diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index 3f04aa03ea8..bd0c29195c2 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -52,7 +52,10 @@ Release 2.7.2 - UNRELEASED YARN-4047. ClientRMService getApplications has high scheduler lock contention (Jason Lowe via jianhe) -Release 2.7.1 - 2015-07-06 + YARN-3857: Memory leak in ResourceManager with SIMPLE mode. + (mujunchao via zxu) + +Release 2.7.1 - 2015-07-06 INCOMPATIBLE CHANGES diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java index 9ed5c32c7e8..230bbeb736b 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java @@ -1308,9 +1308,11 @@ public class RMAppAttemptImpl implements RMAppAttempt, Recoverable { // register the ClientTokenMasterKey after it is saved in the store, // otherwise client may hold an invalid ClientToken after RM restarts. - appAttempt.rmContext.getClientToAMTokenSecretManager() - .registerApplication(appAttempt.getAppAttemptId(), - appAttempt.getClientTokenMasterKey()); + if (UserGroupInformation.isSecurityEnabled()) { + appAttempt.rmContext.getClientToAMTokenSecretManager() + .registerApplication(appAttempt.getAppAttemptId(), + appAttempt.getClientTokenMasterKey()); + } } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java index 4fbe2cea517..4047bd5731a 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java @@ -22,6 +22,7 @@ import java.util.HashMap; import java.util.Map; import javax.crypto.SecretKey; +import com.google.common.annotations.VisibleForTesting; import org.apache.hadoop.yarn.api.records.ApplicationAttemptId; import org.apache.hadoop.yarn.security.client.BaseClientToAMTokenSecretManager; @@ -61,4 +62,10 @@ public class ClientToAMTokenSecretManagerInRM extends ApplicationAttemptId applicationAttemptID) { return this.masterKeys.get(applicationAttemptID); } + + @VisibleForTesting + public synchronized boolean hasMasterKey( + ApplicationAttemptId applicationAttemptID) { + return this.masterKeys.containsKey(applicationAttemptID); + } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java index 9afb5a908de..c8b6bd07b88 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java @@ -1393,6 +1393,38 @@ public class TestRMAppAttemptTransitions { Assert.assertNull(token); } + // this is to test master key is saved in the secret manager only after + // attempt is launched and in secure-mode + @Test + public void testApplicationAttemptMasterKey() throws Exception { + Container amContainer = allocateApplicationAttempt(); + ApplicationAttemptId appid = applicationAttempt.getAppAttemptId(); + boolean isMasterKeyExisted = false; + + // before attempt is launched, can not get MasterKey + isMasterKeyExisted = clientToAMTokenManager.hasMasterKey(appid); + Assert.assertFalse(isMasterKeyExisted); + + launchApplicationAttempt(amContainer); + // after attempt is launched and in secure mode, can get MasterKey + isMasterKeyExisted = clientToAMTokenManager.hasMasterKey(appid); + if (isSecurityEnabled) { + Assert.assertTrue(isMasterKeyExisted); + Assert.assertNotNull(clientToAMTokenManager.getMasterKey(appid)); + } else { + Assert.assertFalse(isMasterKeyExisted); + } + + applicationAttempt.handle(new RMAppAttemptEvent(applicationAttempt + .getAppAttemptId(), RMAppAttemptEventType.KILL)); + assertEquals(YarnApplicationAttemptState.LAUNCHED, + applicationAttempt.createApplicationAttemptState()); + sendAttemptUpdateSavedEvent(applicationAttempt); + // after attempt is killed, can not get MasterKey + isMasterKeyExisted = clientToAMTokenManager.hasMasterKey(appid); + Assert.assertFalse(isMasterKeyExisted); + } + @Test public void testFailedToFailed() { // create a failed attempt.