public _PrivilegedAction_480(TestAMRMClientOnRMRestart.MyResourceManager2 rm2)
{
this.rm2 = rm2;
}
// Test verify for AM issued with rolled-over AMRMToken
// is still able to communicate with restarted RM.
/// <exception cref="System.Exception"/>
public virtual void TestAMRMClientOnAMRMTokenRollOverOnRMRestart()
{
conf.SetLong(YarnConfiguration.RmAmrmTokenMasterKeyRollingIntervalSecs, rolling_interval_sec
);
conf.SetLong(YarnConfiguration.RmAmExpiryIntervalMs, am_expire_ms);
MemoryRMStateStore memStore = new MemoryRMStateStore();
memStore.Init(conf);
// start first RM
TestAMRMClientOnRMRestart.MyResourceManager2 rm1 = new TestAMRMClientOnRMRestart.MyResourceManager2
(conf, memStore);
rm1.Start();
DrainDispatcher dispatcher = (DrainDispatcher)rm1.GetRMContext().GetDispatcher();
long startTime = Runtime.CurrentTimeMillis();
// Submit the application
RMApp app = rm1.SubmitApp(1024);
dispatcher.Await();
MockNM nm1 = new MockNM("h1:1234", 15120, rm1.GetResourceTrackerService());
nm1.RegisterNode();
nm1.NodeHeartbeat(true);
// Node heartbeat
dispatcher.Await();
ApplicationAttemptId appAttemptId = app.GetCurrentAppAttempt().GetAppAttemptId();
rm1.SendAMLaunched(appAttemptId);
dispatcher.Await();
AMRMTokenSecretManager amrmTokenSecretManagerForRM1 = rm1.GetRMContext().GetAMRMTokenSecretManager
();
Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> token = amrmTokenSecretManagerForRM1
.CreateAndGetAMRMToken(appAttemptId);
UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();
ugi.AddTokenIdentifier(token.DecodeIdentifier());
AMRMClient <AMRMClient.ContainerRequest> amClient = new TestAMRMClientOnRMRestart.MyAMRMClientImpl
(rm1);
amClient.Init(conf);
amClient.Start();
amClient.RegisterApplicationMaster("h1", 10000, string.Empty);
amClient.Allocate(0.1f);
// Wait for enough time and make sure the roll_over happens
// At mean time, the old AMRMToken should continue to work
while (Runtime.CurrentTimeMillis() - startTime < rolling_interval_sec * 1000)
{
amClient.Allocate(0.1f);
try
{
Sharpen.Thread.Sleep(1000);
}
catch (Exception)
{
}
}
// DO NOTHING
NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetMasterKey().GetMasterKey
().GetKeyId() != token.DecodeIdentifier().GetKeyId());
amClient.Allocate(0.1f);
// active the nextMasterKey, and replace the currentMasterKey
Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> newToken = amrmTokenSecretManagerForRM1
.CreateAndGetAMRMToken(appAttemptId);
int waitCount = 0;
while (waitCount++ <= 50)
{
if (amrmTokenSecretManagerForRM1.GetCurrnetMasterKeyData().GetMasterKey().GetKeyId
() != token.DecodeIdentifier().GetKeyId())
{
break;
}
try
{
amClient.Allocate(0.1f);
}
catch (Exception)
{
break;
}
Sharpen.Thread.Sleep(500);
}
NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetNextMasterKeyData()
== null);
NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetCurrnetMasterKeyData
().GetMasterKey().GetKeyId() == newToken.DecodeIdentifier().GetKeyId());
// start 2nd RM
conf.Set(YarnConfiguration.RmSchedulerAddress, "0.0.0.0:9030");
TestAMRMClientOnRMRestart.MyResourceManager2 rm2 = new TestAMRMClientOnRMRestart.MyResourceManager2
(conf, memStore);
rm2.Start();
nm1.SetResourceTrackerService(rm2.GetResourceTrackerService());
((TestAMRMClientOnRMRestart.MyAMRMClientImpl)amClient).UpdateRMProxy(rm2);
dispatcher = (DrainDispatcher)rm2.GetRMContext().GetDispatcher();
AMRMTokenSecretManager amrmTokenSecretManagerForRM2 = rm2.GetRMContext().GetAMRMTokenSecretManager
();
NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM2.GetCurrnetMasterKeyData
().GetMasterKey().GetKeyId() == newToken.DecodeIdentifier().GetKeyId());
NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM2.GetNextMasterKeyData()
== null);
try
{
UserGroupInformation testUser = UserGroupInformation.CreateRemoteUser("testUser");
SecurityUtil.SetTokenService(token, rm2.GetApplicationMasterService().GetBindAddress
());
testUser.AddToken(token);
testUser.DoAs(new _PrivilegedAction_480(rm2)).Allocate(Org.Apache.Hadoop.Yarn.Util.Records
.NewRecord <AllocateRequest>());
NUnit.Framework.Assert.Fail("The old Token should not work");
}
catch (Exception ex)
{
NUnit.Framework.Assert.IsTrue(ex is SecretManager.InvalidToken);
NUnit.Framework.Assert.IsTrue(ex.Message.Contains("Invalid AMRMToken from " + token
.DecodeIdentifier().GetApplicationAttemptId()));
}
// make sure the recovered AMRMToken works for new RM
amClient.Allocate(0.1f);
amClient.UnregisterApplicationMaster(FinalApplicationStatus.Succeeded, null, null
);
amClient.Stop();
rm1.Stop();
rm2.Stop();
}
