From ed5a0d0aa836749be37dac287cedd6fe1641e28b Mon Sep 17 00:00:00 2001 From: Jian He Date: Thu, 15 Jan 2015 11:07:43 -0800 Subject: [PATCH] YARN-2861. Fixed Timeline DT secret manager to not reuse RM's configs. Contributed by Zhijie Shen (cherry picked from commit 9e33116d1d8944a393937337b3963e192b9c74d1) --- hadoop-yarn-project/CHANGES.txt | 3 ++ .../hadoop/yarn/conf/YarnConfiguration.java | 28 ++++++++++++++----- ...neDelegationTokenSecretManagerService.java | 12 ++++---- .../RMSecretManagerService.java | 12 ++++---- 4 files changed, 36 insertions(+), 19 deletions(-) diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index 92dc3bd3970..615d382a8b1 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -337,6 +337,9 @@ Release 2.7.0 - UNRELEASED YARN-2637. Fixed max-am-resource-percent calculation in CapacityScheduler when activating applications. (Craig Welch via jianhe) + YARN-2861. Fixed Timeline DT secret manager to not reuse RM's configs. + (Zhijie Shen via jianhe) + Release 2.6.0 - 2014-11-18 INCOMPATIBLE CHANGES diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java index b9b854c29b6..f4e76820643 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java @@ -356,18 +356,18 @@ public class YarnConfiguration extends Configuration { public static final int DEFAULT_RM_SYSTEM_METRICS_PUBLISHER_DISPATCHER_POOL_SIZE = 10; - //Delegation token related keys - public static final String DELEGATION_KEY_UPDATE_INTERVAL_KEY = + //RM delegation token related keys + public static final String RM_DELEGATION_KEY_UPDATE_INTERVAL_KEY = RM_PREFIX + "delegation.key.update-interval"; - public static final long DELEGATION_KEY_UPDATE_INTERVAL_DEFAULT = + public static final long RM_DELEGATION_KEY_UPDATE_INTERVAL_DEFAULT = 24*60*60*1000; // 1 day - public static final String DELEGATION_TOKEN_RENEW_INTERVAL_KEY = + public static final String RM_DELEGATION_TOKEN_RENEW_INTERVAL_KEY = RM_PREFIX + "delegation.token.renew-interval"; - public static final long DELEGATION_TOKEN_RENEW_INTERVAL_DEFAULT = + public static final long RM_DELEGATION_TOKEN_RENEW_INTERVAL_DEFAULT = 24*60*60*1000; // 1 day - public static final String DELEGATION_TOKEN_MAX_LIFETIME_KEY = + public static final String RM_DELEGATION_TOKEN_MAX_LIFETIME_KEY = RM_PREFIX + "delegation.token.max-lifetime"; - public static final long DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT = + public static final long RM_DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT = 7*24*60*60*1000; // 7 days public static final String RECOVERY_ENABLED = RM_PREFIX + "recovery.enabled"; @@ -1382,6 +1382,20 @@ public class YarnConfiguration extends Configuration { public static final String TIMELINE_SERVICE_LEVELDB_STATE_STORE_PATH = TIMELINE_SERVICE_LEVELDB_STATE_STORE_PREFIX + "path"; + // Timeline delegation token related keys + public static final String TIMELINE_DELEGATION_KEY_UPDATE_INTERVAL = + TIMELINE_SERVICE_PREFIX + "delegation.key.update-interval"; + public static final long DEFAULT_TIMELINE_DELEGATION_KEY_UPDATE_INTERVAL = + 24*60*60*1000; // 1 day + public static final String TIMELINE_DELEGATION_TOKEN_RENEW_INTERVAL = + TIMELINE_SERVICE_PREFIX + "delegation.token.renew-interval"; + public static final long DEFAULT_TIMELINE_DELEGATION_TOKEN_RENEW_INTERVAL = + 24*60*60*1000; // 1 day + public static final String TIMELINE_DELEGATION_TOKEN_MAX_LIFETIME = + TIMELINE_SERVICE_PREFIX + "delegation.token.max-lifetime"; + public static final long DEFAULT_TIMELINE_DELEGATION_TOKEN_MAX_LIFETIME = + 7*24*60*60*1000; // 7 days + // /////////////////////////////// // Shared Cache Configs // /////////////////////////////// diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineDelegationTokenSecretManagerService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineDelegationTokenSecretManagerService.java index 261a3354310..c940eea7037 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineDelegationTokenSecretManagerService.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineDelegationTokenSecretManagerService.java @@ -60,14 +60,14 @@ public class TimelineDelegationTokenSecretManagerService extends } long secretKeyInterval = - conf.getLong(YarnConfiguration.DELEGATION_KEY_UPDATE_INTERVAL_KEY, - YarnConfiguration.DELEGATION_KEY_UPDATE_INTERVAL_DEFAULT); + conf.getLong(YarnConfiguration.TIMELINE_DELEGATION_KEY_UPDATE_INTERVAL, + YarnConfiguration.DEFAULT_TIMELINE_DELEGATION_KEY_UPDATE_INTERVAL); long tokenMaxLifetime = - conf.getLong(YarnConfiguration.DELEGATION_TOKEN_MAX_LIFETIME_KEY, - YarnConfiguration.DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT); + conf.getLong(YarnConfiguration.TIMELINE_DELEGATION_TOKEN_MAX_LIFETIME, + YarnConfiguration.DEFAULT_TIMELINE_DELEGATION_TOKEN_MAX_LIFETIME); long tokenRenewInterval = - conf.getLong(YarnConfiguration.DELEGATION_TOKEN_RENEW_INTERVAL_KEY, - YarnConfiguration.DELEGATION_TOKEN_RENEW_INTERVAL_DEFAULT); + conf.getLong(YarnConfiguration.TIMELINE_DELEGATION_TOKEN_RENEW_INTERVAL, + YarnConfiguration.DEFAULT_TIMELINE_DELEGATION_TOKEN_RENEW_INTERVAL); secretManager = new TimelineDelegationTokenSecretManager(secretKeyInterval, tokenMaxLifetime, tokenRenewInterval, 3600000, stateStore); super.init(conf); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMSecretManagerService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMSecretManagerService.java index d0d7d16a276..f7fb7e631e8 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMSecretManagerService.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMSecretManagerService.java @@ -127,14 +127,14 @@ public class RMSecretManagerService extends AbstractService { protected RMDelegationTokenSecretManager createRMDelegationTokenSecretManager( Configuration conf, RMContext rmContext) { long secretKeyInterval = - conf.getLong(YarnConfiguration.DELEGATION_KEY_UPDATE_INTERVAL_KEY, - YarnConfiguration.DELEGATION_KEY_UPDATE_INTERVAL_DEFAULT); + conf.getLong(YarnConfiguration.RM_DELEGATION_KEY_UPDATE_INTERVAL_KEY, + YarnConfiguration.RM_DELEGATION_KEY_UPDATE_INTERVAL_DEFAULT); long tokenMaxLifetime = - conf.getLong(YarnConfiguration.DELEGATION_TOKEN_MAX_LIFETIME_KEY, - YarnConfiguration.DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT); + conf.getLong(YarnConfiguration.RM_DELEGATION_TOKEN_MAX_LIFETIME_KEY, + YarnConfiguration.RM_DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT); long tokenRenewInterval = - conf.getLong(YarnConfiguration.DELEGATION_TOKEN_RENEW_INTERVAL_KEY, - YarnConfiguration.DELEGATION_TOKEN_RENEW_INTERVAL_DEFAULT); + conf.getLong(YarnConfiguration.RM_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, + YarnConfiguration.RM_DELEGATION_TOKEN_RENEW_INTERVAL_DEFAULT); return new RMDelegationTokenSecretManager(secretKeyInterval, tokenMaxLifetime, tokenRenewInterval, 3600000, rmContext);