diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/launcher/ContainerLauncherImpl.java b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/launcher/ContainerLauncherImpl.java index 459fd5666b4..b48348610ef 100644 --- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/launcher/ContainerLauncherImpl.java +++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/launcher/ContainerLauncherImpl.java @@ -350,15 +350,14 @@ public class ContainerLauncherImpl extends AbstractService implements final InetSocketAddress cmAddr = NetUtils.createSocketAddr(containerManagerBindAddr); - UserGroupInformation user = UserGroupInformation.getCurrentUser(); - if (UserGroupInformation.isSecurityEnabled()) { - Token token = - ProtoUtils.convertFromProtoFormat(containerToken, cmAddr); - // the user in createRemoteUser in this context has to be ContainerID - user = UserGroupInformation.createRemoteUser(containerID.toString()); - user.addToken(token); - } + // the user in createRemoteUser in this context has to be ContainerID + UserGroupInformation user = + UserGroupInformation.createRemoteUser(containerID.toString()); + + Token token = + ProtoUtils.convertFromProtoFormat(containerToken, cmAddr); + user.addToken(token); ContainerManager proxy = user .doAs(new PrivilegedAction() { diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index 73fb99acb49..b38277fff64 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -178,6 +178,10 @@ Release 2.0.5-beta - UNRELEASED asks an RM to shutdown/resync etc so that NMs can log this message locally for better debuggability. (Mayank Bansal via vinodkv) + YARN-617. Made ContainerTokens to be used for validation at NodeManager + also in unsecure mode to prevent AMs from faking resource requirements in + unsecure mode. (Omkar Vinit Joshi via vinodkv) + OPTIMIZATIONS BUG FIXES diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java index b5abecd08ce..85f5784ed42 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeManager.java @@ -135,13 +135,8 @@ public class NodeManager extends CompositeService conf.setBoolean(Dispatcher.DISPATCHER_EXIT_ON_ERROR_KEY, true); - // Create the secretManager if need be. - NMContainerTokenSecretManager containerTokenSecretManager = null; - if (UserGroupInformation.isSecurityEnabled()) { - LOG.info("Security is enabled on NodeManager. " - + "Creating ContainerTokenSecretManager"); - containerTokenSecretManager = new NMContainerTokenSecretManager(conf); - } + NMContainerTokenSecretManager containerTokenSecretManager = + new NMContainerTokenSecretManager(conf); this.context = createNMContext(containerTokenSecretManager); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeStatusUpdaterImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeStatusUpdaterImpl.java index 8b50fd80ca1..b33e7b3433e 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeStatusUpdaterImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/NodeStatusUpdaterImpl.java @@ -194,16 +194,12 @@ public class NodeStatusUpdaterImpl extends AbstractService implements throw new AvroRuntimeException(e); } } - - private boolean isSecurityEnabled() { - return UserGroupInformation.isSecurityEnabled(); - } @Private protected boolean isTokenKeepAliveEnabled(Configuration conf) { return conf.getBoolean(YarnConfiguration.LOG_AGGREGATION_ENABLED, YarnConfiguration.DEFAULT_LOG_AGGREGATION_ENABLED) - && isSecurityEnabled(); + && UserGroupInformation.isSecurityEnabled(); } protected ResourceTracker getRMClient() { @@ -303,16 +299,13 @@ public class NodeStatusUpdaterImpl extends AbstractService implements + message); } - if (UserGroupInformation.isSecurityEnabled()) { - MasterKey masterKey = regNMResponse.getMasterKey(); - // do this now so that its set before we start heartbeating to RM - LOG.info("Security enabled - updating secret keys now"); - // It is expected that status updater is started by this point and - // RM gives the shared secret in registration during - // StatusUpdater#start(). - if (masterKey != null) { - this.context.getContainerTokenSecretManager().setMasterKey(masterKey); - } + MasterKey masterKey = regNMResponse.getMasterKey(); + // do this now so that its set before we start heartbeating to RM + // It is expected that status updater is started by this point and + // RM gives the shared secret in registration during + // StatusUpdater#start(). + if (masterKey != null) { + this.context.getContainerTokenSecretManager().setMasterKey(masterKey); } LOG.info("Registered with ResourceManager as " + this.nodeId @@ -443,10 +436,8 @@ public class NodeStatusUpdaterImpl extends AbstractService implements NodeHeartbeatRequest request = recordFactory .newRecordInstance(NodeHeartbeatRequest.class); request.setNodeStatus(nodeStatus); - if (isSecurityEnabled()) { - request.setLastKnownMasterKey(NodeStatusUpdaterImpl.this.context - .getContainerTokenSecretManager().getCurrentKey()); - } + request.setLastKnownMasterKey(NodeStatusUpdaterImpl.this.context + .getContainerTokenSecretManager().getCurrentKey()); while (!isStopped) { try { rmRetryCount++; @@ -475,13 +466,11 @@ public class NodeStatusUpdaterImpl extends AbstractService implements //get next heartbeat interval from response nextHeartBeatInterval = response.getNextHeartBeatInterval(); // See if the master-key has rolled over - if (isSecurityEnabled()) { - MasterKey updatedMasterKey = response.getMasterKey(); - if (updatedMasterKey != null) { - // Will be non-null only on roll-over on RM side - context.getContainerTokenSecretManager().setMasterKey( - updatedMasterKey); - } + MasterKey updatedMasterKey = response.getMasterKey(); + if (updatedMasterKey != null) { + // Will be non-null only on roll-over on RM side + context.getContainerTokenSecretManager().setMasterKey( + updatedMasterKey); } if (response.getNodeAction() == NodeAction.SHUTDOWN) { diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java index 63cb07eb5d2..ce2a9cefca2 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java @@ -20,6 +20,8 @@ package org.apache.hadoop.yarn.server.nodemanager.containermanager; import static org.apache.hadoop.yarn.service.Service.STATE.STARTED; +import java.io.ByteArrayInputStream; +import java.io.DataInputStream; import java.io.IOException; import java.net.InetSocketAddress; import java.nio.ByteBuffer; @@ -29,9 +31,11 @@ import java.util.concurrent.atomic.AtomicBoolean; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.classification.InterfaceAudience.Private; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.io.DataInputByteBuffer; +import org.apache.hadoop.io.Text; import org.apache.hadoop.ipc.Server; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.security.Credentials; @@ -40,7 +44,6 @@ import org.apache.hadoop.security.authorize.PolicyProvider; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.util.StringUtils; -import org.apache.hadoop.yarn.YarnException; import org.apache.hadoop.yarn.api.ContainerManager; import org.apache.hadoop.yarn.api.protocolrecords.GetContainerStatusRequest; import org.apache.hadoop.yarn.api.protocolrecords.GetContainerStatusResponse; @@ -52,6 +55,7 @@ import org.apache.hadoop.yarn.api.records.ApplicationId; import org.apache.hadoop.yarn.api.records.ContainerId; import org.apache.hadoop.yarn.api.records.ContainerLaunchContext; import org.apache.hadoop.yarn.api.records.ContainerStatus; +import org.apache.hadoop.yarn.api.records.ContainerToken; import org.apache.hadoop.yarn.api.records.Resource; import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.event.AsyncDispatcher; @@ -102,6 +106,9 @@ import org.apache.hadoop.yarn.service.CompositeService; import org.apache.hadoop.yarn.service.Service; import org.apache.hadoop.yarn.service.ServiceStateChangeListener; +import com.google.common.annotations.VisibleForTesting; +import com.google.protobuf.RpcUtil; + public class ContainerManagerImpl extends CompositeService implements ServiceStateChangeListener, ContainerManager, EventHandler { @@ -300,6 +307,33 @@ public class ContainerManagerImpl extends CompositeService implements return resultId; } + @Private + @VisibleForTesting + protected ContainerTokenIdentifier getContainerTokenIdentifier( + UserGroupInformation remoteUgi, + org.apache.hadoop.yarn.api.records.Container container) + throws YarnRemoteException { + if (UserGroupInformation.isSecurityEnabled()) { + if (LOG.isDebugEnabled()) { + LOG.debug("Number of TokenIdentifiers in the UGI from RPC: " + + remoteUgi.getTokenIdentifiers().size()); + } + // Get the tokenId from the remote user ugi + return selectContainerTokenIdentifier(remoteUgi); + } else { + ContainerToken containerToken = container.getContainerToken(); + Token token = + new Token(containerToken.getIdentifier() + .array(), containerToken.getPassword().array(), new Text( + containerToken.getKind()), new Text(containerToken.getService())); + try { + return token.decodeIdentifier(); + } catch (IOException e) { + throw RPCUtil.getRemoteException(e); + } + } + } + /** * Authorize the request. * @@ -311,16 +345,14 @@ public class ContainerManagerImpl extends CompositeService implements * ugi corresponding to the remote end making the api-call * @throws YarnRemoteException */ - private void authorizeRequest(String containerIDStr, + @Private + @VisibleForTesting + protected void authorizeRequest(String containerIDStr, ContainerLaunchContext launchContext, org.apache.hadoop.yarn.api.records.Container container, - UserGroupInformation remoteUgi) + UserGroupInformation remoteUgi, ContainerTokenIdentifier tokenId) throws YarnRemoteException { - if (!UserGroupInformation.isSecurityEnabled()) { - return; - } - boolean unauthorized = false; StringBuilder messageBuilder = new StringBuilder("Unauthorized request to start container. "); @@ -332,37 +364,29 @@ public class ContainerManagerImpl extends CompositeService implements } else if (launchContext != null) { // Verify other things also for startContainer() request. - if (LOG.isDebugEnabled()) { - LOG.debug("Number of TokenIdentifiers in the UGI from RPC: " - + remoteUgi.getTokenIdentifiers().size()); - } - - // Get the tokenId from the remote user ugi - ContainerTokenIdentifier tokenId = - selectContainerTokenIdentifier(remoteUgi); if (tokenId == null) { unauthorized = true; messageBuilder - .append("\nContainerTokenIdentifier cannot be null! Null found for " - + containerIDStr); + .append("\nNo ContainerToken found for " + containerIDStr); } else { // Is the container coming in with correct user-name? - if (!tokenId.getApplicationSubmitter().equals(launchContext.getUser())) { + if (!launchContext.getUser().equals(tokenId.getApplicationSubmitter())) { unauthorized = true; messageBuilder.append("\n Expected user-name " + tokenId.getApplicationSubmitter() + " but found " + launchContext.getUser()); } + // Is the container being relaunched? Or RPC layer let startCall with // tokens generated off old-secret through? if (!this.context.getContainerTokenSecretManager() - .isValidStartContainerRequest(tokenId)) { + .isValidStartContainerRequest(tokenId.getContainerID())) { unauthorized = true; - messageBuilder.append("\n Attempt to relaunch the same " + - "container with id " + containerIDStr + "."); + messageBuilder.append("\n Attempt to relaunch the same " + + "container with id " + containerIDStr + "."); } // Ensure the token is not expired. @@ -375,7 +399,7 @@ public class ContainerManagerImpl extends CompositeService implements } Resource resource = tokenId.getResource(); - if (!resource.equals(container.getResource())) { + if (resource == null || !resource.equals(container.getResource())) { unauthorized = true; messageBuilder.append("\nExpected resource " + resource + " but found " + container.getResource()); @@ -411,7 +435,10 @@ public class ContainerManagerImpl extends CompositeService implements String containerIDStr = containerID.toString(); UserGroupInformation remoteUgi = getRemoteUgi(containerIDStr); - authorizeRequest(containerIDStr, launchContext, lauchContainer, remoteUgi); + ContainerTokenIdentifier tokenId = + getContainerTokenIdentifier(remoteUgi, lauchContainer); + authorizeRequest(containerIDStr, launchContext, lauchContainer, remoteUgi, + tokenId); // Is the container coming from unknown RM if (lauchContainer.getRMIdentifer() != nodeStatusUpdater @@ -476,13 +503,9 @@ public class ContainerManagerImpl extends CompositeService implements // TODO: Validate the request dispatcher.getEventHandler().handle( new ApplicationContainerInitEvent(container)); - if (UserGroupInformation.isSecurityEnabled()) { - ContainerTokenIdentifier tokenId = - selectContainerTokenIdentifier(remoteUgi); - this.context.getContainerTokenSecretManager().startContainerSuccessful( - tokenId); - } - + + this.context.getContainerTokenSecretManager().startContainerSuccessful( + tokenId); NMAuditLogger.logSuccess(launchContext.getUser(), AuditConstants.START_CONTAINER, "ContainerManageImpl", applicationID, containerID); @@ -511,12 +534,10 @@ public class ContainerManagerImpl extends CompositeService implements // TODO: Only the container's owner can kill containers today. UserGroupInformation remoteUgi = getRemoteUgi(containerIDStr); - authorizeRequest(containerIDStr, null, null, remoteUgi); - + Container container = this.context.getContainers().get(containerID); StopContainerResponse response = recordFactory.newRecordInstance(StopContainerResponse.class); - Container container = this.context.getContainers().get(containerID); if (container == null) { LOG.warn("Trying to stop unknown container " + containerID); NMAuditLogger.logFailure("UnknownUser", @@ -526,6 +547,8 @@ public class ContainerManagerImpl extends CompositeService implements containerID); return response; // Return immediately. } + authorizeRequest(containerIDStr, null, null, remoteUgi, + getContainerTokenIdentifier(remoteUgi, container.getContainer())); dispatcher.getEventHandler().handle( new ContainerKillEvent(containerID, @@ -554,21 +577,21 @@ public class ContainerManagerImpl extends CompositeService implements // TODO: Only the container's owner can get containers' status today. UserGroupInformation remoteUgi = getRemoteUgi(containerIDStr); - authorizeRequest(containerIDStr, null, null, remoteUgi); - LOG.info("Getting container-status for " + containerIDStr); Container container = this.context.getContainers().get(containerID); - if (container != null) { - ContainerStatus containerStatus = container.cloneAndGetContainerStatus(); - LOG.info("Returning " + containerStatus); - GetContainerStatusResponse response = recordFactory - .newRecordInstance(GetContainerStatusResponse.class); - response.setStatus(containerStatus); - return