContainersRequest)5 LocalResource (org.apache.hadoop.yarn.api.records.LocalResource)5 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)5 YarnException (org.apache.hadoop.yarn.exceptions.YarnException)5 YarnRPC (org.apache.hadoop.yarn.ipc.YarnRPC)5