YARN-2971. RM uses conf instead of token service address to renew timeline delegation tokens (jeagles)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/af084258 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/af084258 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/af084258 Branch: refs/heads/YARN-2928 Commit: af0842589359ad800427337ad2c84fac09907f72 Parents: aab459c Author: Jonathan Eagles <jeag...@gmail.com> Authored: Mon Feb 9 17:56:05 2015 -0600 Committer: Jonathan Eagles <jeag...@gmail.com> Committed: Mon Feb 9 17:56:05 2015 -0600 ---------------------------------------------------------------------- hadoop-yarn-project/CHANGES.txt | 3 +++ .../client/api/impl/TimelineClientImpl.java | 22 ++++++++++++++------ .../client/api/impl/TestTimelineClient.java | 14 +++++++++++-- 3 files changed, 31 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/af084258/hadoop-yarn-project/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index 578a8cc..634a0e7 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -519,6 +519,9 @@ Release 2.7.0 - UNRELEASED YARN-3094. Reset timer for liveness monitors after RM recovery. (Jun Gong via jianhe) + YARN-2971. RM uses conf instead of token service address to renew timeline + delegation tokens (jeagles) + Release 2.6.0 - 2014-11-18 INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/af084258/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java index de9d8da..0b88632 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java @@ -23,6 +23,7 @@ import java.io.IOException; import java.lang.reflect.UndeclaredThrowableException; import java.net.ConnectException; import java.net.HttpURLConnection; +import java.net.InetSocketAddress; import java.net.URI; import java.net.URL; import java.net.URLConnection; @@ -45,6 +46,7 @@ import org.apache.hadoop.classification.InterfaceAudience.Private; import org.apache.hadoop.classification.InterfaceStability.Unstable; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.authentication.client.ConnectionConfigurator; import org.apache.hadoop.security.ssl.SSLFactory; import org.apache.hadoop.security.token.Token; @@ -373,12 +375,14 @@ public class TimelineClientImpl extends TimelineClient { == UserGroupInformation.AuthenticationMethod.PROXY; final String doAsUser = isProxyAccess ? UserGroupInformation.getCurrentUser().getShortUserName() : null; + boolean useHttps = YarnConfiguration.useHttps(this.getConfig()); + final String scheme = useHttps ? "https" : "http"; + final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT); PrivilegedExceptionAction<Long> renewDTAction = new PrivilegedExceptionAction<Long>() { @Override - public Long run() - throws Exception { + public Long run() throws Exception { // If the timeline DT to renew is different than cached, replace it. // Token to set every time for retry, because when exception happens, // DelegationTokenAuthenticatedURL will reset it to null; @@ -388,8 +392,10 @@ public class TimelineClientImpl extends TimelineClient { DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); + final URI serviceURI = new URI(scheme, null, address.getHostName(), + address.getPort(), RESOURCE_URI_STR, null, null); return authUrl - .renewDelegationToken(resURI.toURL(), token, doAsUser); + .renewDelegationToken(serviceURI.toURL(), token, doAsUser); } }; return (Long) operateDelegationToken(renewDTAction); @@ -405,12 +411,14 @@ public class TimelineClientImpl extends TimelineClient { == UserGroupInformation.AuthenticationMethod.PROXY; final String doAsUser = isProxyAccess ? UserGroupInformation.getCurrentUser().getShortUserName() : null; + boolean useHttps = YarnConfiguration.useHttps(this.getConfig()); + final String scheme = useHttps ? "https" : "http"; + final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT); PrivilegedExceptionAction<Void> cancelDTAction = new PrivilegedExceptionAction<Void>() { @Override - public Void run() - throws Exception { + public Void run() throws Exception { // If the timeline DT to cancel is different than cached, replace it. // Token to set every time for retry, because when exception happens, // DelegationTokenAuthenticatedURL will reset it to null; @@ -420,7 +428,9 @@ public class TimelineClientImpl extends TimelineClient { DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); - authUrl.cancelDelegationToken(resURI.toURL(), token, doAsUser); + final URI serviceURI = new URI(scheme, null, address.getHostName(), + address.getPort(), RESOURCE_URI_STR, null, null); + authUrl.cancelDelegationToken(serviceURI.toURL(), token, doAsUser); return null; } }; http://git-wip-us.apache.org/repos/asf/hadoop/blob/af084258/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java index c8027a2..859a6c9 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java @@ -238,7 +238,10 @@ public class TestTimelineClient { new TimelineDelegationTokenIdentifier( new Text("tester"), new Text("tester"), new Text("tester")); client.renewDelegationToken( - new Token<TimelineDelegationTokenIdentifier>(timelineDT, dtManager)); + new Token<TimelineDelegationTokenIdentifier>(timelineDT.getBytes(), + dtManager.createPassword(timelineDT), + timelineDT.getKind(), + new Text("0.0.0.0:8188"))); assertFail(); } catch (RuntimeException ce) { assertException(client, ce); @@ -250,7 +253,10 @@ public class TestTimelineClient { new TimelineDelegationTokenIdentifier( new Text("tester"), new Text("tester"), new Text("tester")); client.cancelDelegationToken( - new Token<TimelineDelegationTokenIdentifier>(timelineDT, dtManager)); + new Token<TimelineDelegationTokenIdentifier>(timelineDT.getBytes(), + dtManager.createPassword(timelineDT), + timelineDT.getKind(), + new Text("0.0.0.0:8188"))); assertFail(); } catch (RuntimeException ce) { assertException(client, ce); @@ -371,5 +377,9 @@ public class TestTimelineClient { return new TimelineDelegationTokenIdentifier(); } + @Override + public synchronized byte[] createPassword(TimelineDelegationTokenIdentifier identifier) { + return super.createPassword(identifier); + } } }
