Examples with RMDelegationTokenSecretManager org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager used on opensource projects

Search in sources :

Example 1 with RMDelegationTokenSecretManager

use of org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager in project hadoop by apache.

the class TestClientRMTokens method createRMDelegationTokenSecretManager.

private static RMDelegationTokenSecretManager createRMDelegationTokenSecretManager(long secretKeyInterval, long tokenMaxLifetime, long tokenRenewInterval) {
    RMContext rmContext = mock(RMContext.class);
    when(rmContext.getStateStore()).thenReturn(new NullRMStateStore());
    RMDelegationTokenSecretManager rmDtSecretManager = new RMDelegationTokenSecretManager(secretKeyInterval, tokenMaxLifetime, tokenRenewInterval, 3600000, rmContext);
    return rmDtSecretManager;
}
Also used : RMDelegationTokenSecretManager(org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager) NullRMStateStore(org.apache.hadoop.yarn.server.resourcemanager.recovery.NullRMStateStore)

Example 2 with RMDelegationTokenSecretManager

use of org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager in project hadoop by apache.

the class TestClientRMTokens method checkShortCircuitRenewCancel.

@SuppressWarnings("unchecked")
private void checkShortCircuitRenewCancel(InetSocketAddress rmAddr, InetSocketAddress serviceAddr, boolean shouldShortCircuit) throws IOException, InterruptedException {
    Configuration conf = new Configuration();
    conf.setClass(YarnConfiguration.IPC_RPC_IMPL, YarnBadRPC.class, YarnRPC.class);
    RMDelegationTokenSecretManager secretManager = mock(RMDelegationTokenSecretManager.class);
    RMDelegationTokenIdentifier.Renewer.setSecretManager(secretManager, rmAddr);
    RMDelegationTokenIdentifier ident = new RMDelegationTokenIdentifier(new Text("owner"), new Text("renewer"), null);
    Token<RMDelegationTokenIdentifier> token = new Token<RMDelegationTokenIdentifier>(ident, secretManager);
    SecurityUtil.setTokenService(token, serviceAddr);
    if (shouldShortCircuit) {
        token.renew(conf);
        verify(secretManager).renewToken(eq(token), eq("renewer"));
        reset(secretManager);
        token.cancel(conf);
        verify(secretManager).cancelToken(eq(token), eq("renewer"));
    } else {
        try {
            token.renew(conf);
            fail();
        } catch (RuntimeException e) {
            assertEquals("getProxy", e.getMessage());
        }
        verify(secretManager, never()).renewToken(any(Token.class), anyString());
        try {
            token.cancel(conf);
            fail();
        } catch (RuntimeException e) {
            assertEquals("getProxy", e.getMessage());
        }
        verify(secretManager, never()).cancelToken(any(Token.class), anyString());
    }
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration) RMDelegationTokenSecretManager(org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager) Text(org.apache.hadoop.io.Text) InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken) Token(org.apache.hadoop.security.token.Token) RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)

Example 3 with RMDelegationTokenSecretManager

use of org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager in project incubator-myriad by apache.

the class MyriadOperationsTest method generateRMContext.

private RMContext generateRMContext(AbstractYarnScheduler<FiCaSchedulerApp, FiCaSchedulerNode> scheduler) throws Exception {
    Configuration conf = new Configuration();
    MockRMContext context = null;
    Dispatcher dispatcher = new MockDispatcher();
    RMApplicationHistoryWriter rmApplicationHistoryWriter = new RMApplicationHistoryWriter();
    AMLivelinessMonitor amLivelinessMonitor = new AMLivelinessMonitor(dispatcher);
    AMLivelinessMonitor amFinishingMonitor = new AMLivelinessMonitor(dispatcher);
    RMDelegationTokenSecretManager delegationTokenSecretManager = new RMDelegationTokenSecretManager(1, 1, 1, 1, context);
    context = new MockRMContext();
    context.setStateStore(TestObjectFactory.getStateStore(conf, "tmp/myriad-operations-test"));
    context.setAmLivelinessMonitor(amLivelinessMonitor);
    context.setAmFinishingMonitor(amFinishingMonitor);
    context.setRMApplicationHistoryWriter(rmApplicationHistoryWriter);
    context.setRMDelegationTokenSecretManager(delegationTokenSecretManager);
    return context;
}
Also used : MockRMContext(org.apache.myriad.state.MockRMContext) Configuration(org.apache.hadoop.conf.Configuration) RMDelegationTokenSecretManager(org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager) AMLivelinessMonitor(org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.AMLivelinessMonitor) MockDispatcher(org.apache.myriad.state.MockDispatcher) RMApplicationHistoryWriter(org.apache.hadoop.yarn.server.resourcemanager.ahs.RMApplicationHistoryWriter) MockDispatcher(org.apache.myriad.state.MockDispatcher) Dispatcher(org.apache.hadoop.yarn.event.Dispatcher)

Example 4 with RMDelegationTokenSecretManager

use of org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager in project hadoop by apache.

the class TestTokenClientRMService method setupSecretManager.

@BeforeClass
public static void setupSecretManager() throws IOException {
    RMContext rmContext = mock(RMContext.class);
    when(rmContext.getStateStore()).thenReturn(new NullRMStateStore());
    dtsm = new RMDelegationTokenSecretManager(60000, 60000, 60000, 60000, rmContext);
    dtsm.startThreads();
    Configuration conf = new Configuration();
    conf.set("hadoop.security.authentication", "kerberos");
    conf.set("hadoop.security.auth_to_local", kerberosRule);
    UserGroupInformation.setConfiguration(conf);
}
Also used : RMDelegationTokenSecretManager(org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager) Configuration(org.apache.hadoop.conf.Configuration) NullRMStateStore(org.apache.hadoop.yarn.server.resourcemanager.recovery.NullRMStateStore) BeforeClass(org.junit.BeforeClass)

Example 5 with RMDelegationTokenSecretManager

use of org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager in project hadoop by apache.

the class TestClientRMTokens method testDelegationToken.

@Test
public void testDelegationToken() throws IOException, InterruptedException {
    final YarnConfiguration conf = new YarnConfiguration();
    conf.set(YarnConfiguration.RM_PRINCIPAL, "testuser/localhost@apache.org");
    conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    UserGroupInformation.setConfiguration(conf);
    ResourceScheduler scheduler = createMockScheduler(conf);
    long initialInterval = 10000l;
    long maxLifetime = 20000l;
    long renewInterval = 10000l;
    RMDelegationTokenSecretManager rmDtSecretManager = createRMDelegationTokenSecretManager(initialInterval, maxLifetime, renewInterval);
    rmDtSecretManager.startThreads();
    LOG.info("Creating DelegationTokenSecretManager with initialInterval: " + initialInterval + ", maxLifetime: " + maxLifetime + ", renewInterval: " + renewInterval);
    final ClientRMService clientRMService = new ClientRMServiceForTest(conf, scheduler, rmDtSecretManager);
    clientRMService.init(conf);
    clientRMService.start();
    ApplicationClientProtocol clientRMWithDT = null;
    try {
        // Create a user for the renewr and fake the authentication-method
        UserGroupInformation loggedInUser = UserGroupInformation.createRemoteUser("testrenewer@APACHE.ORG");
        Assert.assertEquals("testrenewer", loggedInUser.getShortUserName());
        // Default realm is APACHE.ORG
        loggedInUser.setAuthenticationMethod(AuthenticationMethod.KERBEROS);
        org.apache.hadoop.yarn.api.records.Token token = getDelegationToken(loggedInUser, clientRMService, loggedInUser.getShortUserName());
        long tokenFetchTime = System.currentTimeMillis();
        LOG.info("Got delegation token at: " + tokenFetchTime);
        // Now try talking to RMService using the delegation token
        clientRMWithDT = getClientRMProtocolWithDT(token, clientRMService.getBindAddress(), "loginuser1", conf);
        GetNewApplicationRequest request = Records.newRecord(GetNewApplicationRequest.class);
        try {
            clientRMWithDT.getNewApplication(request);
        } catch (IOException e) {
            fail("Unexpected exception" + e);
        } catch (YarnException e) {
            fail("Unexpected exception" + e);
        }
        // Renew after 50% of token age.
        while (System.currentTimeMillis() < tokenFetchTime + initialInterval / 2) {
            Thread.sleep(500l);
        }
        long nextExpTime = renewDelegationToken(loggedInUser, clientRMService, token);
        long renewalTime = System.currentTimeMillis();
        LOG.info("Renewed token at: " + renewalTime + ", NextExpiryTime: " + nextExpTime);
        // Wait for first expiry, but before renewed expiry.
        while (System.currentTimeMillis() > tokenFetchTime + initialInterval && System.currentTimeMillis() < nextExpTime) {
            Thread.sleep(500l);
        }
        Thread.sleep(50l);
        // Valid token because of renewal.
        try {
            clientRMWithDT.getNewApplication(request);
        } catch (IOException e) {
            fail("Unexpected exception" + e);
        } catch (YarnException e) {
            fail("Unexpected exception" + e);
        }
        // Wait for expiry.
        while (System.currentTimeMillis() < renewalTime + renewInterval) {
            Thread.sleep(500l);
        }
        Thread.sleep(50l);
        LOG.info("At time: " + System.currentTimeMillis() + ", token should be invalid");
        // Token should have expired.      
        try {
            clientRMWithDT.getNewApplication(request);
            fail("Should not have succeeded with an expired token");
        } catch (Exception e) {
            assertEquals(InvalidToken.class.getName(), e.getClass().getName());
            assertTrue(e.getMessage().contains("is expired"));
        }
        // Stop the existing proxy, start another.
        if (clientRMWithDT != null) {
            RPC.stopProxy(clientRMWithDT);
            clientRMWithDT = null;
        }
        token = getDelegationToken(loggedInUser, clientRMService, loggedInUser.getShortUserName());
        tokenFetchTime = System.currentTimeMillis();
        LOG.info("Got delegation token at: " + tokenFetchTime);
        // Now try talking to RMService using the delegation token
        clientRMWithDT = getClientRMProtocolWithDT(token, clientRMService.getBindAddress(), "loginuser2", conf);
        request = Records.newRecord(GetNewApplicationRequest.class);
        try {
            clientRMWithDT.getNewApplication(request);
        } catch (IOException e) {
            fail("Unexpected exception" + e);
        } catch (YarnException e) {
            fail("Unexpected exception" + e);
        }
        cancelDelegationToken(loggedInUser, clientRMService, token);
        if (clientRMWithDT != null) {
            RPC.stopProxy(clientRMWithDT);
            clientRMWithDT = null;
        }
        // Creating a new connection.
        clientRMWithDT = getClientRMProtocolWithDT(token, clientRMService.getBindAddress(), "loginuser2", conf);
        LOG.info("Cancelled delegation token at: " + System.currentTimeMillis());
        // Verify cancellation worked.
        try {
            clientRMWithDT.getNewApplication(request);
            fail("Should not have succeeded with a cancelled delegation token");
        } catch (IOException e) {
        } catch (YarnException e) {
        }
        // Stop the existing proxy, start another.
        if (clientRMWithDT != null) {
            RPC.stopProxy(clientRMWithDT);
            clientRMWithDT = null;
        }
        token = getDelegationToken(loggedInUser, clientRMService, loggedInUser.getShortUserName());
        byte[] tokenIdentifierContent = token.getIdentifier().array();
        RMDelegationTokenIdentifier tokenIdentifier = new RMDelegationTokenIdentifier();
        DataInputBuffer dib = new DataInputBuffer();
        dib.reset(tokenIdentifierContent, tokenIdentifierContent.length);
        tokenIdentifier.readFields(dib);
        // Construct new version RMDelegationTokenIdentifier with additional field
        RMDelegationTokenIdentifierForTest newVersionTokenIdentifier = new RMDelegationTokenIdentifierForTest(tokenIdentifier, "message");
        Token<RMDelegationTokenIdentifier> newRMDTtoken = new Token<RMDelegationTokenIdentifier>(newVersionTokenIdentifier, rmDtSecretManager);
        org.apache.hadoop.yarn.api.records.Token newToken = BuilderUtils.newDelegationToken(newRMDTtoken.getIdentifier(), newRMDTtoken.getKind().toString(), newRMDTtoken.getPassword(), newRMDTtoken.getService().toString());
        // Now try talking to RMService using the new version delegation token
        clientRMWithDT = getClientRMProtocolWithDT(newToken, clientRMService.getBindAddress(), "loginuser3", conf);
        request = Records.newRecord(GetNewApplicationRequest.class);
        try {
            clientRMWithDT.getNewApplication(request);
        } catch (IOException e) {
            fail("Unexpected exception" + e);
        } catch (YarnException e) {
            fail("Unexpected exception" + e);
        }
    } finally {
        rmDtSecretManager.stopThreads();
        // TODO PRECOMMIT Close proxies.
        if (clientRMWithDT != null) {
            RPC.stopProxy(clientRMWithDT);
        }
    }
}
Also used : InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken) Token(org.apache.hadoop.security.token.Token) IOException(java.io.IOException) RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier) ApplicationClientProtocol(org.apache.hadoop.yarn.api.ApplicationClientProtocol) YarnException(org.apache.hadoop.yarn.exceptions.YarnException) YarnException(org.apache.hadoop.yarn.exceptions.YarnException) IOException(java.io.IOException) GetNewApplicationRequest(org.apache.hadoop.yarn.api.protocolrecords.GetNewApplicationRequest) DataInputBuffer(org.apache.hadoop.io.DataInputBuffer) RMDelegationTokenSecretManager(org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager) YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration) ResourceScheduler(org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Aggregations

