YARN-2971. RM uses conf instead of token service address to renew timeline delegation tokens (jeagles)

(cherry picked from commit af08425893)
This commit is contained in:
Jonathan Eagles 2015-02-09 17:56:05 -06:00
parent 6146680955
commit c0e14d546e
3 changed files with 31 additions and 8 deletions

View File

@ -485,6 +485,9 @@ Release 2.7.0 - UNRELEASED
YARN-3094. Reset timer for liveness monitors after RM recovery. (Jun Gong YARN-3094. Reset timer for liveness monitors after RM recovery. (Jun Gong
via jianhe) via jianhe)
YARN-2971. RM uses conf instead of token service address to renew timeline
delegation tokens (jeagles)
Release 2.6.0 - 2014-11-18 Release 2.6.0 - 2014-11-18
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -23,6 +23,7 @@ import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException; import java.lang.reflect.UndeclaredThrowableException;
import java.net.ConnectException; import java.net.ConnectException;
import java.net.HttpURLConnection; import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URI; import java.net.URI;
import java.net.URL; import java.net.URL;
import java.net.URLConnection; import java.net.URLConnection;
@ -45,6 +46,7 @@ import org.apache.hadoop.classification.InterfaceAudience.Private;
import org.apache.hadoop.classification.InterfaceStability.Unstable; import org.apache.hadoop.classification.InterfaceStability.Unstable;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator; import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
import org.apache.hadoop.security.ssl.SSLFactory; import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
@ -373,12 +375,14 @@ public class TimelineClientImpl extends TimelineClient {
== UserGroupInformation.AuthenticationMethod.PROXY; == UserGroupInformation.AuthenticationMethod.PROXY;
final String doAsUser = isProxyAccess ? final String doAsUser = isProxyAccess ?
UserGroupInformation.getCurrentUser().getShortUserName() : null; UserGroupInformation.getCurrentUser().getShortUserName() : null;
boolean useHttps = YarnConfiguration.useHttps(this.getConfig());
final String scheme = useHttps ? "https" : "http";
final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT);
PrivilegedExceptionAction<Long> renewDTAction = PrivilegedExceptionAction<Long> renewDTAction =
new PrivilegedExceptionAction<Long>() { new PrivilegedExceptionAction<Long>() {
@Override @Override
public Long run() public Long run() throws Exception {
throws Exception {
// If the timeline DT to renew is different than cached, replace it. // If the timeline DT to renew is different than cached, replace it.
// Token to set every time for retry, because when exception happens, // Token to set every time for retry, because when exception happens,
// DelegationTokenAuthenticatedURL will reset it to null; // DelegationTokenAuthenticatedURL will reset it to null;
@ -388,8 +392,10 @@ public class TimelineClientImpl extends TimelineClient {
DelegationTokenAuthenticatedURL authUrl = DelegationTokenAuthenticatedURL authUrl =
new DelegationTokenAuthenticatedURL(authenticator, new DelegationTokenAuthenticatedURL(authenticator,
connConfigurator); connConfigurator);
final URI serviceURI = new URI(scheme, null, address.getHostName(),
address.getPort(), RESOURCE_URI_STR, null, null);
return authUrl return authUrl
.renewDelegationToken(resURI.toURL(), token, doAsUser); .renewDelegationToken(serviceURI.toURL(), token, doAsUser);
} }
}; };
return (Long) operateDelegationToken(renewDTAction); return (Long) operateDelegationToken(renewDTAction);
@ -405,12 +411,14 @@ public class TimelineClientImpl extends TimelineClient {
== UserGroupInformation.AuthenticationMethod.PROXY; == UserGroupInformation.AuthenticationMethod.PROXY;
final String doAsUser = isProxyAccess ? final String doAsUser = isProxyAccess ?
UserGroupInformation.getCurrentUser().getShortUserName() : null; UserGroupInformation.getCurrentUser().getShortUserName() : null;
boolean useHttps = YarnConfiguration.useHttps(this.getConfig());
final String scheme = useHttps ? "https" : "http";
final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT);
PrivilegedExceptionAction<Void> cancelDTAction = PrivilegedExceptionAction<Void> cancelDTAction =
new PrivilegedExceptionAction<Void>() { new PrivilegedExceptionAction<Void>() {
@Override @Override
public Void run() public Void run() throws Exception {
throws Exception {
// If the timeline DT to cancel is different than cached, replace it. // If the timeline DT to cancel is different than cached, replace it.
// Token to set every time for retry, because when exception happens, // Token to set every time for retry, because when exception happens,
// DelegationTokenAuthenticatedURL will reset it to null; // DelegationTokenAuthenticatedURL will reset it to null;
@ -420,7 +428,9 @@ public class TimelineClientImpl extends TimelineClient {
DelegationTokenAuthenticatedURL authUrl = DelegationTokenAuthenticatedURL authUrl =
new DelegationTokenAuthenticatedURL(authenticator, new DelegationTokenAuthenticatedURL(authenticator,
connConfigurator); connConfigurator);
authUrl.cancelDelegationToken(resURI.toURL(), token, doAsUser); final URI serviceURI = new URI(scheme, null, address.getHostName(),
address.getPort(), RESOURCE_URI_STR, null, null);
authUrl.cancelDelegationToken(serviceURI.toURL(), token, doAsUser);
return null; return null;
} }
}; };

View File

@ -238,7 +238,10 @@ public class TestTimelineClient {
new TimelineDelegationTokenIdentifier( new TimelineDelegationTokenIdentifier(
new Text("tester"), new Text("tester"), new Text("tester")); new Text("tester"), new Text("tester"), new Text("tester"));
client.renewDelegationToken( client.renewDelegationToken(
new Token<TimelineDelegationTokenIdentifier>(timelineDT, dtManager)); new Token<TimelineDelegationTokenIdentifier>(timelineDT.getBytes(),
dtManager.createPassword(timelineDT),
timelineDT.getKind(),
new Text("0.0.0.0:8188")));
assertFail(); assertFail();
} catch (RuntimeException ce) { } catch (RuntimeException ce) {
assertException(client, ce); assertException(client, ce);
@ -250,7 +253,10 @@ public class TestTimelineClient {
new TimelineDelegationTokenIdentifier( new TimelineDelegationTokenIdentifier(
new Text("tester"), new Text("tester"), new Text("tester")); new Text("tester"), new Text("tester"), new Text("tester"));
client.cancelDelegationToken( client.cancelDelegationToken(
new Token<TimelineDelegationTokenIdentifier>(timelineDT, dtManager)); new Token<TimelineDelegationTokenIdentifier>(timelineDT.getBytes(),
dtManager.createPassword(timelineDT),
timelineDT.getKind(),
new Text("0.0.0.0:8188")));
assertFail(); assertFail();
} catch (RuntimeException ce) { } catch (RuntimeException ce) {
assertException(client, ce); assertException(client, ce);
@ -371,5 +377,9 @@ public class TestTimelineClient {
return new TimelineDelegationTokenIdentifier(); return new TimelineDelegationTokenIdentifier();
} }
@Override
public synchronized byte[] createPassword(TimelineDelegationTokenIdentifier identifier) {
return super.createPassword(identifier);
}
} }
} }