response; + if (container == null) { + throw RPCUtil.getRemoteException("Container " + containerIDStr + + " is not handled by this NodeManager"); } + authorizeRequest(containerIDStr, null, null, remoteUgi, + getContainerTokenIdentifier(remoteUgi, container.getContainer())); - throw RPCUtil.getRemoteException("Container " + containerIDStr - + " is not handled by this NodeManager"); + ContainerStatus containerStatus = container.cloneAndGetContainerStatus(); + LOG.info("Returning " + containerStatus); + GetContainerStatusResponse response = + recordFactory.newRecordInstance(GetContainerStatusResponse.class); + response.setStatus(containerStatus); + return response; } class ContainerEventDispatcher implements EventHandler { diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/application/ApplicationImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/application/ApplicationImpl.java index 4e4cf0a3e3c..e9dda5d9b7b 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/application/ApplicationImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/application/ApplicationImpl.java @@ -28,7 +28,6 @@ import java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.security.Credentials; -import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.yarn.api.records.ApplicationAccessType; import org.apache.hadoop.yarn.api.records.ApplicationId; import org.apache.hadoop.yarn.api.records.ContainerId; @@ -394,9 +393,8 @@ public class ApplicationImpl implements Application { public void transition(ApplicationImpl app, ApplicationEvent event) { // Inform the ContainerTokenSecretManager - if (UserGroupInformation.isSecurityEnabled()) { - app.context.getContainerTokenSecretManager().appFinished(app.appId); - } + app.context.getContainerTokenSecretManager().appFinished(app.appId); + // Inform the logService app.dispatcher.getEventHandler().handle( new LogHandlerAppFinishedEvent(app.appId)); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.java index bc70f26a07e..d704e7d4f93 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.java @@ -27,7 +27,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.classification.InterfaceAudience.Private; import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.yarn.api.records.ApplicationId; import org.apache.hadoop.yarn.api.records.ContainerId; @@ -35,6 +34,8 @@ import org.apache.hadoop.yarn.security.ContainerTokenIdentifier; import org.apache.hadoop.yarn.server.api.records.MasterKey; import org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager; +import com.google.common.annotations.VisibleForTesting; + /** * The NM maintains only two master-keys. The current key that RM knows and the * key from the previous rolling-interval. @@ -134,10 +135,6 @@ public class NMContainerTokenSecretManager extends */ public synchronized void startContainerSuccessful( ContainerTokenIdentifier tokenId) { - if (!UserGroupInformation.isSecurityEnabled()) { - return; - } - int keyId = tokenId.getMasterKeyId(); if (currentMasterKey.getMasterKey().getKeyId() == keyId) { addKeyForContainerId(tokenId.getContainerID(), currentMasterKey); @@ -154,8 +151,7 @@ public class NMContainerTokenSecretManager extends * via retrievePassword. */ public synchronized boolean isValidStartContainerRequest( - ContainerTokenIdentifier tokenId) { - ContainerId containerID = tokenId.getContainerID(); + ContainerId containerID) { ApplicationId applicationId = containerID.getApplicationAttemptId().getApplicationId(); return !this.oldMasterKeys.containsKey(applicationId) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/DummyContainerManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/DummyContainerManager.java index 3f74c29e18c..9512c237096 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/DummyContainerManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/DummyContainerManager.java @@ -26,7 +26,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.yarn.api.records.ContainerId; +import org.apache.hadoop.yarn.api.records.ContainerLaunchContext; +import org.apache.hadoop.yarn.exceptions.YarnRemoteException; +import org.apache.hadoop.yarn.security.ContainerTokenIdentifier; import org.apache.hadoop.yarn.server.nodemanager.containermanager.ContainerManagerImpl; import org.apache.hadoop.yarn.server.nodemanager.containermanager.application.Application; import org.apache.hadoop.yarn.server.nodemanager.containermanager.application.ApplicationEvent; @@ -173,4 +177,23 @@ public class DummyContainerManager extends ContainerManagerImpl { public void setBlockNewContainerRequests(boolean blockNewContainerRequests) { // do nothing } + + @Override + protected void authorizeRequest(String containerIDStr, + ContainerLaunchContext launchContext, + org.apache.hadoop.yarn.api.records.Container container, + UserGroupInformation remoteUgi, ContainerTokenIdentifier tokenId) + throws YarnRemoteException { + // do Nothing + } + + @Override + protected ContainerTokenIdentifier getContainerTokenIdentifier( + UserGroupInformation remoteUgi, + org.apache.hadoop.yarn.api.records.Container container) + throws YarnRemoteException { + return new ContainerTokenIdentifier(container.getId(), + container.getNodeHttpAddress(), remoteUgi.getUserName(), + container.getResource(), System.currentTimeMillis(), 123); + } } \ No newline at end of file diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/LocalRMInterface.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/LocalRMInterface.java index f68c400da29..87f8e231bf5 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/LocalRMInterface.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/LocalRMInterface.java @@ -20,6 +20,8 @@ package org.apache.hadoop.yarn.server.nodemanager; import java.io.IOException; +import java.nio.ByteBuffer; + import org.apache.hadoop.yarn.exceptions.YarnRemoteException; import org.apache.hadoop.yarn.factories.RecordFactory; import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider; @@ -28,6 +30,8 @@ import org.apache.hadoop.yarn.server.api.protocolrecords.NodeHeartbeatRequest; import org.apache.hadoop.yarn.server.api.protocolrecords.NodeHeartbeatResponse; import org.apache.hadoop.yarn.server.api.protocolrecords.RegisterNodeManagerRequest; import org.apache.hadoop.yarn.server.api.protocolrecords.RegisterNodeManagerResponse; +import org.apache.hadoop.yarn.server.api.records.MasterKey; +import org.apache.hadoop.yarn.server.api.records.impl.pb.MasterKeyPBImpl; public class LocalRMInterface implements ResourceTracker { @@ -38,6 +42,11 @@ public class LocalRMInterface implements ResourceTracker { RegisterNodeManagerRequest request) throws YarnRemoteException, IOException { RegisterNodeManagerResponse response = recordFactory.newRecordInstance(RegisterNodeManagerResponse.class); + MasterKey masterKey = new MasterKeyPBImpl(); + masterKey.setKeyId(123); + masterKey.setBytes(ByteBuffer.wrap(new byte[] { new Integer(123) + .byteValue() })); + response.setMasterKey(masterKey); return response; } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/MockNodeStatusUpdater.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/MockNodeStatusUpdater.java index ba18506dad5..4c96d2dbef5 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/MockNodeStatusUpdater.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/MockNodeStatusUpdater.java @@ -20,6 +20,8 @@ package org.apache.hadoop.yarn.server.nodemanager; import java.io.IOException; +import java.nio.ByteBuffer; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.yarn.event.Dispatcher; @@ -31,7 +33,9 @@ import org.apache.hadoop.yarn.server.api.protocolrecords.NodeHeartbeatRequest; import org.apache.hadoop.yarn.server.api.protocolrecords.NodeHeartbeatResponse; import org.apache.hadoop.yarn.server.api.protocolrecords.RegisterNodeManagerRequest; import org.apache.hadoop.yarn.server.api.protocolrecords.RegisterNodeManagerResponse; +import org.apache.hadoop.yarn.server.api.records.MasterKey; import org.apache.hadoop.yarn.server.api.records.NodeStatus; +import org.apache.hadoop.yarn.server.api.records.impl.pb.MasterKeyPBImpl; import org.apache.hadoop.yarn.server.nodemanager.metrics.NodeManagerMetrics; import org.apache.hadoop.yarn.server.utils.YarnServerBuilderUtils; @@ -67,6 +71,11 @@ public class MockNodeStatusUpdater extends NodeStatusUpdaterImpl { IOException { RegisterNodeManagerResponse response = recordFactory .newRecordInstance(RegisterNodeManagerResponse.class); + MasterKey masterKey = new MasterKeyPBImpl(); + masterKey.setKeyId(123); + masterKey.setBytes(ByteBuffer.wrap(new byte[] { new Integer(123) + .byteValue() })); + response.setMasterKey(masterKey); return response; } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestEventFlow.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestEventFlow.java index 4353d21d85c..5064f548248 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestEventFlow.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestEventFlow.java @@ -18,6 +18,9 @@ package org.apache.hadoop.yarn.server.nodemanager; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + import java.io.File; import java.io.IOException; @@ -45,7 +48,6 @@ import org.apache.hadoop.yarn.server.nodemanager.metrics.NodeManagerMetrics; import org.apache.hadoop.yarn.server.nodemanager.security.NMContainerTokenSecretManager; import org.apache.hadoop.yarn.server.security.ApplicationACLsManager; import org.junit.Test; -import static org.mockito.Mockito.*; public class TestEventFlow { @@ -75,6 +77,7 @@ public class TestEventFlow { remoteLogDir.mkdir(); YarnConfiguration conf = new YarnConfiguration(); + Context context = new NMContext(new NMContainerTokenSecretManager(conf)); conf.set(YarnConfiguration.NM_LOCAL_DIRS, localDir.getAbsolutePath()); @@ -112,6 +115,9 @@ public class TestEventFlow { DummyContainerManager containerManager = new DummyContainerManager(context, exec, del, nodeStatusUpdater, metrics, new ApplicationACLsManager(conf), dirsHandler); + nodeStatusUpdater.init(conf); + ((NMContext)context).setContainerManager(containerManager); + nodeStatusUpdater.start(); containerManager.init(conf); containerManager.start(); @@ -132,7 +138,6 @@ public class TestEventFlow { when(mockContainer.getResource()).thenReturn(recordFactory .newRecordInstance(Resource.class)); when(mockContainer.getRMIdentifer()).thenReturn(SIMULATED_RM_IDENTIFIER); - launchContext.setUser("testing"); StartContainerRequest request = recordFactory.newRecordInstance(StartContainerRequest.class); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerReboot.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerReboot.java index 1e4c1559102..896132ac6db 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerReboot.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerReboot.java @@ -18,10 +18,16 @@ package org.apache.hadoop.yarn.server.nodemanager; -import static org.mockito.Mockito.*; +import static org.mockito.Matchers.argThat; +import static org.mockito.Matchers.eq; +import static org.mockito.Matchers.isNull; +import static org.mockito.Mockito.spy; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; import java.io.File; import java.io.IOException; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -32,6 +38,8 @@ import org.apache.commons.logging.LogFactory; import org.apache.hadoop.fs.FileContext; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.UnsupportedFileSystemException; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.yarn.api.ContainerManager; import org.apache.hadoop.yarn.api.protocolrecords.GetContainerStatusRequest; import org.apache.hadoop.yarn.api.protocolrecords.StartContainerRequest; import org.apache.hadoop.yarn.api.records.ApplicationAttemptId; @@ -41,16 +49,17 @@ import org.apache.hadoop.yarn.api.records.ContainerLaunchContext; import org.apache.hadoop.yarn.api.records.LocalResource; import org.apache.hadoop.yarn.api.records.LocalResourceType; import org.apache.hadoop.yarn.api.records.LocalResourceVisibility; +import org.apache.hadoop.yarn.api.records.NodeId; import org.apache.hadoop.yarn.api.records.Resource; import org.apache.hadoop.yarn.api.records.URL; import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.event.Dispatcher; import org.apache.hadoop.yarn.exceptions.YarnRemoteException; -import org.apache.hadoop.yarn.server.nodemanager.containermanager.ContainerManagerImpl; import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container; import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.ContainerState; import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ContainerLocalizer; import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ResourceLocalizationService; +import org.apache.hadoop.yarn.util.BuilderUtils; import org.apache.hadoop.yarn.util.ConverterUtils; import org.apache.hadoop.yarn.util.Records; import org.junit.After; @@ -69,7 +78,6 @@ public class TestNodeManagerReboot { static final String user = System.getProperty("user.name"); private FileContext localFS; - private MyNodeManager nm; private DeletionService delService; static final Log LOG = LogFactory.getLog(TestNodeManagerReboot.class); @@ -87,23 +95,25 @@ public class TestNodeManagerReboot { } } - @Test(timeout = 20000) + @Test(timeout = 2000000) public void testClearLocalDirWhenNodeReboot() throws IOException, - YarnRemoteException { + YarnRemoteException, InterruptedException { nm = new MyNodeManager(); nm.start(); + + final ContainerManager containerManager = nm.getContainerManager(); + // create files under fileCache createFiles(nmLocalDir.getAbsolutePath(), ContainerLocalizer.FILECACHE, 100); localResourceDir.mkdirs(); - ContainerManagerImpl containerManager = nm.getContainerManager(); ContainerLaunchContext containerLaunchContext = Records.newRecord(ContainerLaunchContext.class); // Construct the Container-id ContainerId cId = createContainerId(); org.apache.hadoop.yarn.api.records.Container mockContainer = - mock(org.apache.hadoop.yarn.api.records.Container.class); - when(mockContainer.getId()).thenReturn(cId); + Records.newRecord(org.apache.hadoop.yarn.api.records.Container.class); + mockContainer.setId(cId); containerLaunchContext.setUser(user); @@ -123,17 +133,31 @@ public class TestNodeManagerReboot { new HashMap(); localResources.put(destinationFile, localResource); containerLaunchContext.setLocalResources(localResources); - containerLaunchContext.setUser(containerLaunchContext.getUser()); List commands = new ArrayList(); containerLaunchContext.setCommands(commands); Resource resource = Records.newRecord(Resource.class); resource.setMemory(1024); - when(mockContainer.getResource()).thenReturn(resource); - StartContainerRequest startRequest = + mockContainer.setResource(resource); + NodeId nodeId = BuilderUtils.newNodeId("127.0.0.1", 12345); + mockContainer.setContainerToken(nm.getNMContext() + .getContainerTokenSecretManager() + .createContainerToken(cId, nodeId, user, resource)); + mockContainer.setNodeHttpAddress("127.0.0.1"); + mockContainer.setNodeId(nodeId); + + final StartContainerRequest startRequest = Records.newRecord(StartContainerRequest.class); startRequest.setContainerLaunchContext(containerLaunchContext); startRequest.setContainer(mockContainer); - containerManager.startContainer(startRequest); + final UserGroupInformation currentUser = UserGroupInformation + .createRemoteUser(cId.toString()); + currentUser.doAs(new PrivilegedExceptionAction() { + @Override + public Void run() throws YarnRemoteException, IOException { + containerManager.startContainer(startRequest); + return null; + } + }); GetContainerStatusRequest request = Records.newRecord(GetContainerStatusRequest.class); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerShutdown.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerShutdown.java index cc33016d91c..3af3b7144e0 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerShutdown.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerShutdown.java @@ -18,15 +18,14 @@ package org.apache.hadoop.yarn.server.nodemanager; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - import java.io.BufferedReader; import java.io.BufferedWriter; import java.io.File; import java.io.FileReader; import java.io.FileWriter; import java.io.IOException; +import java.net.InetSocketAddress; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -34,9 +33,13 @@ import java.util.Map; import junit.framework.Assert; +import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FileContext; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.UnsupportedFileSystemException; +import org.apache.hadoop.net.NetUtils; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.yarn.api.ContainerManager; import org.apache.hadoop.yarn.api.protocolrecords.GetContainerStatusRequest; import org.apache.hadoop.yarn.api.protocolrecords.StartContainerRequest; import org.apache.hadoop.yarn.api.records.ApplicationAttemptId; @@ -46,18 +49,21 @@ import org.apache.hadoop.yarn.api.records.ContainerId; import org.apache.hadoop.yarn.api.records.ContainerLaunchContext; import org.apache.hadoop.yarn.api.records.ContainerState; import org.apache.hadoop.yarn.api.records.ContainerStatus; +import org.apache.hadoop.yarn.api.records.ContainerToken; import org.apache.hadoop.yarn.api.records.LocalResource; import org.apache.hadoop.yarn.api.records.LocalResourceType; import org.apache.hadoop.yarn.api.records.LocalResourceVisibility; import org.apache.hadoop.yarn.api.records.NodeId; import org.apache.hadoop.yarn.api.records.Resource; import org.apache.hadoop.yarn.api.records.URL; +import org.apache.hadoop.yarn.api.records.impl.pb.ContainerPBImpl; import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.event.Dispatcher; import org.apache.hadoop.yarn.exceptions.YarnRemoteException; import org.apache.hadoop.yarn.factories.RecordFactory; import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider; -import org.apache.hadoop.yarn.server.nodemanager.containermanager.ContainerManagerImpl; +import org.apache.hadoop.yarn.ipc.YarnRPC; +import org.apache.hadoop.yarn.server.api.records.MasterKey; import org.apache.hadoop.yarn.util.BuilderUtils; import org.apache.hadoop.yarn.util.ConverterUtils; import org.junit.After; @@ -96,7 +102,7 @@ public class TestNodeManagerShutdown { @Test public void testKillContainersOnShutdown() throws IOException, YarnRemoteException { - NodeManager nm = getNodeManager(); + NodeManager nm = new TestNodeManager(); nm.init(createNMConfig()); nm.start(); startContainer(nm, localFS, tmpDir, processStartFile); @@ -136,21 +142,20 @@ public class TestNodeManagerShutdown { public static void startContainer(NodeManager nm, FileContext localFS, File scriptFileDir, File processStartFile) throws IOException, YarnRemoteException { - ContainerManagerImpl containerManager = nm.getContainerManager(); File scriptFile = createUnhaltingScriptFile(scriptFileDir, processStartFile); ContainerLaunchContext containerLaunchContext = recordFactory.newRecordInstance(ContainerLaunchContext.class); - Container mockContainer = mock(Container.class); + Container mockContainer = new ContainerPBImpl(); // Construct the Container-id ContainerId cId = createContainerId(); - when(mockContainer.getId()).thenReturn(cId); + mockContainer.setId(cId); NodeId nodeId = BuilderUtils.newNodeId("localhost", 1234); - when(mockContainer.getNodeId()).thenReturn(nodeId); - when(mockContainer.getNodeHttpAddress()).thenReturn("localhost:12345"); - containerLaunchContext.setUser(user); + mockContainer.setNodeId(nodeId); + mockContainer.setNodeHttpAddress("localhost:12345"); + containerLaunchContext.setUser(cId.toString()); URL localResourceUri = ConverterUtils.getYarnUrlFromPath(localFS @@ -173,11 +178,28 @@ public class TestNodeManagerShutdown { commands.add(scriptFile.getAbsolutePath()); containerLaunchContext.setCommands(commands); Resource resource = BuilderUtils.newResource(1024, 1); - when(mockContainer.getResource()).thenReturn(resource); + mockContainer.setResource(resource); + mockContainer.setContainerToken(getContainerToken(nm, cId, nodeId, + cId.toString(), resource)); StartContainerRequest startRequest = recordFactory.newRecordInstance(StartContainerRequest.class); startRequest.setContainerLaunchContext(containerLaunchContext); startRequest.setContainer(mockContainer); + UserGroupInformation currentUser = UserGroupInformation + .createRemoteUser(cId.toString()); + + ContainerManager containerManager = + currentUser.doAs(new PrivilegedAction() { + @Override + public ContainerManager run() { + Configuration conf = new Configuration(); + YarnRPC rpc = YarnRPC.create(conf); + InetSocketAddress containerManagerBindAddress = + NetUtils.createSocketAddrForHost("127.0.0.1", 12345); + return (ContainerManager) rpc.getProxy(ContainerManager.class, + containerManagerBindAddress, conf); + } + }); containerManager.startContainer(startRequest); GetContainerStatusRequest request = @@ -233,16 +255,25 @@ public class TestNodeManagerShutdown { fileWriter.close(); return scriptFile; } - - private NodeManager getNodeManager() { - return new NodeManager() { - @Override - protected NodeStatusUpdater createNodeStatusUpdater(Context context, - Dispatcher dispatcher, NodeHealthCheckerService healthChecker) { - MockNodeStatusUpdater myNodeStatusUpdater = new MockNodeStatusUpdater( - context, dispatcher, healthChecker, metrics); - return myNodeStatusUpdater; - } - }; + + public static ContainerToken getContainerToken(NodeManager nm, + ContainerId containerId, NodeId nodeId, String user, Resource resource) { + return nm.getNMContext().getContainerTokenSecretManager() + .createContainerToken(containerId, nodeId, user, resource); } -} + + class TestNodeManager extends NodeManager { + + @Override + protected NodeStatusUpdater createNodeStatusUpdater(Context context, + Dispatcher dispatcher, NodeHealthCheckerService healthChecker) { + MockNodeStatusUpdater myNodeStatusUpdater = + new MockNodeStatusUpdater(context, dispatcher, healthChecker, metrics); + return myNodeStatusUpdater; + } + + public void setMasterKey(MasterKey masterKey) { + getNMContext().getContainerTokenSecretManager().setMasterKey(masterKey); + } + } +} \ No newline at end of file diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeStatusUpdater.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeStatusUpdater.java index f33d6f09956..74c938c4f66 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeStatusUpdater.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeStatusUpdater.java @@ -23,6 +23,7 @@ import static org.mockito.Mockito.when; import java.io.IOException; import java.net.InetSocketAddress; +import java.nio.ByteBuffer; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -42,7 +43,6 @@ import org.apache.hadoop.fs.Path; import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.yarn.YarnException; -import org.apache.hadoop.yarn.api.ContainerManager; import org.apache.hadoop.yarn.api.records.ApplicationAttemptId; import org.apache.hadoop.yarn.api.records.ApplicationId; import org.apache.hadoop.yarn.api.records.ContainerId; @@ -63,8 +63,10 @@ import org.apache.hadoop.yarn.server.api.protocolrecords.NodeHeartbeatRequest; import org.apache.hadoop.yarn.server.api.protocolrecords.NodeHeartbeatResponse; import org.apache.hadoop.yarn.server.api.protocolrecords.RegisterNodeManagerRequest; import org.apache.hadoop.yarn.server.api.protocolrecords.RegisterNodeManagerResponse; +import org.apache.hadoop.yarn.server.api.records.MasterKey; import org.apache.hadoop.yarn.server.api.records.NodeAction; import org.apache.hadoop.yarn.server.api.records.NodeStatus; +import org.apache.hadoop.yarn.server.api.records.impl.pb.MasterKeyPBImpl; import org.apache.hadoop.yarn.server.nodemanager.NodeManager.NMContext; import org.apache.hadoop.yarn.server.nodemanager.containermanager.ContainerManagerImpl; import org.apache.hadoop.yarn.server.nodemanager.containermanager.application.Application; @@ -95,7 +97,7 @@ public class TestNodeStatusUpdater { private static final RecordFactory recordFactory = RecordFactoryProvider .getRecordFactory(null); - int heartBeatID = 0; + volatile int heartBeatID = 0; volatile Throwable nmStartError = null; private final List registeredNodes = new ArrayList(); private final Configuration conf = createNMConfig(); @@ -113,6 +115,14 @@ public class TestNodeStatusUpdater { DefaultMetricsSystem.shutdown(); } + public static MasterKey createMasterKey() { + MasterKey masterKey = new MasterKeyPBImpl(); + masterKey.setKeyId(123); + masterKey.setBytes(ByteBuffer.wrap(new byte[] { new Integer(123) + .byteValue() })); + return masterKey; + } + private class MyResourceTracker implements ResourceTracker { private final Context context; @@ -137,6 +147,7 @@ public class TestNodeStatusUpdater { RegisterNodeManagerResponse response = recordFactory .newRecordInstance(RegisterNodeManagerResponse.class); + response.setMasterKey(createMasterKey()); return response; } @@ -398,6 +409,7 @@ public class TestNodeStatusUpdater { RegisterNodeManagerResponse response = recordFactory .newRecordInstance(RegisterNodeManagerResponse.class); response.setNodeAction(registerNodeAction ); + response.setMasterKey(createMasterKey()); response.setDiagnosticsMessage(shutDownMessage); return response; } @@ -435,6 +447,7 @@ public class TestNodeStatusUpdater { RegisterNodeManagerResponse response = recordFactory.newRecordInstance(RegisterNodeManagerResponse.class); response.setNodeAction(registerNodeAction); + response.setMasterKey(createMasterKey()); return response; } @@ -485,6 +498,7 @@ public class TestNodeStatusUpdater { RegisterNodeManagerResponse response = recordFactory .newRecordInstance(RegisterNodeManagerResponse.class); response.setNodeAction(registerNodeAction); + response.setMasterKey(createMasterKey()); return response; } @@ -577,6 +591,8 @@ public class TestNodeStatusUpdater { RegisterNodeManagerResponse response = recordFactory .newRecordInstance(RegisterNodeManagerResponse.class); response.setNodeAction(registerNodeAction ); + response.setMasterKey(createMasterKey()); + return response; } @@ -635,13 +651,13 @@ public class TestNodeStatusUpdater { + nm.getServiceState()); int waitCount = 0; - while (nm.getServiceState() == STATE.INITED && waitCount++ != 20) { + while (nm.getServiceState() == STATE.INITED && waitCount++ != 50) { LOG.info("Waiting for NM to start.."); if (nmStartError != null) { LOG.error("Error during startup. ", nmStartError); Assert.fail(nmStartError.getCause().getMessage()); } - Thread.sleep(1000); + Thread.sleep(2000); } if (nm.getServiceState() != STATE.STARTED) { // NM could have failed. @@ -686,7 +702,7 @@ public class TestNodeStatusUpdater { nm.start(); int waitCount = 0; - while (heartBeatID < 1 && waitCount++ != 20) { + while (heartBeatID < 1 && waitCount++ != 200) { Thread.sleep(500); } Assert.assertFalse(heartBeatID < 1); @@ -714,7 +730,7 @@ public class TestNodeStatusUpdater { nm.start(); int waitCount = 0; - while (heartBeatID < 1 && waitCount++ != 20) { + while (heartBeatID < 1 && waitCount++ != 200) { Thread.sleep(500); } Assert.assertFalse(heartBeatID < 1); @@ -751,9 +767,9 @@ public class TestNodeStatusUpdater { + "Message from ResourceManager: RM Shutting Down Node"); } - @Test (timeout = 15000) + @Test (timeout = 150000) public void testNMConnectionToRM() { - final long delta = 1500; + final long delta = 50000; final long connectionWaitSecs = 5; final long connectionRetryIntervalSecs = 1; //Waiting for rmStartIntervalMS, RM will be started @@ -891,7 +907,7 @@ public class TestNodeStatusUpdater { /** * Test completed containerStatus get back up when heart beat lost */ - @Test(timeout = 20000) + @Test(timeout = 200000) public void testCompletedContainerStatusBackup() throws Exception { nm = new NodeManager() { @Override @@ -925,7 +941,7 @@ public class TestNodeStatusUpdater { nm.stop(); } - @Test(timeout = 20000) + @Test(timeout = 200000) public void testNodeStatusUpdaterRetryAndNMShutdown() throws InterruptedException { final long connectionWaitSecs = 1; diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java index 102c77d2230..98d5868016d 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java @@ -29,10 +29,13 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FileContext; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.UnsupportedFileSystemException; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.yarn.api.ContainerManager; import org.apache.hadoop.yarn.api.protocolrecords.GetContainerStatusRequest; import org.apache.hadoop.yarn.api.records.ApplicationId; +import org.apache.hadoop.yarn.api.records.Container; import org.apache.hadoop.yarn.api.records.ContainerId; +import org.apache.hadoop.yarn.api.records.ContainerLaunchContext; import org.apache.hadoop.yarn.api.records.ContainerState; import org.apache.hadoop.yarn.api.records.ContainerStatus; import org.apache.hadoop.yarn.conf.YarnConfiguration; @@ -40,6 +43,7 @@ import org.apache.hadoop.yarn.event.AsyncDispatcher; import org.apache.hadoop.yarn.exceptions.YarnRemoteException; import org.apache.hadoop.yarn.factories.RecordFactory; import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider; +import org.apache.hadoop.yarn.security.ContainerTokenIdentifier; import org.apache.hadoop.yarn.server.api.ResourceTracker; import org.apache.hadoop.yarn.server.nodemanager.ContainerExecutor; import org.apache.hadoop.yarn.server.nodemanager.Context; @@ -147,7 +151,52 @@ public abstract class BaseContainerManagerTest { conf.set(YarnConfiguration.NM_REMOTE_APP_LOG_DIR, remoteLogDir.getAbsolutePath()); // Default delSrvc - delSrvc = new DeletionService(exec) { + delSrvc = createDeletionService(); + delSrvc.init(conf); + + exec = createContainerExecutor(); + nodeHealthChecker = new NodeHealthCheckerService(); + nodeHealthChecker.init(conf); + dirsHandler = nodeHealthChecker.getDiskHandler(); + containerManager = createContainerManager(delSrvc); + ((NMContext)context).setContainerManager(containerManager); + nodeStatusUpdater.init(conf); + containerManager.init(conf); + nodeStatusUpdater.start(); + } + + protected ContainerManagerImpl + createContainerManager(DeletionService delSrvc) { + return new ContainerManagerImpl(context, exec, delSrvc, nodeStatusUpdater, + metrics, new ApplicationACLsManager(conf), dirsHandler) { + @Override + public void + setBlockNewContainerRequests(boolean blockNewContainerRequests) { + // do nothing + } + + @Override + protected void authorizeRequest(String containerIDStr, + ContainerLaunchContext launchContext, Container container, + UserGroupInformation remoteUgi, ContainerTokenIdentifier tokenId) + throws YarnRemoteException { + // do nothing + } + + @Override + protected ContainerTokenIdentifier getContainerTokenIdentifier( + UserGroupInformation remoteUgi, + org.apache.hadoop.yarn.api.records.Container container) + throws YarnRemoteException { + return new ContainerTokenIdentifier(container.getId(), + container.getNodeHttpAddress(), remoteUgi.getUserName(), + container.getResource(), System.currentTimeMillis(), 123); + } + }; + } + + protected DeletionService createDeletionService() { + return new DeletionService(exec) { @Override public void delete(String user, Path subDir, Path[] baseDirs) { // Don't do any deletions. @@ -155,22 +204,6 @@ public abstract class BaseContainerManagerTest { + ", baseDirs - " + baseDirs); }; }; - delSrvc.init(conf); - - exec = createContainerExecutor(); - nodeHealthChecker = new NodeHealthCheckerService(); - nodeHealthChecker.init(conf); - dirsHandler = nodeHealthChecker.getDiskHandler(); - containerManager = - new ContainerManagerImpl(context, exec, delSrvc, nodeStatusUpdater, - metrics, new ApplicationACLsManager(conf), dirsHandler) { - @Override - public void setBlockNewContainerRequests( - boolean blockNewContainerRequests) { - // do nothing - } - }; - containerManager.init(conf); } @After diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManager.java index 866586245de..17f3b2b6f29 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManager.java @@ -62,7 +62,6 @@ import org.apache.hadoop.yarn.server.nodemanager.DeletionService; import org.apache.hadoop.yarn.server.nodemanager.containermanager.application.ApplicationState; import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ContainerLocalizer; import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ResourceLocalizationService; -import org.apache.hadoop.yarn.server.security.ApplicationACLsManager; import org.apache.hadoop.yarn.util.BuilderUtils; import org.apache.hadoop.yarn.util.ConverterUtils; import org.junit.Test; @@ -411,15 +410,7 @@ public class TestContainerManager extends BaseContainerManagerTest { delSrvc = new DeletionService(exec); delSrvc.init(conf); - containerManager = - new ContainerManagerImpl(context, exec, delSrvc, nodeStatusUpdater, - metrics, new ApplicationACLsManager(conf), dirsHandler) { - @Override - public void setBlockNewContainerRequests( - boolean blockNewContainerRequests) { - // do nothing - } - }; + containerManager = createContainerManager(delSrvc); containerManager.init(conf); containerManager.start(); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/application/TestApplication.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/application/TestApplication.java index 1050a9efff4..f5111d37aa1 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/application/TestApplication.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/application/TestApplication.java @@ -25,10 +25,13 @@ import static org.mockito.Mockito.reset; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import java.nio.ByteBuffer; import java.util.ArrayList; import java.util.HashMap; import java.util.List; +import junit.framework.Assert; + import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.yarn.api.records.ApplicationAccessType; import org.apache.hadoop.yarn.api.records.ApplicationAttemptId; @@ -37,6 +40,9 @@ import org.apache.hadoop.yarn.api.records.ContainerId; import org.apache.hadoop.yarn.api.records.ContainerLaunchContext; import org.apache.hadoop.yarn.event.DrainDispatcher; import org.apache.hadoop.yarn.event.EventHandler; +import org.apache.hadoop.yarn.security.ContainerTokenIdentifier; +import org.apache.hadoop.yarn.server.api.records.MasterKey; +import org.apache.hadoop.yarn.server.api.records.impl.pb.MasterKeyPBImpl; import org.apache.hadoop.yarn.server.nodemanager.Context; import org.apache.hadoop.yarn.server.nodemanager.containermanager.AuxServicesEvent; import org.apache.hadoop.yarn.server.nodemanager.containermanager.AuxServicesEventType; @@ -54,11 +60,13 @@ import org.apache.hadoop.yarn.server.nodemanager.containermanager.loghandler.eve import org.apache.hadoop.yarn.server.nodemanager.containermanager.loghandler.event.LogHandlerEventType; import org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.ContainersMonitorEvent; import org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor.ContainersMonitorEventType; +import org.apache.hadoop.yarn.server.nodemanager.security.NMContainerTokenSecretManager; import org.apache.hadoop.yarn.server.security.ApplicationACLsManager; import org.apache.hadoop.yarn.util.BuilderUtils; import org.junit.Test; import org.mockito.ArgumentMatcher; + public class TestApplication { /** @@ -257,6 +265,10 @@ public class TestApplication { AuxServicesEventType.APPLICATION_STOP, wa.appId))); wa.appResourcesCleanedup(); + for ( Container container : wa.containers) { + Assert.assertTrue(wa.context.getContainerTokenSecretManager() + .isValidStartContainerRequest(container.getContainer().getId())); + } assertEquals(ApplicationState.FINISHED, wa.app.getApplicationState()); } finally { @@ -293,6 +305,10 @@ public class TestApplication { LocalizationEventType.DESTROY_APPLICATION_RESOURCES, wa.app))); wa.appResourcesCleanedup(); + for ( Container container : wa.containers) { + Assert.assertTrue(wa.context.getContainerTokenSecretManager() + .isValidStartContainerRequest(container.getContainer().getId())); + } assertEquals(ApplicationState.FINISHED, wa.app.getApplicationState()); } finally { if (wa != null) @@ -429,8 +445,10 @@ public class TestApplication { final Application app; WrappedApplication(int id, long timestamp, String user, int numContainers) { + Configuration conf = new Configuration(); + dispatcher = new DrainDispatcher(); - dispatcher.init(new Configuration()); + dispatcher.init(conf); localizerBus = mock(EventHandler.class); launcherBus = mock(EventHandler.class); @@ -448,6 +466,16 @@ public class TestApplication { context = mock(Context.class); + when(context.getContainerTokenSecretManager()).thenReturn( + new NMContainerTokenSecretManager(conf)); + + // Setting master key + MasterKey masterKey = new MasterKeyPBImpl(); + masterKey.setKeyId(123); + masterKey.setBytes(ByteBuffer.wrap(new byte[] { (new Integer(123) + .byteValue()) })); + context.getContainerTokenSecretManager().setMasterKey(masterKey); + this.user = user; this.appId = BuilderUtils.newApplicationId(timestamp, id); @@ -455,7 +483,13 @@ public class TestApplication { new Configuration()), this.user, appId, null, context); containers = new ArrayList(); for (int i = 0; i < numContainers; i++) { - containers.add(createMockedContainer(this.appId, i)); + Container container = createMockedContainer(this.appId, i); + containers.add(container); + context.getContainerTokenSecretManager().startContainerSuccessful( + new ContainerTokenIdentifier(container.getContainer().getId(), "", + "", null, System.currentTimeMillis() + 1000, masterKey.getKeyId())); + Assert.assertFalse(context.getContainerTokenSecretManager() + .isValidStartContainerRequest(container.getContainer().getId())); } dispatcher.start(); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/resources/krb5.conf b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/resources/krb5.conf new file mode 100644 index 00000000000..121ac6d9b98 --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/resources/krb5.conf @@ -0,0 +1,28 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +[libdefaults] + default_realm = APACHE.ORG + udp_preference_limit = 1 + extra_addresses = 127.0.0.1 +[realms] + APACHE.ORG = { + admin_server = localhost:88 + kdc = localhost:88 + } +[domain_realm] + localhost = APACHE.ORG diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceTrackerService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceTrackerService.java index e2fbf867c0a..930473cb6c6 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceTrackerService.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceTrackerService.java @@ -44,7 +44,6 @@ import org.apache.hadoop.yarn.server.api.protocolrecords.RegisterNodeManagerResp import org.apache.hadoop.yarn.server.api.records.MasterKey; import org.apache.hadoop.yarn.server.api.records.NodeAction; import org.apache.hadoop.yarn.server.api.records.NodeStatus; -import org.apache.hadoop.yarn.server.resourcemanager.recovery.RMStateStore.RMState; import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNode; import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNodeEvent; import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNodeEventType; @@ -198,11 +197,9 @@ public class ResourceTrackerService extends AbstractService implements return response; } - if (isSecurityEnabled()) { - MasterKey nextMasterKeyForNode = - this.containerTokenSecretManager.getCurrentKey(); - response.setMasterKey(nextMasterKeyForNode); - } + MasterKey nextMasterKeyForNode = + this.containerTokenSecretManager.getCurrentKey(); + response.setMasterKey(nextMasterKeyForNode); RMNode rmNode = new RMNodeImpl(nodeId, rmContext, host, cmPort, httpPort, resolve(host), capability); @@ -298,26 +295,24 @@ public class ResourceTrackerService extends AbstractService implements getResponseId() + 1, NodeAction.NORMAL, null, null, null, nextHeartBeatInterval); rmNode.updateNodeHeartbeatResponseForCleanup(nodeHeartBeatResponse); + // Check if node's masterKey needs to be updated and if the currentKey has // roller over, send it across - if (isSecurityEnabled()) { + boolean shouldSendMasterKey = false; - boolean shouldSendMasterKey = false; - - MasterKey nextMasterKeyForNode = - this.containerTokenSecretManager.getNextKey(); - if (nextMasterKeyForNode != null) { - // nextMasterKeyForNode can be null if there is no outstanding key that - // is in the activation period. - MasterKey nodeKnownMasterKey = request.getLastKnownMasterKey(); - if (nodeKnownMasterKey.getKeyId() != nextMasterKeyForNode.getKeyId()) { - shouldSendMasterKey = true; - } - } - if (shouldSendMasterKey) { - nodeHeartBeatResponse.setMasterKey(nextMasterKeyForNode); + MasterKey nextMasterKeyForNode = + this.containerTokenSecretManager.getNextKey(); + if (nextMasterKeyForNode != null) { + // nextMasterKeyForNode can be null if there is no outstanding key that + // is in the activation period. + MasterKey nodeKnownMasterKey = request.getLastKnownMasterKey(); + if (nodeKnownMasterKey.getKeyId() != nextMasterKeyForNode.getKeyId()) { + shouldSendMasterKey = true; } } + if (shouldSendMasterKey) { + nodeHeartBeatResponse.setMasterKey(nextMasterKeyForNode); + } // 4. Send status to RMNode, saving the latest response. this.rmContext.getDispatcher().getEventHandler().handle( @@ -341,8 +336,4 @@ public class ResourceTrackerService extends AbstractService implements PolicyProvider policyProvider) { this.server.refreshServiceAcl(configuration, policyProvider); } - - protected boolean isSecurityEnabled() { - return UserGroupInformation.isSecurityEnabled(); - } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/LeafQueue.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/LeafQueue.java index 64f711434b0..f4108c6ece2 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/LeafQueue.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/LeafQueue.java @@ -1296,16 +1296,13 @@ public class LeafQueue implements CSQueue { unreserve(application, priority, node, rmContainer); } - // Create container tokens in secure-mode - if (UserGroupInformation.isSecurityEnabled()) { - ContainerToken containerToken = - createContainerToken(application, container); - if (containerToken == null) { - // Something went wrong... - return Resources.none(); - } - container.setContainerToken(containerToken); + ContainerToken containerToken = + createContainerToken(application, container); + if (containerToken == null) { + // Something went wrong... + return Resources.none(); } + container.setContainerToken(containerToken); // Inform the application RMContainer allocatedContainer = diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fair/AppSchedulable.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fair/AppSchedulable.java index 4bd6e2b54b2..c1896c3c12c 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fair/AppSchedulable.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fair/AppSchedulable.java @@ -25,7 +25,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.classification.InterfaceAudience.Private; import org.apache.hadoop.classification.InterfaceStability.Unstable; -import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.yarn.api.records.Container; import org.apache.hadoop.yarn.api.records.ContainerId; import org.apache.hadoop.yarn.api.records.ContainerToken; @@ -35,8 +34,8 @@ import org.apache.hadoop.yarn.api.records.Resource; import org.apache.hadoop.yarn.api.records.ResourceRequest; import org.apache.hadoop.yarn.factories.RecordFactory; import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider; -import org.apache.hadoop.yarn.server.resourcemanager.resource.DefaultResourceCalculator; import org.apache.hadoop.yarn.server.resourcemanager.ResourceManager; +import org.apache.hadoop.yarn.server.resourcemanager.resource.DefaultResourceCalculator; import org.apache.hadoop.yarn.server.resourcemanager.resource.Resources; import org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.RMContainer; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.NodeType; @@ -159,16 +158,11 @@ public class AppSchedulable extends Schedulable { NodeId nodeId = node.getRMNode().getNodeID(); ContainerId containerId = BuilderUtils.newContainerId(application .getApplicationAttemptId(), application.getNewContainerId()); - ContainerToken containerToken = null; - - // If security is enabled, send the container-tokens too. - if (UserGroupInformation.isSecurityEnabled()) { - containerToken = - containerTokenSecretManager.createContainerToken(containerId, nodeId, + ContainerToken containerToken = + containerTokenSecretManager.createContainerToken(containerId, nodeId, application.getUser(), capability); - if (containerToken == null) { - return null; // Try again later. - } + if (containerToken == null) { + return null; // Try again later. } // Create the container diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fifo/FifoScheduler.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fifo/FifoScheduler.java index 2024e746dea..c822bf35f7e 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fifo/FifoScheduler.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fifo/FifoScheduler.java @@ -552,15 +552,12 @@ public class FifoScheduler implements ResourceScheduler, Configurable { .getApplicationAttemptId(), application.getNewContainerId()); ContainerToken containerToken = null; - // If security is enabled, send the container-tokens too. - if (UserGroupInformation.isSecurityEnabled()) { - containerToken = - this.rmContext.getContainerTokenSecretManager() + containerToken = + this.rmContext.getContainerTokenSecretManager() .createContainerToken(containerId, nodeId, - application.getUser(), capability); - if (containerToken == null) { - return i; // Try again later. - } + application.getUser(), capability); + if (containerToken == null) { + return i; // Try again later. } // Create the container diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockNodes.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockNodes.java index ae6d5814a46..d177edbffde 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockNodes.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockNodes.java @@ -202,15 +202,18 @@ public class MockNodes { }; private static RMNode buildRMNode(int rack, final Resource perNode, NodeState state, String httpAddr) { - return buildRMNode(rack, perNode, state, httpAddr, NODE_ID++); + return buildRMNode(rack, perNode, state, httpAddr, NODE_ID++, null); } - private static RMNode buildRMNode(int rack, final Resource perNode, NodeState state, String httpAddr, int hostnum) { + private static RMNode buildRMNode(int rack, final Resource perNode, + NodeState state, String httpAddr, int hostnum, String hostName) { final String rackName = "rack"+ rack; final int nid = hostnum; - final String hostName = "host"+ nid; final String nodeAddr = hostName + ":" + nid; final int port = 123; + if (hostName == null) { + hostName = "host"+ nid; + } final NodeId nodeID = newNodeID(hostName, port); final String httpAddress = httpAddr; final NodeHealthStatus nodeHealthStatus = @@ -233,6 +236,12 @@ public class MockNodes { } public static RMNode newNodeInfo(int rack, final Resource perNode, int hostnum) { - return buildRMNode(rack, perNode, null, "localhost:0", hostnum); + return buildRMNode(rack, perNode, null, "localhost:0", hostnum, null); } + + public static RMNode newNodeInfo(int rack, final Resource perNode, + int hostnum, String hostName) { + return buildRMNode(rack, perNode, null, "localhost:0", hostnum, hostName); + } + } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockRM.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockRM.java index 5ddd5b4aa86..48557aa474e 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockRM.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockRM.java @@ -59,6 +59,7 @@ import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNode; import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNodeEvent; import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNodeEventType; import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNodeImpl; +import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager; import org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager; import org.apache.hadoop.yarn.util.Records; import org.apache.log4j.Level; @@ -298,8 +299,12 @@ public class MockRM extends ResourceManager { @Override protected ResourceTrackerService createResourceTrackerService() { + RMContainerTokenSecretManager containerTokenSecretManager = + new RMContainerTokenSecretManager(new Configuration()); + containerTokenSecretManager.rollMasterKey(); return new ResourceTrackerService(getRMContext(), nodesListManager, - this.nmLivelinessMonitor, this.containerTokenSecretManager) { + this.nmLivelinessMonitor, containerTokenSecretManager) { + @Override public void start() { // override to not start rpc handler diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestApplicationCleanup.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestApplicationCleanup.java index 6705171de3c..c134d817eeb 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestApplicationCleanup.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestApplicationCleanup.java @@ -59,7 +59,7 @@ public class TestApplicationCleanup { MockRM rm = new MockRM(); rm.start(); - MockNM nm1 = rm.registerNode("h1:1234", 5000); + MockNM nm1 = rm.registerNode("127.0.0.1:1234", 5000); RMApp app = rm.submitApp(2000); @@ -72,7 +72,7 @@ public class TestApplicationCleanup { //request for containers int request = 2; - am.allocate("h1" , 1000, request, + am.allocate("127.0.0.1" , 1000, request, new ArrayList()); //kick the scheduler @@ -147,7 +147,7 @@ public class TestApplicationCleanup { }; rm.start(); - MockNM nm1 = rm.registerNode("h1:1234", 5000); + MockNM nm1 = rm.registerNode("127.0.0.1:1234", 5000); RMApp app = rm.submitApp(2000); @@ -160,7 +160,7 @@ public class TestApplicationCleanup { //request for containers int request = 2; - am.allocate("h1" , 1000, request, + am.allocate("127.0.0.1" , 1000, request, new ArrayList()); dispatcher.await(); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestApplicationMasterLauncher.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestApplicationMasterLauncher.java index 876d8a93796..c7679c84315 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestApplicationMasterLauncher.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestApplicationMasterLauncher.java @@ -112,7 +112,7 @@ public class TestApplicationMasterLauncher { MockRMWithCustomAMLauncher rm = new MockRMWithCustomAMLauncher( containerManager); rm.start(); - MockNM nm1 = rm.registerNode("h1:1234", 5120); + MockNM nm1 = rm.registerNode("127.0.0.1:1234", 5120); RMApp app = rm.submitApp(2000); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestFifoScheduler.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestFifoScheduler.java index 2b7991fb26a..9106aabd285 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestFifoScheduler.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestFifoScheduler.java @@ -74,8 +74,8 @@ public class TestFifoScheduler { rootLogger.setLevel(Level.DEBUG); MockRM rm = new MockRM(conf); rm.start(); - MockNM nm1 = rm.registerNode("h1:1234", 6 * GB); - MockNM nm2 = rm.registerNode("h2:5678", 4 * GB); + MockNM nm1 = rm.registerNode("127.0.0.1:1234", 6 * GB); + MockNM nm2 = rm.registerNode("127.0.0.2:5678", 4 * GB); RMApp app1 = rm.submitApp(2048); // kick the scheduling, 2 GB given to AM1, remaining 4GB on nm1 @@ -98,10 +98,10 @@ public class TestFifoScheduler { Assert.assertEquals(2 * GB, report_nm2.getUsedResource().getMemory()); // add request for containers - am1.addRequests(new String[] { "h1", "h2" }, GB, 1, 1); + am1.addRequests(new String[] { "127.0.0.1", "127.0.0.2" }, GB, 1, 1); AllocateResponse alloc1Response = am1.schedule(); // send the request // add request for containers - am2.addRequests(new String[] { "h1", "h2" }, 3 * GB, 0, 1); + am2.addRequests(new String[] { "127.0.0.1", "127.0.0.2" }, 3 * GB, 0, 1); AllocateResponse alloc2Response = am2.schedule(); // send the request // kick the scheduler, 1 GB and 3 GB given to AM1 and AM2, remaining 0 @@ -163,7 +163,7 @@ public class TestFifoScheduler { rm.start(); // Register node1 - MockNM nm1 = rm.registerNode("h1:1234", 6 * GB); + MockNM nm1 = rm.registerNode("127.0.0.1:1234", 6 * GB); // Submit an application RMApp app1 = rm.submitApp(testAlloc); @@ -212,8 +212,10 @@ public class TestFifoScheduler { FifoScheduler fs = new FifoScheduler(); fs.reinitialize(conf, null); - RMNode n1 = MockNodes.newNodeInfo(0, MockNodes.newResource(4 * GB), 1); - RMNode n2 = MockNodes.newNodeInfo(0, MockNodes.newResource(2 * GB), 2); + RMNode n1 = + MockNodes.newNodeInfo(0, MockNodes.newResource(4 * GB), 1, "127.0.0.2"); + RMNode n2 = + MockNodes.newNodeInfo(0, MockNodes.newResource(2 * GB), 2, "127.0.0.3"); fs.handle(new NodeAddedSchedulerEvent(n1)); fs.handle(new NodeAddedSchedulerEvent(n2)); @@ -222,7 +224,8 @@ public class TestFifoScheduler { Assert.assertEquals(6 * GB, fs.getRootQueueMetrics().getAvailableMB()); // reconnect n1 with downgraded memory - n1 = MockNodes.newNodeInfo(0, MockNodes.newResource(2 * GB), 1); + n1 = + MockNodes.newNodeInfo(0, MockNodes.newResource(2 * GB), 1, "127.0.0.2"); fs.handle(new NodeRemovedSchedulerEvent(n1)); fs.handle(new NodeAddedSchedulerEvent(n1)); fs.handle(new NodeUpdateSchedulerEvent(n1)); @@ -241,7 +244,8 @@ public class TestFifoScheduler { FifoScheduler fs = (FifoScheduler) rm.getResourceScheduler(); // Add a node - RMNode n1 = MockNodes.newNodeInfo(0, MockNodes.newResource(4 * GB), 1); + RMNode n1 = + MockNodes.newNodeInfo(0, MockNodes.newResource(4 * GB), 1, "127.0.0.2"); fs.handle(new NodeAddedSchedulerEvent(n1)); // Add two applications diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMRestart.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMRestart.java index b2b5205abe3..36b30713b79 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMRestart.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMRestart.java @@ -95,8 +95,10 @@ public class TestRMRestart { // start like normal because state is empty rm1.start(); - MockNM nm1 = new MockNM("h1:1234", 15120, rm1.getResourceTrackerService()); - MockNM nm2 = new MockNM("h2:5678", 15120, rm1.getResourceTrackerService()); + MockNM nm1 = + new MockNM("127.0.0.1:1234", 15120, rm1.getResourceTrackerService()); + MockNM nm2 = + new MockNM("127.0.0.2:5678", 15120, rm1.getResourceTrackerService()); nm1.registerNode(); nm2.registerNode(); // nm2 will not heartbeat with RM1 @@ -145,7 +147,7 @@ public class TestRMRestart { am1.registerAppAttempt(); // AM request for containers - am1.allocate("h1" , 1000, 1, new ArrayList()); + am1.allocate("127.0.0.1" , 1000, 1, new ArrayList()); // kick the scheduler nm1.nodeHeartbeat(true); List conts = am1.allocate(new ArrayList(), @@ -244,8 +246,8 @@ public class TestRMRestart { Assert.assertEquals(NodeAction.RESYNC, hbResponse.getNodeAction()); // new NM to represent NM re-register - nm1 = rm2.registerNode("h1:1234", 15120); - nm2 = rm2.registerNode("h2:5678", 15120); + nm1 = rm2.registerNode("127.0.0.1:1234", 15120); + nm2 = rm2.registerNode("127.0.0.2:5678", 15120); // verify no more reboot response sent hbResponse = nm1.nodeHeartbeat(true); @@ -265,7 +267,8 @@ public class TestRMRestart { // Nodes on which the AM's run MockNM am1Node = nm1; - if(attemptState.getMasterContainer().getNodeId().toString().contains("h2")){ + if (attemptState.getMasterContainer().getNodeId().toString() + .contains("127.0.0.2")) { am1Node = nm2; } @@ -280,7 +283,8 @@ public class TestRMRestart { attemptState.getMasterContainer().getId()); MockNM am2Node = nm1; - if(attemptState.getMasterContainer().getNodeId().toString().contains("h2")){ + if (attemptState.getMasterContainer().getNodeId().toString() + .contains("127.0.0.2")) { am2Node = nm2; } @@ -292,8 +296,8 @@ public class TestRMRestart { am2.registerAppAttempt(); //request for containers - am1.allocate("h1" , 1000, 3, new ArrayList()); - am2.allocate("h2" , 1000, 1, new ArrayList()); + am1.allocate("127.0.0.1" , 1000, 3, new ArrayList()); + am2.allocate("127.0.0.2" , 1000, 1, new ArrayList()); // verify container allocate continues to work nm1.nodeHeartbeat(true); @@ -346,7 +350,8 @@ public class TestRMRestart { rmState.getApplicationState(); MockRM rm1 = new MockRM(conf, memStore); rm1.start(); - MockNM nm1 = new MockNM("h1:1234", 15120, rm1.getResourceTrackerService()); + MockNM nm1 = + new MockNM("127.0.0.1:1234", 15120, rm1.getResourceTrackerService()); nm1.registerNode(); // submit an app with maxAppAttempts equals to 1 diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestResourceManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestResourceManager.java index 1dd81c93790..a4dfbf76562 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestResourceManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestResourceManager.java @@ -52,6 +52,7 @@ public class TestResourceManager { Configuration conf = new YarnConfiguration(); resourceManager = new ResourceManager(); resourceManager.init(conf); + resourceManager.getRMContainerTokenSecretManager().rollMasterKey(); } @After diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationmasterservice/TestApplicationMasterService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationmasterservice/TestApplicationMasterService.java index 6bd3a54e1b8..2c22264401c 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationmasterservice/TestApplicationMasterService.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationmasterservice/TestApplicationMasterService.java @@ -48,13 +48,13 @@ public class TestApplicationMasterService { ResourceScheduler.class); } - @Test(timeout = 30000) + @Test(timeout = 3000000) public void testRMIdentifierOnContainerAllocation() throws Exception { MockRM rm = new MockRM(conf); rm.start(); // Register node1 - MockNM nm1 = rm.registerNode("h1:1234", 6 * GB); + MockNM nm1 = rm.registerNode("127.0.0.1:1234", 6 * GB); // Submit an application RMApp app1 = rm.submitApp(2048); @@ -65,7 +65,7 @@ public class TestApplicationMasterService { MockAM am1 = rm.sendAMLaunched(attempt1.getAppAttemptId()); am1.registerAppAttempt(); - am1.addRequests(new String[] { "h1" }, GB, 1, 1); + am1.addRequests(new String[] { "127.0.0.1" }, GB, 1, 1); AllocateResponse alloc1Response = am1.schedule(); // send the request // kick the scheduler diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationsmanager/TestAMRMRPCNodeUpdates.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationsmanager/TestAMRMRPCNodeUpdates.java index b5fb09a11db..171b840479c 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationsmanager/TestAMRMRPCNodeUpdates.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationsmanager/TestAMRMRPCNodeUpdates.java @@ -90,10 +90,10 @@ public class TestAMRMRPCNodeUpdates { @Test public void testAMRMUnusableNodes() throws Exception { - MockNM nm1 = rm.registerNode("h1:1234", 10000); - MockNM nm2 = rm.registerNode("h2:1234", 10000); - MockNM nm3 = rm.registerNode("h3:1234", 10000); - MockNM nm4 = rm.registerNode("h4:1234", 10000); + MockNM nm1 = rm.registerNode("127.0.0.1:1234", 10000); + MockNM nm2 = rm.registerNode("127.0.0.2:1234", 10000); + MockNM nm3 = rm.registerNode("127.0.0.3:1234", 10000); + MockNM nm4 = rm.registerNode("127.0.0.4:1234", 10000); RMApp app1 = rm.submitApp(2000); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/resourcetracker/TestRMNMRPCResponseId.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/resourcetracker/TestRMNMRPCResponseId.java index fa63e84c137..e2ffa786cc0 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/resourcetracker/TestRMNMRPCResponseId.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/resourcetracker/TestRMNMRPCResponseId.java @@ -59,6 +59,7 @@ public class TestRMNMRPCResponseId { @Before public void setUp() { + Configuration conf = new Configuration(); // Dispatcher that processes events inline Dispatcher dispatcher = new InlineDispatcher(); dispatcher.register(SchedulerEventType.class, new EventHandler() { @@ -69,17 +70,16 @@ public class TestRMNMRPCResponseId { }); RMContext context = new RMContextImpl(dispatcher, null, null, null, null, - null, null, null); + null, new RMContainerTokenSecretManager(conf), null); dispatcher.register(RMNodeEventType.class, new ResourceManager.NodeEventDispatcher(context)); NodesListManager nodesListManager = new NodesListManager(context); - Configuration conf = new Configuration(); nodesListManager.init(conf); - RMContainerTokenSecretManager containerTokenSecretManager = - new RMContainerTokenSecretManager(conf); + + context.getContainerTokenSecretManager().rollMasterKey(); resourceTrackerService = new ResourceTrackerService(context, nodesListManager, new NMLivelinessMonitor(dispatcher), - containerTokenSecretManager); + context.getContainerTokenSecretManager()); resourceTrackerService.init(conf); } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestApplicationLimits.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestApplicationLimits.java index 5953f843df3..e9f53137b95 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestApplicationLimits.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestApplicationLimits.java @@ -52,6 +52,7 @@ import org.apache.hadoop.yarn.server.resourcemanager.resource.ResourceCalculator import org.apache.hadoop.yarn.server.resourcemanager.resource.Resources; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.common.fica.FiCaSchedulerApp; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.common.fica.FiCaSchedulerNode; +import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -88,6 +89,11 @@ public class TestApplicationLimits { thenReturn(CapacityScheduler.queueComparator); when(csContext.getResourceCalculator()). thenReturn(resourceCalculator); + RMContainerTokenSecretManager containerTokenSecretManager = + new RMContainerTokenSecretManager(conf); + containerTokenSecretManager.rollMasterKey(); + when(csContext.getContainerTokenSecretManager()).thenReturn( + containerTokenSecretManager); Map queues = new HashMap(); CSQueue root = diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestLeafQueue.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestLeafQueue.java index 174692bb980..141b7948c32 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestLeafQueue.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/capacity/TestLeafQueue.java @@ -67,6 +67,7 @@ import org.apache.hadoop.yarn.server.resourcemanager.scheduler.QueueMetrics; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.common.fica.FiCaSchedulerApp; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.common.fica.FiCaSchedulerNode; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.AppRemovedSchedulerEvent; +import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -122,6 +123,11 @@ public class TestLeafQueue { thenReturn(CapacityScheduler.queueComparator); when(csContext.getResourceCalculator()). thenReturn(resourceCalculator); + RMContainerTokenSecretManager containerTokenSecretManager = + new RMContainerTokenSecretManager(conf); + containerTokenSecretManager.rollMasterKey(); + when(csContext.getContainerTokenSecretManager()).thenReturn( + containerTokenSecretManager); root = CapacityScheduler.parseQueue(csContext, csConf, null, @@ -275,7 +281,7 @@ public class TestLeafQueue { // Setup some nodes - String host_0 = "host_0"; + String host_0 = "127.0.0.1"; FiCaSchedulerNode node_0 = TestUtils.getMockNode(host_0, DEFAULT_RACK, 0, 8*GB); final int numNodes = 1; @@ -397,7 +403,7 @@ public class TestLeafQueue { // Setup some nodes - String host_0 = "host_0"; + String host_0 = "127.0.0.1"; FiCaSchedulerNode node_0 = TestUtils.getMockNode(host_0, DEFAULT_RACK, 0, 8*GB); final int numNodes = 1; @@ -528,9 +534,9 @@ public class TestLeafQueue { a.submitApplication(app_2, user_1, A); // Setup some nodes - String host_0 = "host_0"; + String host_0 = "127.0.0.1"; FiCaSchedulerNode node_0 = TestUtils.getMockNode(host_0, DEFAULT_RACK, 0, 8*GB); - String host_1 = "host_1"; + String host_1 = "127.0.0.2"; FiCaSchedulerNode node_1 = TestUtils.getMockNode(host_1, DEFAULT_RACK, 0, 8*GB); final int numNodes = 2; @@ -622,9 +628,9 @@ public class TestLeafQueue { a.submitApplication(app_2, user_1, A); // Setup some nodes - String host_0 = "host_0"; + String host_0 = "127.0.0.1"; FiCaSchedulerNode node_0 = TestUtils.getMockNode(host_0, DEFAULT_RACK, 0, 8*GB); - String host_1 = "host_1"; + String host_1 = "127.0.0.2"; FiCaSchedulerNode node_1 = TestUtils.getMockNode(host_1, DEFAULT_RACK, 0, 8*GB); final int numNodes = 2; @@ -740,7 +746,7 @@ public class TestLeafQueue { a.submitApplication(app_3, user_2, A); // Setup some nodes - String host_0 = "host_0"; + String host_0 = "127.0.0.1"; FiCaSchedulerNode node_0 = TestUtils.getMockNode(host_0, DEFAULT_RACK, 0, 8*GB); final int numNodes = 1; @@ -902,7 +908,7 @@ public class TestLeafQueue { a.submitApplication(app_1, user_1, A); // Setup some nodes - String host_0 = "host_0"; + String host_0 = "127.0.0.1"; FiCaSchedulerNode node_0 = TestUtils.getMockNode(host_0, DEFAULT_RACK, 0, 4*GB); final int numNodes = 2; @@ -1002,9 +1008,9 @@ public class TestLeafQueue { a.submitApplication(app_1, user_1, A); // Setup some nodes - String host_0 = "host_0"; + String host_0 = "127.0.0.1"; FiCaSchedulerNode node_0 = TestUtils.getMockNode(host_0, DEFAULT_RACK, 0, 4*GB); - String host_1 = "host_1"; + String host_1 = "127.0.0.2"; FiCaSchedulerNode node_1 = TestUtils.getMockNode(host_1, DEFAULT_RACK, 0, 4*GB); final int numNodes = 3; @@ -1102,10 +1108,10 @@ public class TestLeafQueue { a.submitApplication(app_1, user_1, A); // Setup some nodes - String host_0 = "host_0"; + String host_0 = "127.0.0.1"; FiCaSchedulerNode node_0 = TestUtils.getMockNode(host_0, DEFAULT_RACK, 0, 4*GB); - String host_1 = "host_1"; + String host_1 = "127.0.0.2"; FiCaSchedulerNode node_1 = TestUtils.getMockNode(host_1, DEFAULT_RACK, 0, 4*GB); final int numNodes = 3; @@ -1214,15 +1220,15 @@ public class TestLeafQueue { a.submitApplication(app_0, user_0, A); // Setup some nodes and racks - String host_0 = "host_0"; + String host_0 = "127.0.0.1"; String rack_0 = "rack_0"; FiCaSchedulerNode node_0 = TestUtils.getMockNode(host_0, rack_0, 0, 8*GB); - String host_1 = "host_1"; + String host_1 = "127.0.0.2"; String rack_1 = "rack_1"; FiCaSchedulerNode node_1 = TestUtils.getMockNode(host_1, rack_1, 0, 8*GB); - String host_2 = "host_2"; + String host_2 = "127.0.0.3"; String rack_2 = "rack_2"; FiCaSchedulerNode node_2 = TestUtils.getMockNode(host_2, rack_2, 0, 8*GB); @@ -1317,7 +1323,7 @@ public class TestLeafQueue { app_0.updateResourceRequests(app_0_requests_0); assertEquals(2, app_0.getTotalRequiredResources(priority)); - String host_3 = "host_3"; // on rack_1 + String host_3 = "127.0.0.4"; // on rack_1 FiCaSchedulerNode node_3 = TestUtils.getMockNode(host_3, rack_1, 0, 8*GB); // Rack-delay @@ -1355,15 +1361,15 @@ public class TestLeafQueue { a.submitApplication(app_0, user_0, A); // Setup some nodes and racks - String host_0 = "host_0"; + String host_0 = "127.0.0.1"; String rack_0 = "rack_0"; FiCaSchedulerNode node_0 = TestUtils.getMockNode(host_0, rack_0, 0, 8*GB); - String host_1 = "host_1"; + String host_1 = "127.0.0.2"; String rack_1 = "rack_1"; FiCaSchedulerNode node_1 = TestUtils.getMockNode(host_1, rack_1, 0, 8*GB); - String host_2 = "host_2"; + String host_2 = "127.0.0.3"; String rack_2 = "rack_2"; FiCaSchedulerNode node_2 = TestUtils.getMockNode(host_2, rack_2, 0, 8*GB); @@ -1486,14 +1492,14 @@ public class TestLeafQueue { a.submitApplication(app_0, user_0, A); // Setup some nodes and racks - String host_0_0 = "host_0_0"; + String host_0_0 = "127.0.0.1"; String rack_0 = "rack_0"; FiCaSchedulerNode node_0_0 = TestUtils.getMockNode(host_0_0, rack_0, 0, 8*GB); - String host_0_1 = "host_0_1"; + String host_0_1 = "127.0.0.2"; FiCaSchedulerNode node_0_1 = TestUtils.getMockNode(host_0_1, rack_0, 0, 8*GB); - String host_1_0 = "host_1_0"; + String host_1_0 = "127.0.0.3"; String rack_1 = "rack_1"; FiCaSchedulerNode node_1_0 = TestUtils.getMockNode(host_1_0, rack_1, 0, 8*GB); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fair/TestFairScheduler.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fair/TestFairScheduler.java index e83e58b4bd3..03e41be80a0 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fair/TestFairScheduler.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fair/TestFairScheduler.java @@ -123,6 +123,8 @@ public class TestFairScheduler { resourceManager.init(conf); ((AsyncDispatcher)resourceManager.getRMContext().getDispatcher()).start(); scheduler.reinitialize(conf, resourceManager.getRMContext()); + // to initialize the master key + resourceManager.getRMContainerTokenSecretManager().rollMasterKey(); } @After @@ -221,13 +223,16 @@ public class TestFairScheduler { @Test public void testAggregateCapacityTracking() throws Exception { // Add a node - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(1024)); + RMNode node1 = + MockNodes + .newNodeInfo(1, Resources.createResource(1024), 1, "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); assertEquals(1024, scheduler.getClusterCapacity().getMemory()); // Add another node - RMNode node2 = MockNodes.newNodeInfo(1, Resources.createResource(512)); + RMNode node2 = + MockNodes.newNodeInfo(1, Resources.createResource(512), 2, "127.0.0.2"); NodeAddedSchedulerEvent nodeEvent2 = new NodeAddedSchedulerEvent(node2); scheduler.handle(nodeEvent2); assertEquals(1536, scheduler.getClusterCapacity().getMemory()); @@ -241,7 +246,9 @@ public class TestFairScheduler { @Test public void testSimpleFairShareCalculation() { // Add one big node (only care about aggregate capacity) - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(10 * 1024)); + RMNode node1 = + MockNodes.newNodeInfo(1, Resources.createResource(10 * 1024), 1, + "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); @@ -265,7 +272,9 @@ public class TestFairScheduler { public void testSimpleHierarchicalFairShareCalculation() { // Add one big node (only care about aggregate capacity) int capacity = 10 * 24; - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(capacity)); + RMNode node1 = + MockNodes.newNodeInfo(1, Resources.createResource(capacity), 1, + "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); @@ -313,12 +322,15 @@ public class TestFairScheduler { @Test (timeout = 5000) public void testSimpleContainerAllocation() { // Add a node - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(1024)); + RMNode node1 = + MockNodes + .newNodeInfo(1, Resources.createResource(1024), 1, "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); // Add another node - RMNode node2 = MockNodes.newNodeInfo(1, Resources.createResource(512)); + RMNode node2 = + MockNodes.newNodeInfo(1, Resources.createResource(512), 2, "127.0.0.2"); NodeAddedSchedulerEvent nodeEvent2 = new NodeAddedSchedulerEvent(node2); scheduler.handle(nodeEvent2); @@ -351,7 +363,9 @@ public class TestFairScheduler { @Test (timeout = 5000) public void testSimpleContainerReservation() throws InterruptedException { // Add a node - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(1024)); + RMNode node1 = + MockNodes + .newNodeInfo(1, Resources.createResource(1024), 1, "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); @@ -359,6 +373,7 @@ public class TestFairScheduler { createSchedulingRequest(1024, "queue1", "user1", 1); scheduler.update(); NodeUpdateSchedulerEvent updateEvent = new NodeUpdateSchedulerEvent(node1); + scheduler.handle(updateEvent); // Make sure queue 1 is allocated app capacity @@ -376,7 +391,9 @@ public class TestFairScheduler { assertEquals(1024, scheduler.applications.get(attId).getCurrentReservation().getMemory()); // Now another node checks in with capacity - RMNode node2 = MockNodes.newNodeInfo(1, Resources.createResource(1024)); + RMNode node2 = + MockNodes + .newNodeInfo(1, Resources.createResource(1024), 2, "127.0.0.2"); NodeAddedSchedulerEvent nodeEvent2 = new NodeAddedSchedulerEvent(node2); NodeUpdateSchedulerEvent updateEvent2 = new NodeUpdateSchedulerEvent(node2); scheduler.handle(nodeEvent2); @@ -442,7 +459,9 @@ public class TestFairScheduler { queueManager.initialize(); // Add one big node (only care about aggregate capacity) - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(3 * 1024)); + RMNode node1 = + MockNodes.newNodeInfo(1, Resources.createResource(3 * 1024), 1, + "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); @@ -799,7 +818,9 @@ public class TestFairScheduler { queueManager.initialize(); // Add one big node (only care about aggregate capacity) - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(4 * 1024)); + RMNode node1 = + MockNodes.newNodeInfo(1, Resources.createResource(4 * 1024), 1, + "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); @@ -857,7 +878,9 @@ public class TestFairScheduler { queueManager.initialize(); // Add one big node (only care about aggregate capacity) - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(4 * 1024)); + RMNode node1 = + MockNodes.newNodeInfo(1, Resources.createResource(4 * 1024), 1, + "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); @@ -933,15 +956,21 @@ public class TestFairScheduler { queueManager.initialize(); // Create four nodes - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024)); + RMNode node1 = + MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024), 1, + "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); - RMNode node2 = MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024)); + RMNode node2 = + MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024), 2, + "127.0.0.2"); NodeAddedSchedulerEvent nodeEvent2 = new NodeAddedSchedulerEvent(node2); scheduler.handle(nodeEvent2); - RMNode node3 = MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024)); + RMNode node3 = + MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024), 3, + "127.0.0.3"); NodeAddedSchedulerEvent nodeEvent3 = new NodeAddedSchedulerEvent(node3); scheduler.handle(nodeEvent3); @@ -1094,15 +1123,21 @@ public class TestFairScheduler { queueManager.initialize(); // Create four nodes - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024)); + RMNode node1 = + MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024), 1, + "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); - RMNode node2 = MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024)); + RMNode node2 = + MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024), 2, + "127.0.0.2"); NodeAddedSchedulerEvent nodeEvent2 = new NodeAddedSchedulerEvent(node2); scheduler.handle(nodeEvent2); - RMNode node3 = MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024)); + RMNode node3 = + MockNodes.newNodeInfo(1, Resources.createResource(2 * 1024), 3, + "127.0.0.3"); NodeAddedSchedulerEvent nodeEvent3 = new NodeAddedSchedulerEvent(node3); scheduler.handle(nodeEvent3); @@ -1183,7 +1218,9 @@ public class TestFairScheduler { @Test (timeout = 5000) public void testMultipleContainersWaitingForReservation() { // Add a node - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(1024)); + RMNode node1 = + MockNodes + .newNodeInfo(1, Resources.createResource(1024), 1, "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); @@ -1226,7 +1263,9 @@ public class TestFairScheduler { queueManager.initialize(); // Add a node - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(8192)); + RMNode node1 = + MockNodes + .newNodeInfo(1, Resources.createResource(8192), 1, "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); @@ -1263,7 +1302,9 @@ public class TestFairScheduler { @Test (timeout = 5000) public void testReservationWhileMultiplePriorities() { // Add a node - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(1024)); + RMNode node1 = + MockNodes + .newNodeInfo(1, Resources.createResource(1024), 1, "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); @@ -1348,9 +1389,15 @@ public class TestFairScheduler { @Test (timeout = 5000) public void testMultipleNodesSingleRackRequest() throws Exception { - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(1024)); - RMNode node2 = MockNodes.newNodeInfo(1, Resources.createResource(1024)); - RMNode node3 = MockNodes.newNodeInfo(2, Resources.createResource(1024)); + RMNode node1 = + MockNodes + .newNodeInfo(1, Resources.createResource(1024), 1, "127.0.0.1"); + RMNode node2 = + MockNodes + .newNodeInfo(1, Resources.createResource(1024), 2, "127.0.0.2"); + RMNode node3 = + MockNodes + .newNodeInfo(2, Resources.createResource(1024), 3, "127.0.0.3"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); NodeAddedSchedulerEvent nodeEvent2 = new NodeAddedSchedulerEvent(node2); @@ -1388,7 +1435,9 @@ public class TestFairScheduler { @Test (timeout = 5000) public void testFifoWithinQueue() throws Exception { - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(3072)); + RMNode node1 = + MockNodes + .newNodeInfo(1, Resources.createResource(3072), 1, "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); @@ -1432,7 +1481,9 @@ public class TestFairScheduler { scheduler.getQueueManager().getLeafQueue("root.default") .setPolicy(SchedulingPolicy.getDefault()); - RMNode node = MockNodes.newNodeInfo(1, Resources.createResource(16384)); + RMNode node = + MockNodes.newNodeInfo(1, Resources.createResource(16384), 0, + "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent = new NodeAddedSchedulerEvent(node); NodeUpdateSchedulerEvent updateEvent = new NodeUpdateSchedulerEvent(node); scheduler.handle(nodeEvent); @@ -1477,8 +1528,12 @@ public class TestFairScheduler { final String fairChild1 = fairParent + ".fairChild1"; final String fairChild2 = fairParent + ".fairChild2"; - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(8192)); - RMNode node2 = MockNodes.newNodeInfo(1, Resources.createResource(8192)); + RMNode node1 = + MockNodes + .newNodeInfo(1, Resources.createResource(8192), 1, "127.0.0.1"); + RMNode node2 = + MockNodes + .newNodeInfo(1, Resources.createResource(8192), 2, "127.0.0.2"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); NodeAddedSchedulerEvent nodeEvent2 = new NodeAddedSchedulerEvent(node2); @@ -1597,7 +1652,9 @@ public class TestFairScheduler { @Test public void testReservationThatDoesntFit() { - RMNode node1 = MockNodes.newNodeInfo(1, Resources.createResource(1024)); + RMNode node1 = + MockNodes + .newNodeInfo(1, Resources.createResource(1024), 1, "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node1); scheduler.handle(nodeEvent1); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fifo/TestFifoScheduler.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fifo/TestFifoScheduler.java index 0ee3a52c468..4ae3858b17e 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fifo/TestFifoScheduler.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/fifo/TestFifoScheduler.java @@ -56,6 +56,7 @@ import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.AppAddedSch import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.NodeAddedSchedulerEvent; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.NodeUpdateSchedulerEvent; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.event.SchedulerEvent; +import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager; import org.apache.hadoop.yarn.util.BuilderUtils; import org.junit.After; import org.junit.Before; @@ -153,14 +154,17 @@ public class TestFifoScheduler { @Test(timeout=2000) public void testNodeLocalAssignment() throws Exception { AsyncDispatcher dispatcher = new InlineDispatcher(); + RMContainerTokenSecretManager containerTokenSecretManager = + new RMContainerTokenSecretManager(new Configuration()); + containerTokenSecretManager.rollMasterKey(); RMContext rmContext = new RMContextImpl(dispatcher, null, null, null, null, - null, null, null); + null, containerTokenSecretManager, null); FifoScheduler scheduler = new FifoScheduler(); scheduler.reinitialize(new Configuration(), rmContext); RMNode node0 = MockNodes.newNodeInfo(1, - Resources.createResource(1024 * 64), 1234); + Resources.createResource(1024 * 64), 1, "127.0.0.1"); NodeAddedSchedulerEvent nodeEvent1 = new NodeAddedSchedulerEvent(node0); scheduler.handle(nodeEvent1); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesApps.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesApps.java index a75a4373b06..e09915131c2 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesApps.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesApps.java @@ -121,7 +121,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testApps() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); testAppsHelper("apps", app1, MediaType.APPLICATION_JSON); @@ -131,7 +131,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsSlash() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); testAppsHelper("apps/", app1, MediaType.APPLICATION_JSON); @@ -141,7 +141,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsDefault() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); testAppsHelper("apps/", app1, ""); @@ -151,7 +151,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsXML() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024, "testwordcount", "user1"); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -176,7 +176,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsXMLMulti() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024, "testwordcount", "user1"); rm.submitApp(2048, "testwordcount2", "user1"); @@ -220,7 +220,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryState() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -242,7 +242,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryStateNone() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -260,7 +260,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryStateInvalid() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -298,7 +298,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryFinalStatus() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -321,7 +321,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryFinalStatusNone() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -339,7 +339,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryFinalStatusInvalid() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -377,7 +377,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryUser() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); rm.submitApp(1024); @@ -405,7 +405,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryQueue() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); rm.submitApp(1024); @@ -428,7 +428,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryLimit() throws JSONException, Exception { rm.start(); - rm.registerNode("amNM:1234", 2048); + rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); rm.submitApp(1024); rm.submitApp(1024); @@ -451,7 +451,7 @@ public class TestRMWebServicesApps extends JerseyTest { rm.start(); long start = System.currentTimeMillis(); Thread.sleep(1); - rm.registerNode("amNM:1234", 2048); + rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); rm.submitApp(1024); rm.submitApp(1024); @@ -472,7 +472,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryStartBeginSome() throws JSONException, Exception { rm.start(); - rm.registerNode("amNM:1234", 2048); + rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); rm.submitApp(1024); long start = System.currentTimeMillis(); @@ -495,7 +495,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryStartEnd() throws JSONException, Exception { rm.start(); - rm.registerNode("amNM:1234", 2048); + rm.registerNode("127.0.0.1:1234", 2048); long end = System.currentTimeMillis(); Thread.sleep(1); rm.submitApp(1024); @@ -515,7 +515,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryStartBeginEnd() throws JSONException, Exception { rm.start(); - rm.registerNode("amNM:1234", 2048); + rm.registerNode("127.0.0.1:1234", 2048); long start = System.currentTimeMillis(); Thread.sleep(1); rm.submitApp(1024); @@ -541,7 +541,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryFinishBegin() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); long start = System.currentTimeMillis(); Thread.sleep(1); RMApp app1 = rm.submitApp(1024); @@ -573,7 +573,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryFinishEnd() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); // finish App @@ -605,7 +605,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppsQueryFinishBeginEnd() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); long start = System.currentTimeMillis(); Thread.sleep(1); RMApp app1 = rm.submitApp(1024); @@ -640,7 +640,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testSingleApp() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024, "testwordcount", "user1"); amNodeManager.nodeHeartbeat(true); testSingleAppsHelper(app1.getApplicationId().toString(), app1, @@ -651,7 +651,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testSingleAppsSlash() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); testSingleAppsHelper(app1.getApplicationId().toString() + "/", app1, @@ -662,7 +662,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testSingleAppsDefault() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); testSingleAppsHelper(app1.getApplicationId().toString() + "/", app1, ""); @@ -672,7 +672,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testInvalidApp() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -708,7 +708,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testNonexistApp() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024, "testwordcount", "user1"); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -757,7 +757,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testSingleAppsXML() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024, "testwordcount", "user1"); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -858,7 +858,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppAttempts() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024, "testwordcount", "user1"); amNodeManager.nodeHeartbeat(true); testAppAttemptsHelper(app1.getApplicationId().toString(), app1, @@ -869,7 +869,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testMultipleAppAttempts() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024, "testwordcount", "user1"); amNodeManager.nodeHeartbeat(true); int maxAppAttempts = rm.getConfig().getInt( @@ -895,7 +895,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppAttemptsSlash() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); testAppAttemptsHelper(app1.getApplicationId().toString() + "/", app1, @@ -906,7 +906,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppAttemtpsDefault() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); testAppAttemptsHelper(app1.getApplicationId().toString() + "/", app1, ""); @@ -916,7 +916,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testInvalidAppAttempts() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -952,7 +952,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testNonexistAppAttempts() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); rm.submitApp(1024, "testwordcount", "user1"); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); @@ -1014,7 +1014,7 @@ public class TestRMWebServicesApps extends JerseyTest { @Test public void testAppAttemptsXML() throws JSONException, Exception { rm.start(); - MockNM amNodeManager = rm.registerNode("amNM:1234", 2048); + MockNM amNodeManager = rm.registerNode("127.0.0.1:1234", 2048); RMApp app1 = rm.submitApp(1024, "testwordcount", "user1"); amNodeManager.nodeHeartbeat(true); WebResource r = resource(); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/TestContainerManagerSecurity.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/TestContainerManagerSecurity.java index b8cfce272ec..118d8c578c6 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/TestContainerManagerSecurity.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/TestContainerManagerSecurity.java @@ -20,8 +20,6 @@ package org.apache.hadoop.yarn.server; import static org.junit.Assert.fail; -import java.io.File; -import java.io.FileNotFoundException; import java.io.IOException; import java.net.InetSocketAddress; import java.nio.ByteBuffer; @@ -39,14 +37,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.CommonConfigurationKeysPublic; -import org.apache.hadoop.fs.FileContext; -import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.UnsupportedFileSystemException; import org.apache.hadoop.io.DataInputBuffer; import org.apache.hadoop.io.Text; import org.apache.hadoop.ipc.RPC; import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; @@ -85,8 +80,6 @@ import org.apache.hadoop.yarn.server.resourcemanager.security.ApplicationTokenSe import org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager; import org.apache.hadoop.yarn.util.BuilderUtils; import org.apache.hadoop.yarn.util.Records; -import org.junit.AfterClass; -import org.junit.BeforeClass; import org.junit.Test; public class TestContainerManagerSecurity { @@ -94,39 +87,51 @@ public class TestContainerManagerSecurity { static Log LOG = LogFactory.getLog(TestContainerManagerSecurity.class); static final RecordFactory recordFactory = RecordFactoryProvider .getRecordFactory(null); - private static FileContext localFS = null; - private static final File localDir = new File("target", - TestContainerManagerSecurity.class.getName() + "-localDir") - .getAbsoluteFile(); private static MiniYARNCluster yarnCluster; static final Configuration conf = new Configuration(); - @BeforeClass - public static void setup() throws AccessControlException, - FileNotFoundException, UnsupportedFileSystemException, IOException { - localFS = FileContext.getLocalFSFileContext(); - localFS.delete(new Path(localDir.getAbsolutePath()), true); - localDir.mkdir(); - + @Test (timeout = 1000000) + public void testContainerManagerWithSecurityEnabled() throws Exception { conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); - // Set AM expiry interval to be very long. - conf.setLong(YarnConfiguration.RM_AM_EXPIRY_INTERVAL_MS, 100000L); - UserGroupInformation.setConfiguration(conf); - yarnCluster = new MiniYARNCluster(TestContainerManagerSecurity.class - .getName(), 1, 1, 1); - yarnCluster.init(conf); - yarnCluster.start(); + testContainerManager(); } - - @AfterClass - public static void teardown() { - yarnCluster.stop(); + + @Test (timeout=1000000) + public void testContainerManagerWithSecurityDisabled() throws Exception { + conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, + "simple"); + testContainerManager(); } - - @Test - public void testAuthenticatedUser() throws IOException, + + private void testContainerManager() throws Exception { + try { + yarnCluster = new MiniYARNCluster(TestContainerManagerSecurity.class + .getName(), 1, 1, 1); + conf.setLong(YarnConfiguration.RM_AM_EXPIRY_INTERVAL_MS, 100000L); + UserGroupInformation.setConfiguration(conf); + yarnCluster.init(conf); + yarnCluster.start(); + + // Testing for authenticated user + testAuthenticatedUser(); + + // Testing for malicious user + testMaliceUser(); + + // Testing for unauthorized user + testUnauthorizedUser(); + + } finally { + if (yarnCluster != null) { + yarnCluster.stop(); + yarnCluster = null; + } + } + } + + private void testAuthenticatedUser() throws IOException, InterruptedException, YarnRemoteException { LOG.info("Running test for authenticated user"); @@ -178,8 +183,7 @@ public class TestContainerManagerSecurity { resourceManager.getClientRMService().forceKillApplication(request); } - @Test - public void testMaliceUser() throws IOException, InterruptedException, + private void testMaliceUser() throws IOException, InterruptedException, YarnRemoteException { LOG.info("Running test for malice user"); @@ -264,8 +268,7 @@ public class TestContainerManagerSecurity { resourceManager.getClientRMService().forceKillApplication(request); } - @Test - public void testUnauthorizedUser() throws IOException, InterruptedException, + private void testUnauthorizedUser() throws IOException, InterruptedException, YarnRemoteException { LOG.info("\n\nRunning test for malice user"); @@ -315,9 +318,9 @@ public class TestContainerManagerSecurity { LOG.info("Going to contact NM: unauthorized request"); - callWithIllegalContainerID(client, tokenId); - callWithIllegalResource(client, tokenId); - callWithIllegalUserName(client, tokenId); + callWithIllegalContainerID(client, tokenId, allocatedContainer); + callWithIllegalResource(client, tokenId, allocatedContainer); + callWithIllegalUserName(client, tokenId, allocatedContainer); return client; } @@ -335,10 +338,11 @@ public class TestContainerManagerSecurity { resourceManager.getRMContainerTokenSecretManager(); final ContainerTokenIdentifier newTokenId = new ContainerTokenIdentifier(tokenId.getContainerID(), - tokenId.getNmHostAddress(), "testUser", tokenId.getResource(), - System.currentTimeMillis() - 1, - containerTokenSecreteManager.getCurrentKey().getKeyId()); - byte[] passowrd = + tokenId.getNmHostAddress(), tokenId.getApplicationSubmitter(), + tokenId.getResource(), + System.currentTimeMillis() - 1, + containerTokenSecreteManager.getCurrentKey().getKeyId()); + final byte[] passowrd = containerTokenSecreteManager.createPassword( newTokenId); // Create a valid token by using the key from the RM. @@ -357,13 +361,12 @@ public class TestContainerManagerSecurity { LOG.info("Going to contact NM with expired token"); ContainerLaunchContext context = createContainerLaunchContextForTest(newTokenId); - Container container = - BuilderUtils.newContainer(newTokenId.getContainerID(), null, null, - BuilderUtils.newResource(newTokenId.getResource().getMemory(), - newTokenId.getResource().getVirtualCores()), null, null, 0); - StartContainerRequest request = Records.newRecord(StartContainerRequest.class); + StartContainerRequest request = + Records.newRecord(StartContainerRequest.class); request.setContainerLaunchContext(context); - request.setContainer(container); + allocatedContainer.setContainerToken(BuilderUtils.newContainerToken( + allocatedContainer.getNodeId(), passowrd, newTokenId)); + request.setContainer(allocatedContainer); //Calling startContainer with an expired token. try { @@ -447,17 +450,19 @@ public class TestContainerManagerSecurity { // Ask for a container from the RM final InetSocketAddress schedulerAddr = resourceManager.getApplicationMasterService().getBindAddress(); - ApplicationTokenIdentifier appTokenIdentifier = new ApplicationTokenIdentifier( - appAttempt.getAppAttemptId()); - ApplicationTokenSecretManager appTokenSecretManager = - new ApplicationTokenSecretManager(conf); - appTokenSecretManager.setMasterKey(resourceManager - .getApplicationTokenSecretManager().getMasterKey()); - Token appToken = - new Token(appTokenIdentifier, - appTokenSecretManager); - SecurityUtil.setTokenService(appToken, schedulerAddr); - currentUser.addToken(appToken); + if (UserGroupInformation.isSecurityEnabled()) { + ApplicationTokenIdentifier appTokenIdentifier = new ApplicationTokenIdentifier( + appAttempt.getAppAttemptId()); + ApplicationTokenSecretManager appTokenSecretManager = + new ApplicationTokenSecretManager(conf); + appTokenSecretManager.setMasterKey(resourceManager + .getApplicationTokenSecretManager().getMasterKey()); + Token appToken = + new Token(appTokenIdentifier, + appTokenSecretManager); + SecurityUtil.setTokenService(appToken, schedulerAddr); + currentUser.addToken(appToken); + } AMRMProtocol scheduler = currentUser .doAs(new PrivilegedAction() { @@ -513,16 +518,20 @@ public class TestContainerManagerSecurity { } void callWithIllegalContainerID(ContainerManager client, - ContainerTokenIdentifier tokenId) { - GetContainerStatusRequest request = recordFactory - .newRecordInstance(GetContainerStatusRequest.class); + ContainerTokenIdentifier tokenId, Container container) { + StartContainerRequest request = recordFactory + .newRecordInstance(StartContainerRequest.class); + ContainerLaunchContext context = + createContainerLaunchContextForTest(tokenId); ContainerId newContainerId = BuilderUtils.newContainerId(BuilderUtils .newApplicationAttemptId(tokenId.getContainerID() .getApplicationAttemptId().getApplicationId(), 1), 42); - request.setContainerId(newContainerId); // Authenticated but - // unauthorized. + ContainerId oldContainerId = container.getId(); try { - client.getContainerStatus(request); + container.setId(newContainerId); + request.setContainer(container); + request.setContainerLaunchContext(context); + client.startContainer(request); fail("Connection initiation with unauthorized " + "access is expected to fail."); } catch (YarnRemoteException e) { @@ -534,19 +543,20 @@ public class TestContainerManagerSecurity { } catch (IOException e) { LOG.info("Got IOException: ",e); fail("IOException is not expected."); + } finally { + container.setId(oldContainerId); } } void callWithIllegalResource(ContainerManager client, - ContainerTokenIdentifier tokenId) { + ContainerTokenIdentifier tokenId, Container container) { StartContainerRequest request = recordFactory .newRecordInstance(StartContainerRequest.class); // Authenticated but unauthorized, due to wrong resource ContainerLaunchContext context = createContainerLaunchContextForTest(tokenId); - Container container = - BuilderUtils.newContainer(tokenId.getContainerID(), null, null, - BuilderUtils.newResource(2048, 1), null, null, 0); + Resource rsrc = container.getResource(); + container.setResource(BuilderUtils.newResource(2048, 1)); request.setContainerLaunchContext(context); request.setContainer(container); try { @@ -564,20 +574,17 @@ public class TestContainerManagerSecurity { LOG.info("Got IOException: ",e); fail("IOException is not expected."); } + container.setResource(rsrc); } void callWithIllegalUserName(ContainerManager client, - ContainerTokenIdentifier tokenId) { + ContainerTokenIdentifier tokenId, Container container) { StartContainerRequest request = recordFactory .newRecordInstance(StartContainerRequest.class); // Authenticated but unauthorized, due to wrong resource ContainerLaunchContext context = createContainerLaunchContextForTest(tokenId); context.setUser("Saruman"); // Set a different user-name. - Container container = - BuilderUtils.newContainer(tokenId.getContainerID(), null, null, - BuilderUtils.newResource(tokenId.getResource().getMemory(), tokenId - .getResource().getVirtualCores()), null, null, 0); request.setContainerLaunchContext(context); request.setContainer(container); try { @@ -601,7 +608,8 @@ public class TestContainerManagerSecurity { ContainerTokenIdentifier tokenId) { ContainerLaunchContext context = BuilderUtils.newContainerLaunchContext( - "testUser", new HashMap(), + tokenId.getApplicationSubmitter(), + new HashMap(), new HashMap(), new ArrayList(), new HashMap(), null, new HashMap()); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/TestRMNMSecretKeys.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/TestRMNMSecretKeys.java index 9d0fb0c6cb4..f354211bd31 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/TestRMNMSecretKeys.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/TestRMNMSecretKeys.java @@ -37,17 +37,25 @@ import org.junit.Test; public class TestRMNMSecretKeys { - @Test + @Test(timeout = 1000000) public void testNMUpdation() throws Exception { YarnConfiguration conf = new YarnConfiguration(); + // validating RM NM keys for Unsecured environment + validateRMNMKeyExchange(conf); + + // validating RM NM keys for secured environment conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, - "kerberos"); + "kerberos"); UserGroupInformation.setConfiguration(conf); + validateRMNMKeyExchange(conf); + } + + private void validateRMNMKeyExchange(YarnConfiguration conf) throws Exception { // Default rolling and activation intervals are large enough, no need to // intervene - final DrainDispatcher dispatcher = new DrainDispatcher(); ResourceManager rm = new ResourceManager() { + @Override protected void doSecureLogin() throws IOException { // Do nothing. @@ -69,15 +77,15 @@ public class TestRMNMSecretKeys { NodeHeartbeatResponse response = nm.nodeHeartbeat(true); Assert.assertNull( - "First heartbeat after registration shouldn't get any key updates!", - response.getMasterKey()); + "First heartbeat after registration shouldn't get any key updates!", + response.getMasterKey()); dispatcher.await(); response = nm.nodeHeartbeat(true); Assert - .assertNull( - "Even second heartbeat after registration shouldn't get any key updates!", - response.getMasterKey()); + .assertNull( + "Even second heartbeat after registration shouldn't get any key updates!", + response.getMasterKey()); dispatcher.await(); // Let's force a roll-over @@ -88,17 +96,17 @@ public class TestRMNMSecretKeys { // Heartbeats after roll-over and before activation should be fine. response = nm.nodeHeartbeat(true); Assert.assertNotNull( - "Heartbeats after roll-over and before activation should not err out.", - response.getMasterKey()); + "Heartbeats after roll-over and before activation should not err out.", + response.getMasterKey()); Assert.assertEquals( - "Roll-over should have incremented the key-id only by one!", - masterKey.getKeyId() + 1, response.getMasterKey().getKeyId()); + "Roll-over should have incremented the key-id only by one!", + masterKey.getKeyId() + 1, response.getMasterKey().getKeyId()); dispatcher.await(); response = nm.nodeHeartbeat(true); Assert.assertNull( - "Second heartbeat after roll-over shouldn't get any key updates!", - response.getMasterKey()); + "Second heartbeat after roll-over shouldn't get any key updates!", + response.getMasterKey()); dispatcher.await(); // Let's force activation @@ -106,13 +114,14 @@ public class TestRMNMSecretKeys { response = nm.nodeHeartbeat(true); Assert.assertNull("Activation shouldn't cause any key updates!", - response.getMasterKey()); + response.getMasterKey()); dispatcher.await(); response = nm.nodeHeartbeat(true); - Assert.assertNull( - "Even second heartbeat after activation shouldn't get any key updates!", - response.getMasterKey()); + Assert + .assertNull( + "Even second heartbeat after activation shouldn't get any key updates!", + response.getMasterKey()); dispatcher.await(); rm.stop();