From a1fd04c4f472fdc0835f491a719220684ee1f255 Mon Sep 17 00:00:00 2001 From: Jason Lowe Date: Tue, 29 May 2018 14:43:17 -0500 Subject: [PATCH] YARN-8329. Docker client configuration can still be set incorrectly. Contributed by Shane Kumpf (cherry picked from commit 4827e9a9085b306bc379cb6e0b1fe4b92326edcd) --- .../yarn/util/DockerClientConfigHandler.java | 23 +++++++++++-------- .../TestDockerClientConfigHandler.java | 4 ++-- .../runtime/DockerLinuxContainerRuntime.java | 7 +++--- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/util/DockerClientConfigHandler.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/util/DockerClientConfigHandler.java index 5522cf4f6f2..8ec4deb2f3f 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/util/DockerClientConfigHandler.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/util/DockerClientConfigHandler.java @@ -154,14 +154,15 @@ public final class DockerClientConfigHandler { * @param outConfigFile the File to write the Docker client configuration to. * @param credentials the populated Credentials object. * @throws IOException if the write fails. + * @return true if a Docker credential is found in the supplied credentials. */ - public static void writeDockerCredentialsToPath(File outConfigFile, + public static boolean writeDockerCredentialsToPath(File outConfigFile, Credentials credentials) throws IOException { - ObjectMapper mapper = new ObjectMapper(); - ObjectNode rootNode = mapper.createObjectNode(); - ObjectNode registryUrlNode = mapper.createObjectNode(); boolean foundDockerCred = false; if (credentials.numberOfTokens() > 0) { + ObjectMapper mapper = new ObjectMapper(); + ObjectNode rootNode = mapper.createObjectNode(); + ObjectNode registryUrlNode = mapper.createObjectNode(); for (Token tk : credentials.getAllTokens()) { if (tk.getKind().equals(DockerCredentialTokenIdentifier.KIND)) { foundDockerCred = true; @@ -176,12 +177,14 @@ public final class DockerClientConfigHandler { } } } + if (foundDockerCred) { + rootNode.put(CONFIG_AUTHS_KEY, registryUrlNode); + String json = mapper.writerWithDefaultPrettyPrinter() + .writeValueAsString(rootNode); + FileUtils.writeStringToFile( + outConfigFile, json, StandardCharsets.UTF_8); + } } - if (foundDockerCred) { - rootNode.put(CONFIG_AUTHS_KEY, registryUrlNode); - String json = - mapper.writerWithDefaultPrettyPrinter().writeValueAsString(rootNode); - FileUtils.writeStringToFile(outConfigFile, json, StandardCharsets.UTF_8); - } + return foundDockerCred; } } \ No newline at end of file diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestDockerClientConfigHandler.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestDockerClientConfigHandler.java index c4cbe45542b..cfe5a455693 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestDockerClientConfigHandler.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestDockerClientConfigHandler.java @@ -116,8 +116,8 @@ public class TestDockerClientConfigHandler { Credentials credentials = DockerClientConfigHandler.readCredentialsFromConfigFile( new Path(file.toURI()), conf, APPLICATION_ID); - DockerClientConfigHandler.writeDockerCredentialsToPath(outFile, - credentials); + assertTrue(DockerClientConfigHandler.writeDockerCredentialsToPath(outFile, + credentials)); assertTrue(outFile.exists()); String fileContents = FileUtils.readFileToString(outFile); assertTrue(fileContents.contains("auths")); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java index be73b82677c..8c6622f0df0 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java @@ -1302,14 +1302,15 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { .getParent(); File dockerConfigPath = new File(nmPrivateDir + "/config.json"); try { - DockerClientConfigHandler - .writeDockerCredentialsToPath(dockerConfigPath, credentials); + if (DockerClientConfigHandler + .writeDockerCredentialsToPath(dockerConfigPath, credentials)) { + dockerRunCommand.setClientConfigDir(dockerConfigPath.getParent()); + } } catch (IOException e) { throw new ContainerExecutionException( "Unable to write Docker client credentials to " + dockerConfigPath); } - dockerRunCommand.setClientConfigDir(dockerConfigPath.getParent()); } } }