YARN-2971. RM uses conf instead of token service address to renew timeline delegation tokens (jeagles)
(cherry picked from commit af08425893
)
This commit is contained in:
parent
6146680955
commit
c0e14d546e
|
@ -485,6 +485,9 @@ Release 2.7.0 - UNRELEASED
|
||||||
YARN-3094. Reset timer for liveness monitors after RM recovery. (Jun Gong
|
YARN-3094. Reset timer for liveness monitors after RM recovery. (Jun Gong
|
||||||
via jianhe)
|
via jianhe)
|
||||||
|
|
||||||
|
YARN-2971. RM uses conf instead of token service address to renew timeline
|
||||||
|
delegation tokens (jeagles)
|
||||||
|
|
||||||
Release 2.6.0 - 2014-11-18
|
Release 2.6.0 - 2014-11-18
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -23,6 +23,7 @@ import java.io.IOException;
|
||||||
import java.lang.reflect.UndeclaredThrowableException;
|
import java.lang.reflect.UndeclaredThrowableException;
|
||||||
import java.net.ConnectException;
|
import java.net.ConnectException;
|
||||||
import java.net.HttpURLConnection;
|
import java.net.HttpURLConnection;
|
||||||
|
import java.net.InetSocketAddress;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.net.URLConnection;
|
import java.net.URLConnection;
|
||||||
|
@ -45,6 +46,7 @@ import org.apache.hadoop.classification.InterfaceAudience.Private;
|
||||||
import org.apache.hadoop.classification.InterfaceStability.Unstable;
|
import org.apache.hadoop.classification.InterfaceStability.Unstable;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
|
import org.apache.hadoop.security.SecurityUtil;
|
||||||
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
|
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
|
||||||
import org.apache.hadoop.security.ssl.SSLFactory;
|
import org.apache.hadoop.security.ssl.SSLFactory;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
|
@ -373,12 +375,14 @@ public class TimelineClientImpl extends TimelineClient {
|
||||||
== UserGroupInformation.AuthenticationMethod.PROXY;
|
== UserGroupInformation.AuthenticationMethod.PROXY;
|
||||||
final String doAsUser = isProxyAccess ?
|
final String doAsUser = isProxyAccess ?
|
||||||
UserGroupInformation.getCurrentUser().getShortUserName() : null;
|
UserGroupInformation.getCurrentUser().getShortUserName() : null;
|
||||||
|
boolean useHttps = YarnConfiguration.useHttps(this.getConfig());
|
||||||
|
final String scheme = useHttps ? "https" : "http";
|
||||||
|
final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT);
|
||||||
PrivilegedExceptionAction<Long> renewDTAction =
|
PrivilegedExceptionAction<Long> renewDTAction =
|
||||||
new PrivilegedExceptionAction<Long>() {
|
new PrivilegedExceptionAction<Long>() {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Long run()
|
public Long run() throws Exception {
|
||||||
throws Exception {
|
|
||||||
// If the timeline DT to renew is different than cached, replace it.
|
// If the timeline DT to renew is different than cached, replace it.
|
||||||
// Token to set every time for retry, because when exception happens,
|
// Token to set every time for retry, because when exception happens,
|
||||||
// DelegationTokenAuthenticatedURL will reset it to null;
|
// DelegationTokenAuthenticatedURL will reset it to null;
|
||||||
|
@ -388,8 +392,10 @@ public class TimelineClientImpl extends TimelineClient {
|
||||||
DelegationTokenAuthenticatedURL authUrl =
|
DelegationTokenAuthenticatedURL authUrl =
|
||||||
new DelegationTokenAuthenticatedURL(authenticator,
|
new DelegationTokenAuthenticatedURL(authenticator,
|
||||||
connConfigurator);
|
connConfigurator);
|
||||||
|
final URI serviceURI = new URI(scheme, null, address.getHostName(),
|
||||||
|
address.getPort(), RESOURCE_URI_STR, null, null);
|
||||||
return authUrl
|
return authUrl
|
||||||
.renewDelegationToken(resURI.toURL(), token, doAsUser);
|
.renewDelegationToken(serviceURI.toURL(), token, doAsUser);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
return (Long) operateDelegationToken(renewDTAction);
|
return (Long) operateDelegationToken(renewDTAction);
|
||||||
|
@ -405,12 +411,14 @@ public class TimelineClientImpl extends TimelineClient {
|
||||||
== UserGroupInformation.AuthenticationMethod.PROXY;
|
== UserGroupInformation.AuthenticationMethod.PROXY;
|
||||||
final String doAsUser = isProxyAccess ?
|
final String doAsUser = isProxyAccess ?
|
||||||
UserGroupInformation.getCurrentUser().getShortUserName() : null;
|
UserGroupInformation.getCurrentUser().getShortUserName() : null;
|
||||||
|
boolean useHttps = YarnConfiguration.useHttps(this.getConfig());
|
||||||
|
final String scheme = useHttps ? "https" : "http";
|
||||||
|
final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT);
|
||||||
PrivilegedExceptionAction<Void> cancelDTAction =
|
PrivilegedExceptionAction<Void> cancelDTAction =
|
||||||
new PrivilegedExceptionAction<Void>() {
|
new PrivilegedExceptionAction<Void>() {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Void run()
|
public Void run() throws Exception {
|
||||||
throws Exception {
|
|
||||||
// If the timeline DT to cancel is different than cached, replace it.
|
// If the timeline DT to cancel is different than cached, replace it.
|
||||||
// Token to set every time for retry, because when exception happens,
|
// Token to set every time for retry, because when exception happens,
|
||||||
// DelegationTokenAuthenticatedURL will reset it to null;
|
// DelegationTokenAuthenticatedURL will reset it to null;
|
||||||
|
@ -420,7 +428,9 @@ public class TimelineClientImpl extends TimelineClient {
|
||||||
DelegationTokenAuthenticatedURL authUrl =
|
DelegationTokenAuthenticatedURL authUrl =
|
||||||
new DelegationTokenAuthenticatedURL(authenticator,
|
new DelegationTokenAuthenticatedURL(authenticator,
|
||||||
connConfigurator);
|
connConfigurator);
|
||||||
authUrl.cancelDelegationToken(resURI.toURL(), token, doAsUser);
|
final URI serviceURI = new URI(scheme, null, address.getHostName(),
|
||||||
|
address.getPort(), RESOURCE_URI_STR, null, null);
|
||||||
|
authUrl.cancelDelegationToken(serviceURI.toURL(), token, doAsUser);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
|
@ -238,7 +238,10 @@ public class TestTimelineClient {
|
||||||
new TimelineDelegationTokenIdentifier(
|
new TimelineDelegationTokenIdentifier(
|
||||||
new Text("tester"), new Text("tester"), new Text("tester"));
|
new Text("tester"), new Text("tester"), new Text("tester"));
|
||||||
client.renewDelegationToken(
|
client.renewDelegationToken(
|
||||||
new Token<TimelineDelegationTokenIdentifier>(timelineDT, dtManager));
|
new Token<TimelineDelegationTokenIdentifier>(timelineDT.getBytes(),
|
||||||
|
dtManager.createPassword(timelineDT),
|
||||||
|
timelineDT.getKind(),
|
||||||
|
new Text("0.0.0.0:8188")));
|
||||||
assertFail();
|
assertFail();
|
||||||
} catch (RuntimeException ce) {
|
} catch (RuntimeException ce) {
|
||||||
assertException(client, ce);
|
assertException(client, ce);
|
||||||
|
@ -250,7 +253,10 @@ public class TestTimelineClient {
|
||||||
new TimelineDelegationTokenIdentifier(
|
new TimelineDelegationTokenIdentifier(
|
||||||
new Text("tester"), new Text("tester"), new Text("tester"));
|
new Text("tester"), new Text("tester"), new Text("tester"));
|
||||||
client.cancelDelegationToken(
|
client.cancelDelegationToken(
|
||||||
new Token<TimelineDelegationTokenIdentifier>(timelineDT, dtManager));
|
new Token<TimelineDelegationTokenIdentifier>(timelineDT.getBytes(),
|
||||||
|
dtManager.createPassword(timelineDT),
|
||||||
|
timelineDT.getKind(),
|
||||||
|
new Text("0.0.0.0:8188")));
|
||||||
assertFail();
|
assertFail();
|
||||||
} catch (RuntimeException ce) {
|
} catch (RuntimeException ce) {
|
||||||
assertException(client, ce);
|
assertException(client, ce);
|
||||||
|
@ -371,5 +377,9 @@ public class TestTimelineClient {
|
||||||
return new TimelineDelegationTokenIdentifier();
|
return new TimelineDelegationTokenIdentifier();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public synchronized byte[] createPassword(TimelineDelegationTokenIdentifier identifier) {
|
||||||
|
return super.createPassword(identifier);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue