Examples with NMTokenIdentifier org.apache.hadoop.yarn.security.NMTokenIdentifier used on opensource projects

Example 11 with NMTokenIdentifier

use of org.apache.hadoop.yarn.security.NMTokenIdentifier in project hadoop by apache.

the class ContainerManagerImpl method stopContainers.

/**
   * Stop a list of containers running on this NodeManager.
   */
@Override
public StopContainersResponse stopContainers(StopContainersRequest requests) throws YarnException, IOException {
    List<ContainerId> succeededRequests = new ArrayList<ContainerId>();
    Map<ContainerId, SerializedException> failedRequests = new HashMap<ContainerId, SerializedException>();
    UserGroupInformation remoteUgi = getRemoteUgi();
    NMTokenIdentifier identifier = selectNMTokenIdentifier(remoteUgi);
    if (identifier == null) {
        throw RPCUtil.getRemoteException(INVALID_NMTOKEN_MSG);
    }
    for (ContainerId id : requests.getContainerIds()) {
        try {
            Container container = this.context.getContainers().get(id);
            authorizeGetAndStopContainerRequest(id, container, true, identifier);
            stopContainerInternal(id);
            succeededRequests.add(id);
        } catch (YarnException e) {
            failedRequests.put(id, SerializedException.newInstance(e));
        }
    }
    return StopContainersResponse.newInstance(succeededRequests, failedRequests);
}

Example 12 with NMTokenIdentifier

use of org.apache.hadoop.yarn.security.NMTokenIdentifier in project hadoop by apache.

the class ContainerManagerImpl method increaseContainersResource.

/**
   * Increase resource of a list of containers on this NodeManager.
   */
@Override
public IncreaseContainersResourceResponse increaseContainersResource(IncreaseContainersResourceRequest requests) throws YarnException, IOException {
    if (blockNewContainerRequests.get()) {
        throw new NMNotYetReadyException("Rejecting container resource increase as NodeManager has not" + " yet connected with ResourceManager");
    }
    UserGroupInformation remoteUgi = getRemoteUgi();
    NMTokenIdentifier nmTokenIdentifier = selectNMTokenIdentifier(remoteUgi);
    authorizeUser(remoteUgi, nmTokenIdentifier);
    List<ContainerId> successfullyIncreasedContainers = new ArrayList<ContainerId>();
    Map<ContainerId, SerializedException> failedContainers = new HashMap<ContainerId, SerializedException>();
    // map in NMContext.
    synchronized (this.context) {
        // Process container resource increase requests
        for (org.apache.hadoop.yarn.api.records.Token token : requests.getContainersToIncrease()) {
            ContainerId containerId = null;
            try {
                if (token.getIdentifier() == null) {
                    throw new IOException(INVALID_CONTAINERTOKEN_MSG);
                }
                ContainerTokenIdentifier containerTokenIdentifier = BuilderUtils.newContainerTokenIdentifier(token);
                verifyAndGetContainerTokenIdentifier(token, containerTokenIdentifier);
                authorizeStartAndResourceIncreaseRequest(nmTokenIdentifier, containerTokenIdentifier, false);
                containerId = containerTokenIdentifier.getContainerID();
                // Reuse the startContainer logic to update NMToken,
                // as container resource increase request will have come with
                // an updated NMToken.
                updateNMTokenIdentifier(nmTokenIdentifier);
                Resource resource = containerTokenIdentifier.getResource();
                changeContainerResourceInternal(containerId, containerTokenIdentifier.getVersion(), resource, true);
                successfullyIncreasedContainers.add(containerId);
            } catch (YarnException | InvalidToken e) {
                failedContainers.put(containerId, SerializedException.newInstance(e));
            } catch (IOException e) {
                throw RPCUtil.getRemoteException(e);
            }
        }
    }
    return IncreaseContainersResourceResponse.newInstance(successfullyIncreasedContainers, failedContainers);
}

Example 13 with NMTokenIdentifier

use of org.apache.hadoop.yarn.security.NMTokenIdentifier in project hadoop by apache.

the class ContainerManagerImpl method selectNMTokenIdentifier.

// Obtain the needed ContainerTokenIdentifier from the remote-UGI. RPC layer
// currently sets only the required id, but iterate through anyways just to
// be sure.
@Private
@VisibleForTesting
protected NMTokenIdentifier selectNMTokenIdentifier(UserGroupInformation remoteUgi) {
    Set<TokenIdentifier> tokenIdentifiers = remoteUgi.getTokenIdentifiers();
    NMTokenIdentifier resultId = null;
    for (TokenIdentifier id : tokenIdentifiers) {
        if (id instanceof NMTokenIdentifier) {
            resultId = (NMTokenIdentifier) id;
            break;
        }
    }
    return resultId;
}

Example 14 with NMTokenIdentifier

use of org.apache.hadoop.yarn.security.NMTokenIdentifier in project hadoop by apache.

the class TestContainerManagerRecovery method increaseContainersResource.

private IncreaseContainersResourceResponse increaseContainersResource(Context context, final ContainerManagerImpl cm, ContainerId cid, Resource capability) throws Exception {
    UserGroupInformation user = UserGroupInformation.createRemoteUser(cid.getApplicationAttemptId().toString());
    // construct container resource increase request
    final List<Token> increaseTokens = new ArrayList<Token>();
    // add increase request
    Token containerToken = TestContainerManager.createContainerToken(cid, 0, context.getNodeId(), user.getShortUserName(), capability, context.getContainerTokenSecretManager(), null);
    increaseTokens.add(containerToken);
    final IncreaseContainersResourceRequest increaseRequest = IncreaseContainersResourceRequest.newInstance(increaseTokens);
    NMTokenIdentifier nmToken = new NMTokenIdentifier(cid.getApplicationAttemptId(), context.getNodeId(), user.getShortUserName(), context.getNMTokenSecretManager().getCurrentKey().getKeyId());
    user.addTokenIdentifier(nmToken);
    return user.doAs(new PrivilegedExceptionAction<IncreaseContainersResourceResponse>() {

        @Override
        public IncreaseContainersResourceResponse run() throws Exception {
            return cm.increaseContainersResource(increaseRequest);
        }
    });
}

Example 15 with NMTokenIdentifier

use of org.apache.hadoop.yarn.security.NMTokenIdentifier in project hadoop by apache.

the class TestContainerManagerRecovery method startContainer.

private StartContainersResponse startContainer(Context context, final ContainerManagerImpl cm, ContainerId cid, ContainerLaunchContext clc, LogAggregationContext logAggregationContext) throws Exception {
    UserGroupInformation user = UserGroupInformation.createRemoteUser(cid.getApplicationAttemptId().toString());
    StartContainerRequest scReq = StartContainerRequest.newInstance(clc, TestContainerManager.createContainerToken(cid, 0, context.getNodeId(), user.getShortUserName(), context.getContainerTokenSecretManager(), logAggregationContext));
    final List<StartContainerRequest> scReqList = new ArrayList<StartContainerRequest>();
    scReqList.add(scReq);
    NMTokenIdentifier nmToken = new NMTokenIdentifier(cid.getApplicationAttemptId(), context.getNodeId(), user.getShortUserName(), context.getNMTokenSecretManager().getCurrentKey().getKeyId());
    user.addTokenIdentifier(nmToken);
    return user.doAs(new PrivilegedExceptionAction<StartContainersResponse>() {

        @Override
        public StartContainersResponse run() throws Exception {
            return cm.startContainers(StartContainersRequest.newInstance(scReqList));
        }
    });
}