Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

YARN-1573. ZK store should use a private password for root-node-acls. (kasha) 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1560595 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Karthik Kambatla 2014-01-23 06:26:23 +00:00
parent 139b3a2ac4
commit b650f912ad
3 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-yarn-project/CHANGES.txt
View File

@ -216,6 +216,9 @@ Release 2.4.0 - UNRELEASED
YARN-1623. Include queue name in RegisterApplicationMasterResponse (Sandy YARN-1623. Include queue name in RegisterApplicationMasterResponse (Sandy
Ryza) Ryza)
YARN-1573. ZK store should use a private password for root-node-acls.
(kasha).
OPTIMIZATIONS OPTIMIZATIONS
BUG FIXES BUG FIXES

2
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
View File

@ -357,7 +357,7 @@
By default, when this property is not set, we use the ACLs from By default, when this property is not set, we use the ACLs from
yarn.resourcemanager.zk-acl for shared admin access and yarn.resourcemanager.zk-acl for shared admin access and
rm-address:cluster-timestamp for username-based exclusive create-delete rm-address:random-number for username-based exclusive create-delete
access. access.
This property allows users to set ACLs of their choice instead of using This property allows users to set ACLs of their choice instead of using

9
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/recovery/ZKRMStateStore.java
View File

@ -24,6 +24,7 @@ import java.io.DataInputStream;
import java.io.DataOutputStream; import java.io.DataOutputStream;
import java.io.IOException; import java.io.IOException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
@ -47,7 +48,6 @@ import org.apache.hadoop.yarn.proto.YarnServerResourceManagerServiceProtos.Appli
import org.apache.hadoop.yarn.proto.YarnServerResourceManagerServiceProtos.ApplicationStateDataProto; import org.apache.hadoop.yarn.proto.YarnServerResourceManagerServiceProtos.ApplicationStateDataProto;
import org.apache.hadoop.yarn.proto.YarnServerResourceManagerServiceProtos.RMStateVersionProto; import org.apache.hadoop.yarn.proto.YarnServerResourceManagerServiceProtos.RMStateVersionProto;
import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier; import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
import org.apache.hadoop.yarn.server.resourcemanager.ResourceManager;
import org.apache.hadoop.yarn.server.resourcemanager.recovery.records.RMStateVersion; import org.apache.hadoop.yarn.server.resourcemanager.recovery.records.RMStateVersion;
import org.apache.hadoop.yarn.server.resourcemanager.recovery.records.impl.pb.ApplicationAttemptStateDataPBImpl; import org.apache.hadoop.yarn.server.resourcemanager.recovery.records.impl.pb.ApplicationAttemptStateDataPBImpl;
import org.apache.hadoop.yarn.server.resourcemanager.recovery.records.impl.pb.ApplicationStateDataPBImpl; import org.apache.hadoop.yarn.server.resourcemanager.recovery.records.impl.pb.ApplicationStateDataPBImpl;
@ -74,6 +74,7 @@ import com.google.common.annotations.VisibleForTesting;
public class ZKRMStateStore extends RMStateStore { public class ZKRMStateStore extends RMStateStore {
public static final Log LOG = LogFactory.getLog(ZKRMStateStore.class); public static final Log LOG = LogFactory.getLog(ZKRMStateStore.class);
private final SecureRandom random = new SecureRandom();
protected static final String ROOT_ZNODE_NAME = "ZKRMStateRoot"; protected static final String ROOT_ZNODE_NAME = "ZKRMStateRoot";
protected static final RMStateVersion CURRENT_VERSION_INFO = RMStateVersion protected static final RMStateVersion CURRENT_VERSION_INFO = RMStateVersion
@ -136,6 +137,8 @@ public class ZKRMStateStore extends RMStateStore {
private String fencingNodePath; private String fencingNodePath;
private Op createFencingNodePathOp; private Op createFencingNodePathOp;
private Op deleteFencingNodePathOp; private Op deleteFencingNodePathOp;
private String zkRootNodeUsername;
private final String zkRootNodePassword = Long.toString(random.nextLong());
@VisibleForTesting @VisibleForTesting
List<ACL> zkRootNodeAcl; List<ACL> zkRootNodeAcl;
@ -145,9 +148,6 @@ public class ZKRMStateStore extends RMStateStore {
private final String zkRootNodeAuthScheme = private final String zkRootNodeAuthScheme =
new DigestAuthenticationProvider().getScheme(); new DigestAuthenticationProvider().getScheme();
private String zkRootNodeUsername;
private String zkRootNodePassword;
/** /**
* Given the {@link Configuration} and {@link ACL}s used (zkAcl) for * Given the {@link Configuration} and {@link ACL}s used (zkAcl) for
* ZooKeeper access, construct the {@link ACL}s for the store's root node. * ZooKeeper access, construct the {@link ACL}s for the store's root node.
@ -172,7 +172,6 @@ public class ZKRMStateStore extends RMStateStore {
zkRootNodeUsername = HAUtil.getConfValueForRMInstance( zkRootNodeUsername = HAUtil.getConfValueForRMInstance(
YarnConfiguration.RM_ADDRESS, YarnConfiguration.RM_ADDRESS,
YarnConfiguration.DEFAULT_RM_ADDRESS, conf); YarnConfiguration.DEFAULT_RM_ADDRESS, conf);
zkRootNodePassword = Long.toString(ResourceManager.getClusterTimeStamp());
Id rmId = new Id(zkRootNodeAuthScheme, Id rmId = new Id(zkRootNodeAuthScheme,
DigestAuthenticationProvider.generateDigest( DigestAuthenticationProvider.generateDigest(
zkRootNodeUsername + ":" + zkRootNodePassword)); zkRootNodeUsername + ":" + zkRootNodePassword));