SLIDER-413 fixed renewal logic to read token expiry time
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/ce0c0527 Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/ce0c0527 Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/ce0c0527 Branch: refs/heads/feature/SLIDER-86-windows Commit: ce0c05278aa4d7718e3005d756cabff747f3fc5a Parents: 809dc78 Author: Jon Maron <jma...@hortonworks.com> Authored: Tue Sep 9 18:14:09 2014 -0400 Committer: Jon Maron <jma...@hortonworks.com> Committed: Tue Sep 9 18:14:09 2014 -0400 ---------------------------------------------------------------------- .../security/FsDelegationTokenManager.java | 33 +++++++++++++++++--- .../TestFsDelegationTokenManager.groovy | 3 +- 2 files changed, 30 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/ce0c0527/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java b/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java index 15d858c..cce2de0 100644 --- a/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java +++ b/slider-core/src/main/java/org/apache/slider/server/services/security/FsDelegationTokenManager.java @@ -22,6 +22,8 @@ import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.io.Text; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.security.token.TokenIdentifier; +import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier; import org.apache.hadoop.util.Time; import org.apache.slider.common.tools.SliderUtils; import org.apache.slider.server.appmaster.SliderAppMaster; @@ -34,6 +36,8 @@ import org.slf4j.LoggerFactory; import java.io.IOException; import java.security.PrivilegedExceptionAction; +import java.text.DateFormat; +import java.util.Date; import java.util.UUID; import java.util.concurrent.TimeUnit; @@ -129,6 +133,7 @@ public class FsDelegationTokenManager { class RenewAction extends AsyncAction { Configuration configuration; Token<?> token; + private long tokenExpiryTime; private final FileSystem fs; RenewAction(String name, @@ -145,14 +150,23 @@ public class FsDelegationTokenManager { public Token<?> run() throws Exception { log.info("Obtaining HDFS delgation token with user {}", remoteUser.getShortUserName()); - return fs.getDelegationToken( + Token token = fs.getDelegationToken( remoteUser.getShortUserName()); + tokenExpiryTime = getTokenExpiryTime(token); + log.info("Initial delegation token obtained with expiry time of {}", getPrintableExirationTime(tokenExpiryTime)); + return token; } }); } log.info("Initial request returned delegation token {}", token); } + private long getTokenExpiryTime(Token token) throws IOException { + AbstractDelegationTokenIdentifier id = + (AbstractDelegationTokenIdentifier)token.decodeIdentifier(); + return id.getMaxDate(); + } + protected FileSystem getFileSystem() throws IOException, InterruptedException { // return non-cache FS reference @@ -177,11 +191,12 @@ public class FsDelegationTokenManager { @Override public Long run() throws Exception { long expires = token.renew(fs.getConf()); - log.info("HDFS delegation token renewed"); + log.info("HDFS delegation token renewed. Renewal cycle ends at {}", + getPrintableExirationTime(expires)); return expires; } }); - long calculatedInterval = expires - Time.now(); + long calculatedInterval = tokenExpiryTime - Time.now(); if ( calculatedInterval < renewInterval ) { // time to get a new token since the token will expire before // next renewal interval. Could modify this to be closer to expiry @@ -201,6 +216,11 @@ public class FsDelegationTokenManager { } } + private String getPrintableExirationTime(long expires) { + Date d = new Date(expires); + return DateFormat.getDateTimeInstance().format(d); + } + private void getNewToken() throws InterruptedException, IOException { try { @@ -215,10 +235,13 @@ public class FsDelegationTokenManager { throw new IOException("addDelegationTokens returned no tokens"); } token = findMatchingToken(service, tokens); - if (token == null) throw new IOException("Can't get new delegation token "); currentUser.addToken(token.getService(), token); - log.info("Expired HDFS delegation token replaced and added as credential to current user"); + tokenExpiryTime = getTokenExpiryTime(token); + + log.info("Expired HDFS delegation token replaced and added as credential" + + " to current user. Token expires at {}", + getPrintableExirationTime(tokenExpiryTime)); updateRenewalTime(renewInterval); } catch (IOException ie2) { throw new IOException("Can't get new delegation token ", ie2); http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/ce0c0527/slider-core/src/test/groovy/org/apache/slider/server/services/security/TestFsDelegationTokenManager.groovy ---------------------------------------------------------------------- diff --git a/slider-core/src/test/groovy/org/apache/slider/server/services/security/TestFsDelegationTokenManager.groovy b/slider-core/src/test/groovy/org/apache/slider/server/services/security/TestFsDelegationTokenManager.groovy index 245c09a..3de3c67 100644 --- a/slider-core/src/test/groovy/org/apache/slider/server/services/security/TestFsDelegationTokenManager.groovy +++ b/slider-core/src/test/groovy/org/apache/slider/server/services/security/TestFsDelegationTokenManager.groovy @@ -138,6 +138,7 @@ class TestFsDelegationTokenManager { def user = new Text(currentUser.getUserName()) def id = new DelegationTokenIdentifier(user, user, user) id.setSequenceNumber(sequenceNum++) + id.setMaxDate(Time.now() + 10000) return id } @@ -169,7 +170,7 @@ class TestFsDelegationTokenManager { } - return Time.now() + 10000; + return Time.now() + 1000; } @Override