RMDelegationTokenSecretManager (org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager)5 Configuration (org.apache.hadoop.conf.Configuration)3 InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)2 Token (org.apache.hadoop.security.token.Token)2 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)2 RMDelegationTokenIdentifier (org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)2 NullRMStateStore (org.apache.hadoop.yarn.server.resourcemanager.recovery.NullRMStateStore)2 IOException (java.io.IOException)1 DataInputBuffer (org.apache.hadoop.io.DataInputBuffer)1 Text (org.apache.hadoop.io.Text)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 ApplicationClientProtocol (org.apache.hadoop.yarn.api.ApplicationClientProtocol)1 GetNewApplicationRequest (org.apache.hadoop.yarn.api.protocolrecords.GetNewApplicationRequest)1 Dispatcher (org.apache.hadoop.yarn.event.Dispatcher)1 YarnException (org.apache.hadoop.yarn.exceptions.YarnException)1 RMApplicationHistoryWriter (org.apache.hadoop.yarn.server.resourcemanager.ahs.RMApplicationHistoryWriter)1 AMLivelinessMonitor (org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.AMLivelinessMonitor)1 ResourceScheduler (org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler)1 MockDispatcher (org.apache.myriad.state.MockDispatcher)1 MockRMContext (org.apache.myriad.state.MockRMContext)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial