Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

YARN-5309. Fix SSLFactory truststore reloader thread leak in TimelineClientImpl. Contributed by Weiwei Yang.

This commit is contained in:
Varun Vasudev 2016-07-20 13:06:31 +05:30
parent a6798991f0
commit 1b8641a3c3
3 changed files with 75 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/pom.xml
View File

@ -142,6 +142,11 @@
<artifactId>junit</artifactId> <artifactId>junit</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<scope>test</scope>
</dependency>
<dependency> <dependency>
<groupId>com.sun.jersey.jersey-test-framework</groupId> <groupId>com.sun.jersey.jersey-test-framework</groupId>
<artifactId>jersey-test-framework-grizzly2</artifactId> <artifactId>jersey-test-framework-grizzly2</artifactId>

26
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java
View File

@ -111,6 +111,7 @@ public class TimelineClientImpl extends TimelineClient {
private URI resURI; private URI resURI;
private UserGroupInformation authUgi; private UserGroupInformation authUgi;
private String doAsUser; private String doAsUser;
private SSLFactory sslFactory;
@Private @Private
@VisibleForTesting @VisibleForTesting
@ -266,7 +267,7 @@ public class TimelineClientImpl extends TimelineClient {
} }
ClientConfig cc = new DefaultClientConfig(); ClientConfig cc = new DefaultClientConfig();
cc.getClasses().add(YarnJacksonJaxbJsonProvider.class); cc.getClasses().add(YarnJacksonJaxbJsonProvider.class);
connConfigurator = newConnConfigurator(conf); connConfigurator = initConnConfigurator(conf);
if (UserGroupInformation.isSecurityEnabled()) { if (UserGroupInformation.isSecurityEnabled()) {
authenticator = new KerberosDelegationTokenAuthenticator(); authenticator = new KerberosDelegationTokenAuthenticator();
} else { } else {
@ -297,6 +298,14 @@ public class TimelineClientImpl extends TimelineClient {
super.serviceInit(conf); super.serviceInit(conf);
} }
@Override
protected void serviceStop() throws Exception {
if (this.sslFactory != null) {
this.sslFactory.destroy();
}
super.serviceStop();
}
@Override @Override
public TimelinePutResponse putEntities( public TimelinePutResponse putEntities(
TimelineEntity... entities) throws IOException, YarnException { TimelineEntity... entities) throws IOException, YarnException {
@ -502,9 +511,9 @@ public class TimelineClientImpl extends TimelineClient {
} }
private static ConnectionConfigurator newConnConfigurator(Configuration conf) { private ConnectionConfigurator initConnConfigurator(Configuration conf) {
try { try {
return newSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf); return initSslConnConfigurator(DEFAULT_SOCKET_TIMEOUT, conf);
} catch (Exception e) { } catch (Exception e) {
LOG.debug("Cannot load customized ssl related configuration. " + LOG.debug("Cannot load customized ssl related configuration. " +
"Fallback to system-generic settings.", e); "Fallback to system-generic settings.", e);
@ -522,16 +531,15 @@ public class TimelineClientImpl extends TimelineClient {
} }
}; };
private static ConnectionConfigurator newSslConnConfigurator(final int timeout, private ConnectionConfigurator initSslConnConfigurator(final int timeout,
Configuration conf) throws IOException, GeneralSecurityException { Configuration conf) throws IOException, GeneralSecurityException {
final SSLFactory factory;
final SSLSocketFactory sf; final SSLSocketFactory sf;
final HostnameVerifier hv; final HostnameVerifier hv;
factory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf);
factory.init(); sslFactory.init();
sf = factory.createSSLSocketFactory(); sf = sslFactory.createSSLSocketFactory();
hv = factory.getHostnameVerifier(); hv = sslFactory.getHostnameVerifier();
return new ConnectionConfigurator() { return new ConnectionConfigurator() {
@Override @Override

53
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java
View File

@ -25,11 +25,14 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy; import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import java.io.File;
import java.net.ConnectException; import java.net.ConnectException;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager; import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.yarn.api.records.timeline.TimelineDomain; import org.apache.hadoop.yarn.api.records.timeline.TimelineDomain;
@ -52,9 +55,15 @@ import com.sun.jersey.api.client.ClientResponse;
public class TestTimelineClient { public class TestTimelineClient {
private TimelineClientImpl client; private TimelineClientImpl client;
private static final File testDir = new File(
System.getProperty("test.build.data",
System.getProperty("java.io.tmpdir")),
"TestTimelineClient");
@Before @Before
public void setup() { public void setup() {
FileUtil.fullyDelete(testDir);
testDir.mkdirs();
YarnConfiguration conf = new YarnConfiguration(); YarnConfiguration conf = new YarnConfiguration();
conf.setBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED, true); conf.setBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED, true);
client = createTimelineClient(conf); client = createTimelineClient(conf);
@ -62,6 +71,7 @@ public class TestTimelineClient {
@After @After
public void tearDown() { public void tearDown() {
FileUtil.fullyDelete(testDir);
if (client != null) { if (client != null) {
client.stop(); client.stop();
} }
@ -365,6 +375,49 @@ public class TestTimelineClient {
return client; return client;
} }
@Test
public void testTimelineClientCleanup() throws Exception {
YarnConfiguration conf = new YarnConfiguration();
conf.setBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED, true);
conf.setInt(YarnConfiguration.TIMELINE_SERVICE_CLIENT_MAX_RETRIES, 0);
String sslConfDir =
KeyStoreTestUtil.getClasspathDir(TestTimelineClient.class);
KeyStoreTestUtil.setupSSLConfig(testDir.getAbsolutePath(),
sslConfDir, conf, false);
client = createTimelineClient(conf);
ThreadGroup threadGroup = Thread.currentThread().getThreadGroup();
while (threadGroup.getParent() != null) {
threadGroup = threadGroup.getParent();
}
Thread[] threads = new Thread[threadGroup.activeCount()];
threadGroup.enumerate(threads);
Thread reloaderThread = null;
for (Thread thread : threads) {
if ((thread.getName() != null)
&& (thread.getName().contains("Truststore reloader thread"))) {
reloaderThread = thread;
}
}
Assert.assertTrue("Reloader is not alive", reloaderThread.isAlive());
client.close();
boolean reloaderStillAlive = true;
for (int i = 0; i < 10; i++) {
reloaderStillAlive = reloaderThread.isAlive();
if (!reloaderStillAlive) {
break;
}
Thread.sleep(1000);
}
Assert.assertFalse("Reloader is still alive", reloaderStillAlive);
}
private static class TestTimlineDelegationTokenSecretManager extends private static class TestTimlineDelegationTokenSecretManager extends
AbstractDelegationTokenSecretManager<TimelineDelegationTokenIdentifier> { AbstractDelegationTokenSecretManager<TimelineDelegationTokenIdentifier> {