YARN-5975. Remove the agent - slider AM ssl related code. Contributed by Jian He
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f04eb020 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f04eb020 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f04eb020 Branch: refs/heads/yarn-native-services Commit: f04eb0208c7427a413800d751c58bfb4ac9a4ac2 Parents: fc259d5 Author: Billie Rinaldi <bil...@apache.org> Authored: Tue Dec 13 10:16:09 2016 -0800 Committer: Billie Rinaldi <bil...@apache.org> Committed: Tue Dec 13 10:23:57 2016 -0800 ---------------------------------------------------------------------- .../slider/api/SliderClusterProtocol.java | 3 - .../slider/api/proto/RestTypeMarshalling.java | 36 -- .../org/apache/slider/client/SliderClient.java | 80 --- .../client/ipc/SliderClusterOperations.java | 28 +- .../slider/common/params/ActionClientArgs.java | 31 +- .../apache/slider/providers/ProviderUtils.java | 141 ----- .../providers/docker/DockerProviderService.java | 5 - .../server/appmaster/SliderAppMaster.java | 18 +- .../rpc/SliderClusterProtocolPBImpl.java | 12 - .../rpc/SliderClusterProtocolProxy.java | 18 +- .../server/appmaster/rpc/SliderIPCService.java | 54 +- .../slider/server/appmaster/web/WebAppApi.java | 23 - .../server/appmaster/web/WebAppApiImpl.java | 37 +- .../AbstractSecurityStoreGenerator.java | 98 ---- .../services/security/CertificateManager.java | 495 ----------------- .../services/security/KeystoreGenerator.java | 64 --- .../server/services/security/SecurityStore.java | 66 --- .../security/SecurityStoreGenerator.java | 40 -- .../server/services/security/SecurityUtils.java | 256 --------- .../services/security/SignCertResponse.java | 67 --- .../server/services/security/SignMessage.java | 54 -- .../services/security/StoresGenerator.java | 68 --- .../services/security/TruststoreGenerator.java | 62 --- .../src/main/proto/SliderClusterProtocol.proto | 6 - .../security/TestCertificateManager.java | 540 ------------------- .../TestMultiThreadedStoreGeneration.java | 156 ------ 26 files changed, 14 insertions(+), 2444 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java index 33fce22..893e706 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java @@ -173,7 +173,4 @@ public interface SliderClusterProtocol extends VersionedProtocol { Messages.WrappedJsonProto getModelResolvedResources(Messages.EmptyPayloadProto request) throws IOException; Messages.WrappedJsonProto getLiveResources(Messages.EmptyPayloadProto request) throws IOException; - - Messages.GetCertificateStoreResponseProto getClientCertificateStore(Messages.GetCertificateStoreRequestProto request) - throws IOException; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java index 17fd965..ec35028 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java @@ -18,8 +18,6 @@ package org.apache.slider.api.proto; -import com.google.protobuf.ByteString; -import org.apache.commons.io.IOUtils; import org.apache.slider.api.types.ApplicationLivenessInformation; import org.apache.slider.api.types.ComponentInformation; import org.apache.slider.api.types.ContainerInformation; @@ -30,15 +28,10 @@ import org.apache.slider.core.conf.ConfTree; import org.apache.slider.core.conf.ConfTreeOperations; import org.apache.slider.core.persist.AggregateConfSerDeser; import org.apache.slider.core.persist.ConfTreeSerDeser; -import org.apache.slider.server.services.security.SecurityStore; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; -import java.io.InputStream; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -95,35 +88,6 @@ public class RestTypeMarshalling { } return info; } - - public static Messages.GetCertificateStoreResponseProto marshall( - SecurityStore securityStore) throws IOException { - Messages.GetCertificateStoreResponseProto.Builder builder = - Messages.GetCertificateStoreResponseProto.newBuilder(); - builder.setStore(ByteString.copyFrom(getStoreBytes(securityStore))); - - return builder.build(); - } - - private static byte[] getStoreBytes(SecurityStore securityStore) - throws IOException { - InputStream is = null; - byte[] storeBytes; - try { - is = new FileInputStream(securityStore.getFile()); - storeBytes = IOUtils.toByteArray(is); - } finally { - if (is != null) { - is.close(); - } - } - return storeBytes; - } - - public static byte[] unmarshall(Messages.GetCertificateStoreResponseProto response) { - return response.getStore().toByteArray(); - } - public static Messages.ComponentInformationProto marshall(ComponentInformation info) { Messages.ComponentInformationProto.Builder builder = http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java index 12f7870..ef45d10 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java @@ -168,7 +168,6 @@ import org.apache.slider.providers.docker.DockerClientProvider; import org.apache.slider.providers.slideram.SliderAMClientProvider; import org.apache.slider.server.appmaster.SliderAppMaster; import org.apache.slider.server.appmaster.rpc.RpcBinder; -import org.apache.slider.server.services.security.SecurityStore; import org.apache.slider.server.services.utility.AbstractSliderLaunchedService; import org.apache.zookeeper.CreateMode; import org.apache.zookeeper.KeeperException; @@ -1223,8 +1222,6 @@ public class SliderClient extends AbstractSliderLaunchedService implements RunSe IOException { if (clientInfo.install) { return doClientInstall(clientInfo); - } else if (clientInfo.getCertStore) { - return doCertificateStoreRetrieval(clientInfo); } else { throw new BadCommandArgumentsException( "Only install, keystore, and truststore commands are supported for the client.\n" @@ -1233,83 +1230,6 @@ public class SliderClient extends AbstractSliderLaunchedService implements RunSe } } - private int doCertificateStoreRetrieval(ActionClientArgs clientInfo) - throws YarnException, IOException { - if (clientInfo.keystore != null && clientInfo.truststore != null) { - throw new BadCommandArgumentsException( - "Only one of either keystore or truststore can be retrieved at one time. " - + "Retrieval of both should be done separately\n" - + CommonArgs.usage(serviceArgs, ACTION_CLIENT)); - } - - requireArgumentSet(Arguments.ARG_NAME, clientInfo.name); - - File storeFile = null; - SecurityStore.StoreType type; - if (clientInfo.keystore != null) { - storeFile = clientInfo.keystore; - type = SecurityStore.StoreType.keystore; - } else { - storeFile = clientInfo.truststore; - type = SecurityStore.StoreType.truststore; - } - - require (!storeFile.exists(), - "File %s already exists. Please remove that file or select a different file name.", - storeFile.getAbsolutePath()); - String hostname = null; - if (type == SecurityStore.StoreType.keystore) { - hostname = clientInfo.hostname; - if (hostname == null) { - hostname = InetAddress.getLocalHost().getCanonicalHostName(); - log.info("No hostname specified via command line. Using {}", hostname); - } - } - - String password = clientInfo.password; - if (password == null) { - String provider = clientInfo.provider; - String alias = clientInfo.alias; - if (provider != null && alias != null) { - Configuration conf = new Configuration(getConfig()); - conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider); - char[] chars = conf.getPassword(alias); - if (chars == null) { - CredentialProvider credentialProvider = - CredentialProviderFactory.getProviders(conf).get(0); - chars = readOnePassword(alias); - credentialProvider.createCredentialEntry(alias, chars); - credentialProvider.flush(); - } - password = String.valueOf(chars); - Arrays.fill(chars, ' '); - } else { - log.info("No password and no provider/alias pair were provided, " + - "prompting for password"); - // get a password - password = String.valueOf(readOnePassword(type.name())); - } - } - - byte[] keystore = createClusterOperations(clientInfo.name) - .getClientCertificateStore(hostname, "client", password, type.name()); - // persist to file - FileOutputStream storeFileOutputStream = null; - try { - storeFileOutputStream = new FileOutputStream(storeFile); - IOUtils.write(keystore, storeFileOutputStream); - } catch (Exception e) { - log.error("Unable to persist to file {}", storeFile); - throw e; - } finally { - if (storeFileOutputStream != null) { - storeFileOutputStream.close(); - } - } - - return EXIT_SUCCESS; - } - private int doClientInstall(ActionClientArgs clientInfo) throws IOException, SliderException { http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java index 392f451..eaf15e6 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java @@ -19,17 +19,12 @@ package org.apache.slider.client.ipc; import com.google.common.annotations.VisibleForTesting; -import com.google.common.base.Preconditions; -import org.apache.hadoop.yarn.api.records.NodeReport; -import org.apache.hadoop.yarn.api.records.NodeState; import org.apache.hadoop.yarn.exceptions.YarnException; import org.apache.slider.api.ClusterDescription; import org.apache.slider.api.ClusterNode; import org.apache.slider.api.SliderClusterProtocol; import org.apache.slider.api.StateValues; import org.apache.slider.api.proto.Messages; - -import static org.apache.slider.api.proto.RestTypeMarshalling.*; import org.apache.slider.api.types.ApplicationLivenessInformation; import org.apache.slider.api.types.ComponentInformation; import org.apache.slider.api.types.ContainerInformation; @@ -37,7 +32,6 @@ import org.apache.slider.api.types.NodeInformation; import org.apache.slider.api.types.NodeInformationList; import org.apache.slider.api.types.PingInformation; import org.apache.slider.common.tools.Duration; -import org.apache.slider.common.tools.SliderUtils; import org.apache.slider.core.conf.AggregateConf; import org.apache.slider.core.conf.ConfTree; import org.apache.slider.core.conf.ConfTreeOperations; @@ -45,8 +39,6 @@ import org.apache.slider.core.exceptions.NoSuchNodeException; import org.apache.slider.core.exceptions.SliderException; import org.apache.slider.core.exceptions.WaitTimeoutException; import org.apache.slider.core.persist.ConfTreeSerDeser; -import org.apache.slider.server.services.security.SecurityStore; -import org.apache.slider.server.services.security.SignCertResponse; import org.codehaus.jackson.JsonParseException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -59,6 +51,8 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import static org.apache.slider.api.proto.RestTypeMarshalling.*; + /** * Cluster operations at a slightly higher level than the RPC code */ @@ -508,22 +502,4 @@ public class SliderClusterOperations { ); return unmarshall(proto); } - - public byte[] getClientCertificateStore(String hostname, String clientId, - String password, String type) throws IOException { - Messages.GetCertificateStoreRequestProto.Builder - builder = Messages.GetCertificateStoreRequestProto.newBuilder(); - if (hostname != null) { - builder.setHostname(hostname); - } - Messages.GetCertificateStoreRequestProto requestProto = - builder.setRequesterId(clientId) - .setPassword(password) - .setType(type) - .build(); - Messages.GetCertificateStoreResponseProto response = - appMaster.getClientCertificateStore(requestProto); - - return unmarshall(response); - } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java index 85d39ea..09e2b62 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java @@ -37,39 +37,10 @@ public class ActionClientArgs extends AbstractActionArgs { description = "Install client") public boolean install; - @Parameter(names = {ARG_GETCERTSTORE}, - description = "Get a certificate store") - public boolean getCertStore; - - @Parameter(names = {ARG_KEYSTORE}, - description = "Retrieve keystore to specified location") - public File keystore; - - @Parameter(names = {ARG_TRUSTSTORE}, - description = "Retrieve truststore to specified location") - public File truststore; - - @Parameter(names = {ARG_HOSTNAME}, - description = "(Optional) Specify the hostname to use for generation of keystore certificate") - public String hostname; - @Parameter(names = {ARG_NAME}, description = "The name of the application") public String name; - @Parameter(names = {ARG_PROVIDER}, - description = "The credential provider in which the password is stored") - public String provider; - - @Parameter(names = {ARG_ALIAS}, - description = "The credential provider alias associated with the password") - public String alias; - - @Parameter(names = {ARG_PASSWORD}, - description = "The certificate store password (alternative to " + - "provider/alias; if password is specified, those will be ignored)") - public String password; - @Parameter(names = {ARG_PACKAGE}, description = "Path to app package") public String packageURI; @@ -95,4 +66,4 @@ public class ActionClientArgs extends AbstractActionArgs { public int getMaxParams() { return 1; } -} \ No newline at end of file +} http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java index bc237f5..cff5ed8 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java @@ -30,7 +30,6 @@ import org.apache.hadoop.registry.client.types.ServiceRecord; import org.apache.hadoop.registry.client.types.yarn.PersistencePolicies; import org.apache.hadoop.registry.client.types.yarn.YarnRegistryAttributes; import org.apache.hadoop.util.StringUtils; -import org.apache.hadoop.yarn.api.records.Container; import org.apache.hadoop.yarn.api.records.LocalResource; import org.apache.hadoop.yarn.api.records.LocalResourceType; import org.apache.slider.api.ClusterNode; @@ -38,7 +37,6 @@ import org.apache.slider.api.InternalKeys; import org.apache.slider.api.OptionKeys; import org.apache.slider.api.ResourceKeys; import org.apache.slider.api.RoleKeys; -import org.apache.slider.common.SliderExitCodes; import org.apache.slider.common.SliderKeys; import org.apache.slider.common.SliderXmlConfKeys; import org.apache.slider.common.tools.SliderFileSystem; @@ -59,9 +57,6 @@ import org.apache.slider.core.registry.docstore.PublishedConfigurationOutputter; import org.apache.slider.core.registry.docstore.PublishedExports; import org.apache.slider.server.appmaster.state.RoleInstance; import org.apache.slider.server.appmaster.state.StateAccessForProviders; -import org.apache.slider.server.services.security.CertificateManager; -import org.apache.slider.server.services.security.SecurityStore; -import org.apache.slider.server.services.security.StoresGenerator; import org.apache.slider.server.services.yarnregistry.YarnRegistryViewForProviders; import org.slf4j.Logger; @@ -398,61 +393,6 @@ public class ProviderUtils implements RoleKeys, SliderKeys { } } - /** - * Return whether two-way SSL is enabled for Agent / AM communication. - * @param amComponent component specification - * @return true if enabled - */ - public boolean hasTwoWaySSLEnabled(MapOperations amComponent) { - return amComponent != null ? - amComponent.getOptionBool(TWO_WAY_SSL_ENABLED, false) : false; - } - - /** - * Generate and localize SSL certs for Agent / AM communication - * @param launcher container launcher - * @param container allocated container information - * @param fileSystem file system - * @param clusterName app name - * @throws SliderException certs cannot be generated/uploaded - */ - public void localizeContainerSSLResources(ContainerLauncher launcher, - Container container, SliderFileSystem fileSystem, String clusterName) - throws SliderException { - try { - // localize server cert - Path certsDir = fileSystem.buildClusterSecurityDirPath(clusterName); - LocalResource certResource = fileSystem.createAmResource( - new Path(certsDir, CRT_FILE_NAME), - LocalResourceType.FILE); - launcher.addLocalResource(CERT_FILE_LOCALIZATION_PATH, certResource); - - // generate and localize agent cert - CertificateManager certMgr = new CertificateManager(); - String hostname = container.getNodeId().getHost(); - String containerId = container.getId().toString(); - certMgr.generateContainerCertificate(hostname, containerId); - LocalResource agentCertResource = fileSystem.createAmResource( - uploadSecurityResource( - CertificateManager.getAgentCertficateFilePath(containerId), - fileSystem, clusterName), LocalResourceType.FILE); - // still using hostname as file name on the agent side, but the files - // do end up under the specific container's file space - launcher.addLocalResource(INFRA_RUN_SECURITY_DIR + hostname + - ".crt", agentCertResource); - LocalResource agentKeyResource = fileSystem.createAmResource( - uploadSecurityResource( - CertificateManager.getAgentKeyFilePath(containerId), fileSystem, - clusterName), - LocalResourceType.FILE); - launcher.addLocalResource(INFRA_RUN_SECURITY_DIR + hostname + - ".key", agentKeyResource); - - } catch (Exception e) { - throw new SliderException(SliderExitCodes.EXIT_DEPLOYMENT_FAILED, e, - "Unable to localize certificates. Two-way SSL cannot be enabled"); - } - } /** * Upload a local file to the cluster security dir in HDFS. If the file @@ -707,87 +647,6 @@ public class ProviderUtils implements RoleKeys, SliderKeys { } /** - * Generate and localize security stores requested by the app. Also perform - * last-minute substitution of cluster name into credentials strings. - * @param launcher container launcher - * @param container allocated container information - * @param role component name - * @param fileSystem file system - * @param instanceDefinition app specification - * @param compOps component specification - * @param clusterName app name - * @throws SliderException stores cannot be generated/uploaded - * @throws IOException stores cannot be generated/uploaded - */ - public void localizeContainerSecurityStores(ContainerLauncher launcher, - Container container, - String role, - SliderFileSystem fileSystem, - AggregateConf instanceDefinition, - MapOperations compOps, - String clusterName) - throws SliderException, IOException { - // substitute CLUSTER_NAME into credentials - Map<String,List<String>> newcred = new HashMap<>(); - for (Entry<String,List<String>> entry : - instanceDefinition.getAppConf().credentials.entrySet()) { - List<String> resultList = new ArrayList<>(); - for (String v : entry.getValue()) { - resultList.add(v.replaceAll(Pattern.quote("${CLUSTER_NAME}"), - clusterName).replaceAll(Pattern.quote("${CLUSTER}"), - clusterName)); - } - newcred.put(entry.getKey().replaceAll(Pattern.quote("${CLUSTER_NAME}"), - clusterName).replaceAll(Pattern.quote("${CLUSTER}"), - clusterName), - resultList); - } - instanceDefinition.getAppConf().credentials = newcred; - - // generate and localize security stores - SecurityStore[] stores = generateSecurityStores(container, role, - instanceDefinition, compOps); - for (SecurityStore store : stores) { - LocalResource keystoreResource = fileSystem.createAmResource( - uploadSecurityResource(store.getFile(), fileSystem, clusterName), - LocalResourceType.FILE); - launcher.addLocalResource(String.format("secstores/%s-%s.p12", - store.getType(), role), - keystoreResource); - } - } - - /** - * Generate security stores requested by the app. - * @param container allocated container information - * @param role component name - * @param instanceDefinition app specification - * @param compOps component specification - * @return security stores - * @throws SliderException stores cannot be generated - * @throws IOException stores cannot be generated - */ - private SecurityStore[] generateSecurityStores(Container container, - String role, - AggregateConf instanceDefinition, - MapOperations compOps) - throws SliderException, IOException { - return StoresGenerator.generateSecurityStores( - container.getNodeId().getHost(), container.getId().toString(), - role, instanceDefinition, compOps); - } - - /** - * Return whether security stores are requested by the app. - * @param compOps component specification - * @return true if stores are requested - */ - public boolean areStoresRequested(MapOperations compOps) { - return compOps != null ? compOps. - getOptionBool(COMP_STORES_REQUIRED_KEY, false) : false; - } - - /** * Localize application tarballs and other resources requested by the app. * @param launcher container launcher * @param fileSystem file system http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java index e4a7cdf..1482062 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java @@ -165,11 +165,6 @@ public class DockerProviderService extends AbstractProviderService implements fileSystem, getClusterName()); } - if (providerUtils.areStoresRequested(appComponent)) { - providerUtils.localizeContainerSecurityStores(launcher, container, - roleName, fileSystem, instanceDefinition, appComponent, getClusterName()); - } - if (appComponent.getOptionBool(AM_CONFIG_GENERATION, false)) { // build and localize configuration files Map<String, Map<String, String>> configurations = http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java index 8c39343..74dbc88 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java @@ -26,8 +26,6 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.fs.Path; -import org.apache.hadoop.fs.permission.FsAction; -import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.hdfs.HdfsConfiguration; import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; import org.apache.hadoop.http.HttpConfig; @@ -155,7 +153,6 @@ import org.apache.slider.server.appmaster.web.rest.InsecureAmFilterInitializer; import org.apache.slider.server.appmaster.web.rest.RestPaths; import org.apache.slider.server.appmaster.web.rest.application.ApplicationResouceContentCacheFactory; import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache; -import org.apache.slider.server.services.security.CertificateManager; import org.apache.slider.server.services.utility.AbstractSliderLaunchedService; import org.apache.slider.server.services.utility.WebAppService; import org.apache.slider.server.services.workflow.ServiceThreadFactory; @@ -373,7 +370,6 @@ public class SliderAppMaster extends AbstractSliderLaunchedService @SuppressWarnings("FieldAccessedSynchronizedAndUnsynchronized") private InetSocketAddress rpcServiceAddress; private SliderAMProviderService sliderAMProvider; - private CertificateManager certificateManager; /** * Executor. @@ -732,8 +728,6 @@ public class SliderAppMaster extends AbstractSliderLaunchedService } } - certificateManager = new CertificateManager(); - //bring up the Slider RPC service buildPortScanner(instanceDefinition); startSliderRPCServer(instanceDefinition); @@ -757,18 +751,12 @@ public class SliderAppMaster extends AbstractSliderLaunchedService // Start up the WebApp and track the URL for it MapOperations component = instanceDefinition.getAppConfOperations() .getComponent(SliderKeys.COMPONENT_AM); - certificateManager.initialize(component, appMasterHostname, - appMasterContainerID.toString(), - clustername); - certificateManager.setPassphrase(instanceDefinition.getPassphrase()); // Web service endpoints: initialize WebAppApiImpl webAppApi = new WebAppApiImpl( stateForProviders, - providerService, - certificateManager, - registryOperations, + providerService, registryOperations, metricsAndMonitoring, actionQueues, this, @@ -1551,9 +1539,7 @@ public class SliderAppMaster extends AbstractSliderLaunchedService verifyIPCAccess(); sliderIPCService = new SliderIPCService( - this, - certificateManager, - stateForProviders, + this, stateForProviders, actionQueues, metricsAndMonitoring, contentCache); http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java index f0d9063..fbd408e 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java @@ -303,16 +303,4 @@ public class SliderClusterProtocolPBImpl implements SliderClusterProtocolPB { throw wrap(e); } } - - @Override - public Messages.GetCertificateStoreResponseProto getClientCertificateStore( - RpcController controller, - Messages.GetCertificateStoreRequestProto request) - throws ServiceException { - try { - return real.getClientCertificateStore(request); - } catch (Exception e) { - throw wrap(e); - } - } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java index b230816..448c6f3 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java @@ -88,10 +88,9 @@ public class SliderClusterProtocolProxy implements SliderClusterProtocol { return ioe; } - @Override - public Messages.StopClusterResponseProto stopCluster(Messages.StopClusterRequestProto request) throws - IOException, - YarnException { + @Override public Messages.StopClusterResponseProto stopCluster( + Messages.StopClusterRequestProto request) + throws IOException, YarnException { try { return endpoint.stopCluster(NULL_CONTROLLER, request); } catch (ServiceException e) { @@ -343,16 +342,5 @@ public class SliderClusterProtocolProxy implements SliderClusterProtocol { } catch (ServiceException e) { throw convert(e); } - - } - - @Override - public Messages.GetCertificateStoreResponseProto getClientCertificateStore(Messages.GetCertificateStoreRequestProto request) throws - IOException { - try { - return endpoint.getClientCertificateStore(NULL_CONTROLLER, request); - } catch (ServiceException e) { - throw convert(e); - } } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java index fda23aa..00910a4 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java @@ -35,7 +35,6 @@ import org.apache.slider.api.types.NodeInformationList; import org.apache.slider.core.conf.AggregateConf; import org.apache.slider.core.conf.ConfTree; import org.apache.slider.core.exceptions.ServiceNotReadyException; -import org.apache.slider.core.exceptions.SliderException; import org.apache.slider.core.main.LauncherExitCodes; import org.apache.slider.core.persist.AggregateConfSerDeser; import org.apache.slider.core.persist.ConfTreeSerDeser; @@ -51,8 +50,6 @@ import org.apache.slider.server.appmaster.management.MetricsAndMonitoring; import org.apache.slider.server.appmaster.state.RoleInstance; import org.apache.slider.server.appmaster.state.StateAccessForProviders; import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache; -import org.apache.slider.server.services.security.CertificateManager; -import org.apache.slider.server.services.security.SecurityStore; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -63,16 +60,7 @@ import java.util.Map; import java.util.concurrent.TimeUnit; import static org.apache.slider.api.proto.RestTypeMarshalling.marshall; -import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_COMPONENTS; -import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_CONTAINERS; -import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_NODES; -import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_RESOURCES; -import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_DESIRED; -import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_DESIRED_APPCONF; -import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_DESIRED_RESOURCES; -import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_RESOLVED; -import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_RESOLVED_APPCONF; -import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_RESOLVED_RESOURCES; +import static org.apache.slider.server.appmaster.web.rest.RestPaths.*; /** * Implement the {@link SliderClusterProtocol}. @@ -90,7 +78,6 @@ public class SliderIPCService extends AbstractService private final MetricsAndMonitoring metricsAndMonitoring; private final AppMasterActionOperations amOperations; private final ContentCache cache; - private final CertificateManager certificateManager; /** * This is the prefix used for metrics @@ -107,11 +94,8 @@ public class SliderIPCService extends AbstractService * @param cache */ public SliderIPCService(AppMasterActionOperations amOperations, - CertificateManager certificateManager, - StateAccessForProviders state, - QueueAccess actionQueues, - MetricsAndMonitoring metricsAndMonitoring, - ContentCache cache) { + StateAccessForProviders state, QueueAccess actionQueues, + MetricsAndMonitoring metricsAndMonitoring, ContentCache cache) { super("SliderIPCService"); Preconditions.checkArgument(amOperations != null, "null amOperations"); Preconditions.checkArgument(state != null, "null appState"); @@ -124,7 +108,6 @@ public class SliderIPCService extends AbstractService this.metricsAndMonitoring = metricsAndMonitoring; this.amOperations = amOperations; this.cache = cache; - this.certificateManager = certificateManager; } @Override //SliderClusterProtocol @@ -517,35 +500,4 @@ public class SliderIPCService extends AbstractService builder.setJson(json); return builder.build(); } - - @Override - public Messages.GetCertificateStoreResponseProto getClientCertificateStore(Messages.GetCertificateStoreRequestProto request) throws - IOException { - String hostname = request.getHostname(); - String clientId = request.getRequesterId(); - String password = request.getPassword(); - String type = request.getType(); - - SecurityStore store = null; - try { - if ( SecurityStore.StoreType.keystore.equals( - SecurityStore.StoreType.valueOf(type))) { - store = certificateManager.generateContainerKeystore(hostname, - clientId, - null, - password); - } else if (SecurityStore.StoreType.truststore.equals( - SecurityStore.StoreType.valueOf(type))) { - store = certificateManager.generateContainerTruststore(clientId, - null, - password); - - } else { - throw new IOException("Illegal store type"); - } - } catch (SliderException e) { - throw new IOException(e); - } - return marshall(store); - } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java index 65a3591..ea07a8a 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java @@ -18,16 +18,11 @@ package org.apache.slider.server.appmaster.web; import org.apache.hadoop.registry.client.api.RegistryOperations; import org.apache.slider.providers.ProviderService; -import org.apache.slider.server.appmaster.AppMasterActionOperations; import org.apache.slider.server.appmaster.actions.QueueAccess; import org.apache.slider.server.appmaster.management.MetricsAndMonitoring; import org.apache.slider.server.appmaster.state.AppState; -import org.apache.slider.server.appmaster.state.RoleStatus; import org.apache.slider.server.appmaster.state.StateAccessForProviders; import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache; -import org.apache.slider.server.services.security.CertificateManager; - -import java.util.Map; /** * Interface to pass information from the Slider AppMaster to the WebApp @@ -43,18 +38,6 @@ public interface WebAppApi { * The {@link ProviderService} for the current cluster */ ProviderService getProviderService(); - - - /** - * The {@link CertificateManager} for the current cluster - */ - CertificateManager getCertificateManager(); - - /** - * Generate a mapping from role name to its {@link RoleStatus}. Be aware that this - * is a computed value and not just a getter - */ - Map<String, RoleStatus> getRoleStatusByName(); /** * Registry operations accessor @@ -75,12 +58,6 @@ public interface WebAppApi { QueueAccess getQueues(); /** - * API for AM operations - * @return current operations implementation - */ - AppMasterActionOperations getAMOperations(); - - /** * Local cache of content * @return the cache */ http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java index bd4d2bf..d20f1ad 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java @@ -21,17 +21,11 @@ import org.apache.slider.providers.ProviderService; import org.apache.slider.server.appmaster.AppMasterActionOperations; import org.apache.slider.server.appmaster.actions.QueueAccess; import org.apache.slider.server.appmaster.management.MetricsAndMonitoring; -import org.apache.slider.server.appmaster.state.RoleStatus; import org.apache.slider.server.appmaster.state.StateAccessForProviders; import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache; -import org.apache.slider.server.services.security.CertificateManager; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.List; -import java.util.Map; -import java.util.TreeMap; - import static com.google.common.base.Preconditions.checkNotNull; /** @@ -42,7 +36,6 @@ public class WebAppApiImpl implements WebAppApi { protected final StateAccessForProviders appState; protected final ProviderService provider; - protected final CertificateManager certificateManager; private final RegistryOperations registryOperations; private final MetricsAndMonitoring metricsAndMonitoring; private final QueueAccess queues; @@ -50,13 +43,9 @@ public class WebAppApiImpl implements WebAppApi { private final ContentCache contentCache; public WebAppApiImpl(StateAccessForProviders appState, - ProviderService provider, - CertificateManager certificateManager, - RegistryOperations registryOperations, - MetricsAndMonitoring metricsAndMonitoring, - QueueAccess queues, - AppMasterActionOperations appMasterOperations, - ContentCache contentCache) { + ProviderService provider, RegistryOperations registryOperations, + MetricsAndMonitoring metricsAndMonitoring, QueueAccess queues, + AppMasterActionOperations appMasterOperations, ContentCache contentCache) { this.appMasterOperations = appMasterOperations; this.contentCache = contentCache; checkNotNull(appState); @@ -66,7 +55,6 @@ public class WebAppApiImpl implements WebAppApi { this.registryOperations = registryOperations; this.appState = appState; this.provider = provider; - this.certificateManager = certificateManager; this.metricsAndMonitoring = metricsAndMonitoring; } @@ -81,21 +69,6 @@ public class WebAppApiImpl implements WebAppApi { } @Override - public CertificateManager getCertificateManager() { - return certificateManager; - } - - @Override - public Map<String,RoleStatus> getRoleStatusByName() { - List<RoleStatus> roleStatuses = appState.cloneRoleStatusList(); - Map<String, RoleStatus> map = new TreeMap<>(); - for (RoleStatus status : roleStatuses) { - map.put(status.getName(), status); - } - return map; - } - - @Override public RegistryOperations getRegistryOperations() { return registryOperations; } @@ -110,10 +83,6 @@ public class WebAppApiImpl implements WebAppApi { return queues; } - @Override - public AppMasterActionOperations getAMOperations() { - return appMasterOperations; - } @Override public ContentCache getContentCache() { http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java deleted file mode 100644 index 11d3aa1..0000000 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.slider.server.services.security; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.alias.CredentialProvider; -import org.apache.hadoop.security.alias.CredentialProviderFactory; -import org.apache.slider.common.SliderKeys; -import org.apache.slider.core.conf.MapOperations; -import org.apache.slider.core.exceptions.SliderException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.IOException; -import java.util.List; -import java.util.Map; - -/** - * - */ -public abstract class AbstractSecurityStoreGenerator implements - SecurityStoreGenerator { - private static final Logger LOG = - LoggerFactory.getLogger(AbstractSecurityStoreGenerator.class); - - protected CertificateManager certificateMgr; - - public AbstractSecurityStoreGenerator(CertificateManager certificateMgr) { - this.certificateMgr = certificateMgr; - } - - protected String getStorePassword(Map<String, List<String>> credentials, - MapOperations compOps, String role) - throws SliderException, IOException { - String password = getPassword(compOps); - if (password == null) { - // need to leverage credential provider - String alias = getAlias(compOps); - LOG.debug("Alias {} found for role {}", alias, role); - if (alias == null) { - throw new SliderException("No store password or credential provider " - + "alias found"); - } - if (credentials.isEmpty()) { - LOG.info("Credentials can not be retrieved for store generation since " - + "no CP paths are configured"); - } - synchronized (this) { - for (Map.Entry<String, List<String>> cred : credentials.entrySet()) { - String provider = cred.getKey(); - Configuration c = new Configuration(); - c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider); - LOG.debug("Configured provider {}", provider); - CredentialProvider cp = - CredentialProviderFactory.getProviders(c).get(0); - LOG.debug("Aliases: {}", cp.getAliases()); - char[] credential = c.getPassword(alias); - if (credential != null) { - LOG.info("Credential found for role {}", role); - return String.valueOf(credential); - } - } - } - - if (password == null) { - LOG.info("No store credential found for alias {}. " - + "Generation of store for {} is not possible.", alias, role); - - } - } - - return password; - - } - - @Override - public boolean isStoreRequested(MapOperations compOps) { - return compOps.getOptionBool(SliderKeys.COMP_STORES_REQUIRED_KEY, false); - } - - abstract String getPassword(MapOperations compOps); - - abstract String getAlias(MapOperations compOps); -} http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java deleted file mode 100644 index e436ae9..0000000 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java +++ /dev/null @@ -1,495 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.slider.server.services.security; - -import com.google.inject.Singleton; -import org.apache.commons.io.FileUtils; -import org.apache.slider.common.SliderKeys; -import org.apache.slider.core.conf.MapOperations; -import org.apache.slider.core.exceptions.SliderException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.BufferedReader; -import java.io.File; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.nio.charset.Charset; -import java.text.MessageFormat; - -@Singleton -public class CertificateManager { - - private static final Logger LOG = - LoggerFactory.getLogger(CertificateManager.class); - - private static final String GEN_SRVR_KEY = "openssl genrsa -des3 " + - "-passout pass:{0} -out {1}" + File.separator + "{2} 4096 "; - private static final String GEN_SRVR_REQ = "openssl req -passin pass:{0} " + - "-new -key {1}" + File.separator + "{2} -out {1}" + File.separator + - "{5} -config {1}" + File.separator + "ca.config " + - "-subj {6} -batch"; - private static final String SIGN_SRVR_CRT = "openssl ca -create_serial " + - "-out {1}" + File.separator + "{3} -days 365 -keyfile {1}" + File.separator - + "{2} -key {0} -selfsign -extensions jdk7_ca -config {1}" + File.separator - + "ca.config -batch -infiles {1}" + File.separator + "{5}"; - private static final String EXPRT_KSTR = "openssl pkcs12 -export" + - " -in {2}" + File.separator + "{4} -inkey {2}" + File.separator + - "{3} -certfile {2}" + File.separator + "{4} -out {2}" + File.separator + - "{5} -password pass:{1} -passin pass:{0} \n"; - private static final String REVOKE_AGENT_CRT = "openssl ca " + - "-config {0}" + File.separator + "ca.config -keyfile {0}" + - File.separator + "{4} -revoke {0}" + File.separator + "{2} -batch " + - "-passin pass:{3} -cert {0}" + File.separator + "{5}"; - private static final String SIGN_AGENT_CRT = "openssl ca -config " + - "{0}" + File.separator + "ca.config -in {0}" + File.separator + - "{1} -out {0}" + File.separator + "{2} -batch -passin pass:{3} " + - "-keyfile {0}" + File.separator + "{4} -cert {0}" + File.separator + "{5}"; - private static final String GEN_AGENT_KEY="openssl req -new -newkey " + - "rsa:1024 -nodes -keyout {0}" + File.separator + - "{2}.key -subj {1} -out {0}" + File.separator + "{2}.csr " + - "-config {3}" + File.separator + "ca.config "; - private String passphrase; - private String applicationName; - - - public void initialize(MapOperations compOperations) throws SliderException { - String hostname = null; - try { - hostname = InetAddress.getLocalHost().getCanonicalHostName(); - } catch (UnknownHostException e) { - hostname = "localhost"; - } - this.initialize(compOperations, hostname, null, null); - } - - /** - * Verify that root certificate exists, generate it otherwise. - */ - public void initialize(MapOperations compOperations, - String hostname, String containerId, - String appName) throws SliderException { - SecurityUtils.initializeSecurityParameters(compOperations); - - LOG.info("Initialization of root certificate"); - boolean certExists = isCertExists(); - LOG.info("Certificate exists:" + certExists); - - this.applicationName = appName; - - if (!certExists) { - generateAMKeystore(hostname, containerId); - } - - } - - /** - * Checks root certificate state. - * @return "true" if certificate exists - */ - private boolean isCertExists() { - - String srvrKstrDir = SecurityUtils.getSecurityDir(); - String srvrCrtName = SliderKeys.CRT_FILE_NAME; - File certFile = new File(srvrKstrDir + File.separator + srvrCrtName); - LOG.debug("srvrKstrDir = " + srvrKstrDir); - LOG.debug("srvrCrtName = " + srvrCrtName); - LOG.debug("certFile = " + certFile.getAbsolutePath()); - - return certFile.exists(); - } - - public void setPassphrase(String passphrase) { - this.passphrase = passphrase; - } - - class StreamConsumer extends Thread - { - InputStream is; - boolean logOutput; - - StreamConsumer(InputStream is, boolean logOutput) - { - this.is = is; - this.logOutput = logOutput; - } - - StreamConsumer(InputStream is) - { - this(is, false); - } - - public void run() - { - try - { - InputStreamReader isr = new InputStreamReader(is, - Charset.forName("UTF8")); - BufferedReader br = new BufferedReader(isr); - String line; - while ( (line = br.readLine()) != null) - if (logOutput) { - LOG.info(line); - } - } catch (IOException e) - { - LOG.error("Error during processing of process stream", e); - } - } - } - - - /** - * Runs os command - * - * @return command execution exit code - */ - private int runCommand(String command) throws SliderException { - int exitCode = -1; - String line = null; - Process process = null; - BufferedReader br= null; - try { - process = Runtime.getRuntime().exec(command); - StreamConsumer outputConsumer = - new StreamConsumer(process.getInputStream(), true); - StreamConsumer errorConsumer = - new StreamConsumer(process.getErrorStream(), true); - - outputConsumer.start(); - errorConsumer.start(); - - try { - process.waitFor(); - SecurityUtils.logOpenSslExitCode(command, process.exitValue()); - exitCode = process.exitValue(); - if (exitCode != 0) { - throw new SliderException(exitCode, "Error running command %s", command); - } - } catch (InterruptedException e) { - e.printStackTrace(); - } - } catch (IOException e) { - e.printStackTrace(); - } finally { - if (br != null) { - try { - br.close(); - } catch (IOException ioe) { - ioe.printStackTrace(); - } - } - } - - return exitCode;//some exception occurred - - } - - public synchronized void generateContainerCertificate(String hostname, - String identifier) { - LOG.info("Generation of certificate for {}", hostname); - - String srvrKstrDir = SecurityUtils.getSecurityDir(); - Object[] scriptArgs = {srvrKstrDir, getSubjectDN(hostname, identifier, - this.applicationName), identifier, SecurityUtils.getSecurityDir()}; - - try { - String command = MessageFormat.format(GEN_AGENT_KEY, scriptArgs); - runCommand(command); - - signAgentCertificate(identifier); - - } catch (SliderException e) { - LOG.error("Error generating the agent certificate", e); - } - } - - public synchronized SecurityStore generateContainerKeystore(String hostname, - String requesterId, - String role, - String keystorePass) - throws SliderException { - LOG.info("Generation of container keystore for container {} on {}", - requesterId, hostname); - - generateContainerCertificate(hostname, requesterId); - - // come up with correct args to invoke keystore command - String srvrCrtPass = SecurityUtils.getKeystorePass(); - String srvrKstrDir = SecurityUtils.getSecurityDir(); - String containerCrtName = requesterId + ".crt"; - String containerKeyName = requesterId + ".key"; - String kstrName = getKeystoreFileName(requesterId, role); - - Object[] scriptArgs = {srvrCrtPass, keystorePass, srvrKstrDir, - containerKeyName, containerCrtName, kstrName}; - - String command = MessageFormat.format(EXPRT_KSTR, scriptArgs); - runCommand(command); - - return new SecurityStore(new File(srvrKstrDir, kstrName), - SecurityStore.StoreType.keystore); - } - - private static String getKeystoreFileName(String containerId, - String role) { - return String.format("keystore-%s-%s.p12", containerId, - role != null ? role : ""); - } - - private void generateAMKeystore(String hostname, String containerId) - throws SliderException { - LOG.info("Generation of server certificate"); - - String srvrKstrDir = SecurityUtils.getSecurityDir(); - String srvrCrtName = SliderKeys.CRT_FILE_NAME; - String srvrCsrName = SliderKeys.CSR_FILE_NAME; - String srvrKeyName = SliderKeys.KEY_FILE_NAME; - String kstrName = SliderKeys.KEYSTORE_FILE_NAME; - String srvrCrtPass = SecurityUtils.getKeystorePass(); - - Object[] scriptArgs = {srvrCrtPass, srvrKstrDir, srvrKeyName, - srvrCrtName, kstrName, srvrCsrName, getSubjectDN(hostname, containerId, - this.applicationName)}; - - String command = MessageFormat.format(GEN_SRVR_KEY, scriptArgs); - runCommand(command); - - command = MessageFormat.format(GEN_SRVR_REQ, scriptArgs); - runCommand(command); - - command = MessageFormat.format(SIGN_SRVR_CRT, scriptArgs); - runCommand(command); - - Object[] keystoreArgs = {srvrCrtPass, srvrCrtPass, srvrKstrDir, srvrKeyName, - srvrCrtName, kstrName, srvrCsrName}; - command = MessageFormat.format(EXPRT_KSTR, keystoreArgs); - runCommand(command); - } - - public SecurityStore generateContainerTruststore(String containerId, - String role, - String truststorePass) - throws SliderException { - - String srvrKstrDir = SecurityUtils.getSecurityDir(); - String srvrCrtName = SliderKeys.CRT_FILE_NAME; - String srvrCsrName = SliderKeys.CSR_FILE_NAME; - String srvrKeyName = SliderKeys.KEY_FILE_NAME; - String kstrName = getTruststoreFileName(role, containerId); - String srvrCrtPass = SecurityUtils.getKeystorePass(); - - Object[] scriptArgs = {srvrCrtPass, truststorePass, srvrKstrDir, srvrKeyName, - srvrCrtName, kstrName, srvrCsrName}; - - String command = MessageFormat.format(EXPRT_KSTR, scriptArgs); - runCommand(command); - - return new SecurityStore(new File(srvrKstrDir, kstrName), - SecurityStore.StoreType.truststore); - } - - private static String getTruststoreFileName(String role, String containerId) { - return String.format("truststore-%s-%s.p12", containerId, - role != null ? role : ""); - } - - /** - * Returns server certificate content - * @return string with server certificate content - */ - public String getServerCert() { - File certFile = getServerCertficateFilePath(); - String srvrCrtContent = null; - try { - srvrCrtContent = FileUtils.readFileToString(certFile); - } catch (IOException e) { - LOG.error(e.getMessage()); - } - return srvrCrtContent; - } - - public static File getServerCertficateFilePath() { - return new File(String.format("%s%s%s", - SecurityUtils.getSecurityDir(), - File.separator, - SliderKeys.CRT_FILE_NAME)); - } - - public static File getAgentCertficateFilePath(String containerId) { - return new File(String.format("%s%s%s.crt", - SecurityUtils.getSecurityDir(), - File.separator, - containerId)); - } - - public static File getContainerKeystoreFilePath(String containerId, - String role) { - return new File(SecurityUtils.getSecurityDir(), getKeystoreFileName( - containerId, - role - )); - } - - public static File getContainerTruststoreFilePath(String role, - String containerId) { - return new File(SecurityUtils.getSecurityDir(), - getTruststoreFileName(role, containerId)); - } - - public static File getAgentKeyFilePath(String containerId) { - return new File(String.format("%s%s%s.key", - SecurityUtils.getSecurityDir(), - File.separator, - containerId)); - } - - /** - * Signs agent certificate - * Adds agent certificate to server keystore - * @return string with agent signed certificate content - */ - public synchronized SignCertResponse signAgentCrt(String agentHostname, - String agentCrtReqContent, - String passphraseAgent) { - SignCertResponse response = new SignCertResponse(); - LOG.info("Signing of agent certificate"); - LOG.info("Verifying passphrase"); - - if (!this.passphrase.equals(passphraseAgent.trim())) { - LOG.warn("Incorrect passphrase from the agent"); - response.setResult(SignCertResponse.ERROR_STATUS); - response.setMessage("Incorrect passphrase from the agent"); - return response; - } - - String srvrKstrDir = SecurityUtils.getSecurityDir(); - String srvrCrtPass = SecurityUtils.getKeystorePass(); - String srvrCrtName = SliderKeys.CRT_FILE_NAME; - String srvrKeyName = SliderKeys.KEY_FILE_NAME; - String agentCrtReqName = agentHostname + ".csr"; - String agentCrtName = agentHostname + ".crt"; - - Object[] scriptArgs = {srvrKstrDir, agentCrtReqName, agentCrtName, - srvrCrtPass, srvrKeyName, srvrCrtName}; - - //Revoke previous agent certificate if exists - File agentCrtFile = new File(srvrKstrDir + File.separator + agentCrtName); - - String command = null; - if (agentCrtFile.exists()) { - LOG.info("Revoking of " + agentHostname + " certificate."); - command = MessageFormat.format(REVOKE_AGENT_CRT, scriptArgs); - try { - runCommand(command); - } catch (SliderException e) { - int commandExitCode = e.getExitCode(); - response.setResult(SignCertResponse.ERROR_STATUS); - response.setMessage( - SecurityUtils.getOpenSslCommandResult(command, commandExitCode)); - return response; - } - } - - File agentCrtReqFile = new File(srvrKstrDir + File.separator + - agentCrtReqName); - try { - FileUtils.writeStringToFile(agentCrtReqFile, agentCrtReqContent); - } catch (IOException e1) { - // TODO Auto-generated catch block - e1.printStackTrace(); - } - - command = MessageFormat.format(SIGN_AGENT_CRT, scriptArgs); - - LOG.debug(SecurityUtils.hideOpenSslPassword(command)); - try { - runCommand(command); - } catch (SliderException e) { - int commandExitCode = e.getExitCode(); - response.setResult(SignCertResponse.ERROR_STATUS); - response.setMessage( - SecurityUtils.getOpenSslCommandResult(command, commandExitCode)); - return response; - } - - String agentCrtContent = ""; - try { - agentCrtContent = FileUtils.readFileToString(agentCrtFile); - } catch (IOException e) { - e.printStackTrace(); - LOG.error("Error reading signed agent certificate"); - response.setResult(SignCertResponse.ERROR_STATUS); - response.setMessage("Error reading signed agent certificate"); - return response; - } - response.setResult(SignCertResponse.OK_STATUS); - response.setSignedCa(agentCrtContent); - //LOG.info(ShellCommandUtil.getOpenSslCommandResult(command, commandExitCode)); - return response; - } - - private String signAgentCertificate (String containerId) - throws SliderException { - String srvrKstrDir = SecurityUtils.getSecurityDir(); - String srvrCrtPass = SecurityUtils.getKeystorePass(); - String srvrCrtName = SliderKeys.CRT_FILE_NAME; - String srvrKeyName = SliderKeys.KEY_FILE_NAME; - String agentCrtReqName = containerId + ".csr"; - String agentCrtName = containerId + ".crt"; - - // server certificate must exist already - if (!(new File(srvrKstrDir, srvrCrtName).exists())) { - throw new SliderException("CA certificate not generated"); - } - - Object[] scriptArgs = {srvrKstrDir, agentCrtReqName, agentCrtName, - srvrCrtPass, srvrKeyName, srvrCrtName}; - - //Revoke previous agent certificate if exists - File agentCrtFile = new File(srvrKstrDir + File.separator + agentCrtName); - - String command; - if (agentCrtFile.exists()) { - LOG.info("Revoking of " + containerId + " certificate."); - command = MessageFormat.format(REVOKE_AGENT_CRT, scriptArgs); - runCommand(command); - } - - command = MessageFormat.format(SIGN_AGENT_CRT, scriptArgs); - - LOG.debug(SecurityUtils.hideOpenSslPassword(command)); - runCommand(command); - - return agentCrtName; - - } - - private String getSubjectDN(String hostname, String containerId, - String appName) { - return String.format("/CN=%s%s%s", - hostname, - containerId != null ? "/OU=" + containerId : "", - appName != null ? "/OU=" + appName : ""); - - - } -} http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java deleted file mode 100644 index e2339d5..0000000 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.slider.server.services.security; - -import org.apache.slider.common.SliderKeys; -import org.apache.slider.core.conf.AggregateConf; -import org.apache.slider.core.conf.MapOperations; -import org.apache.slider.core.exceptions.SliderException; - -import java.io.File; -import java.io.IOException; - -/** - * - */ -public class KeystoreGenerator extends AbstractSecurityStoreGenerator { - - - public KeystoreGenerator(CertificateManager certificateMgr) { - super(certificateMgr); - } - - @Override - public SecurityStore generate(String hostname, String containerId, - AggregateConf instanceDefinition, - MapOperations compOps, String role) - throws SliderException, IOException { - SecurityStore keystore = null; - String password = getStorePassword( - instanceDefinition.getAppConf().credentials, compOps, role); - if (password != null) { - keystore = - certificateMgr.generateContainerKeystore(hostname, containerId, role, - password); - } - return keystore; - } - - @Override - String getPassword(MapOperations compOps) { - return compOps.get( - compOps.get(SliderKeys.COMP_KEYSTORE_PASSWORD_PROPERTY_KEY)); - } - - @Override - String getAlias(MapOperations compOps) { - return compOps.getOption(SliderKeys.COMP_KEYSTORE_PASSWORD_ALIAS_KEY, - SliderKeys.COMP_KEYSTORE_PASSWORD_ALIAS_DEFAULT); - } -} http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java deleted file mode 100644 index fc54267..0000000 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.slider.server.services.security; - -import java.io.File; - -/** - * - */ -public class SecurityStore { - private File file; - - public enum StoreType {truststore, keystore} - - private StoreType type; - - public String getType() { - return type.name(); - } - - public File getFile() { - return file; - } - - public SecurityStore(File file, - StoreType type) { - - this.file = file; - this.type = type; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - - SecurityStore that = (SecurityStore) o; - - if (file != null ? !file.equals(that.file) : that.file != null) - return false; - if (type != that.type) return false; - - return true; - } - - @Override - public int hashCode() { - int result = file != null ? file.hashCode() : 0; - result = 31 * result + (type != null ? type.hashCode() : 0); - return result; - } -} http://git-wip-us.apache.org/repos/asf/hadoop/blob/f04eb020/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java deleted file mode 100644 index a814988..0000000 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.slider.server.services.security; - -import org.apache.slider.core.conf.AggregateConf; -import org.apache.slider.core.conf.MapOperations; -import org.apache.slider.core.exceptions.SliderException; - -import java.io.File; -import java.io.IOException; - -/** - * - */ -public interface SecurityStoreGenerator { - - SecurityStore generate(String hostname, - String containerId, - AggregateConf instanceDefinition, - MapOperations compOps, - String role) - throws SliderException, IOException; - - boolean isStoreRequested(MapOperations compOps); -} --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org