/// <summary>This tests whether a containerId is serialized/deserialized with epoch.</summary> /// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> /// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> private void TestContainerTokenWithEpoch(Configuration conf) { Log.Info("Running test for serializing/deserializing containerIds"); NMTokenSecretManagerInRM nmTokenSecretManagerInRM = yarnCluster.GetResourceManager ().GetRMContext().GetNMTokenSecretManager(); ApplicationId appId = ApplicationId.NewInstance(1, 1); ApplicationAttemptId appAttemptId = ApplicationAttemptId.NewInstance(appId, 0); ContainerId cId = ContainerId.NewContainerId(appAttemptId, (5L << 40) | 3L); NodeManager nm = yarnCluster.GetNodeManager(0); NMTokenSecretManagerInNM nmTokenSecretManagerInNM = nm.GetNMContext().GetNMTokenSecretManager (); string user = "******"; WaitForNMToReceiveNMTokenKey(nmTokenSecretManagerInNM, nm); NodeId nodeId = nm.GetNMContext().GetNodeId(); // Both id should be equal. NUnit.Framework.Assert.AreEqual(nmTokenSecretManagerInNM.GetCurrentKey().GetKeyId (), nmTokenSecretManagerInRM.GetCurrentKey().GetKeyId()); // Creating a normal Container Token RMContainerTokenSecretManager containerTokenSecretManager = yarnCluster.GetResourceManager ().GetRMContext().GetContainerTokenSecretManager(); Resource r = Resource.NewInstance(1230, 2); Org.Apache.Hadoop.Yarn.Api.Records.Token containerToken = containerTokenSecretManager .CreateContainerToken(cId, nodeId, user, r, Priority.NewInstance(0), 0); ContainerTokenIdentifier containerTokenIdentifier = new ContainerTokenIdentifier( ); byte[] tokenIdentifierContent = ((byte[])containerToken.GetIdentifier().Array()); DataInputBuffer dib = new DataInputBuffer(); dib.Reset(tokenIdentifierContent, tokenIdentifierContent.Length); containerTokenIdentifier.ReadFields(dib); NUnit.Framework.Assert.AreEqual(cId, containerTokenIdentifier.GetContainerID()); NUnit.Framework.Assert.AreEqual(cId.ToString(), containerTokenIdentifier.GetContainerID ().ToString()); Org.Apache.Hadoop.Yarn.Api.Records.Token nmToken = nmTokenSecretManagerInRM.CreateNMToken (appAttemptId, nodeId, user); YarnRPC rpc = YarnRPC.Create(conf); TestStartContainer(rpc, appAttemptId, nodeId, containerToken, nmToken, false); IList <ContainerId> containerIds = new List <ContainerId>(); containerIds.AddItem(cId); ContainerManagementProtocol proxy = GetContainerManagementProtocolProxy(rpc, nmToken , nodeId, user); GetContainerStatusesResponse res = proxy.GetContainerStatuses(GetContainerStatusesRequest .NewInstance(containerIds)); NUnit.Framework.Assert.IsNotNull(res.GetContainerStatuses()[0]); NUnit.Framework.Assert.AreEqual(cId, res.GetContainerStatuses()[0].GetContainerId ()); NUnit.Framework.Assert.AreEqual(cId.ToString(), res.GetContainerStatuses()[0].GetContainerId ().ToString()); }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> public virtual StartContainersResponse StartContainers(StartContainersRequest requests ) { StartContainersResponse response = TestRPC.recordFactory.NewRecordInstance <StartContainersResponse >(); foreach (StartContainerRequest request in requests.GetStartContainerRequests()) { Token containerToken = request.GetContainerToken(); ContainerTokenIdentifier tokenId = null; try { tokenId = TestRPC.NewContainerTokenIdentifier(containerToken); } catch (IOException e) { throw RPCUtil.GetRemoteException(e); } ContainerStatus status = TestRPC.recordFactory.NewRecordInstance <ContainerStatus> (); status.SetState(ContainerState.Running); status.SetContainerId(tokenId.GetContainerID()); status.SetExitStatus(0); this.statuses.AddItem(status); } return(response); }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> public StartContainersResponse StartContainers(StartContainersRequest requests) { StartContainerRequest request = requests.GetStartContainerRequests()[0]; Log.Info("Container started by MyContainerManager: " + request); launched = true; IDictionary <string, string> env = request.GetContainerLaunchContext().GetEnvironment (); Token containerToken = request.GetContainerToken(); ContainerTokenIdentifier tokenId = null; try { tokenId = BuilderUtils.NewContainerTokenIdentifier(containerToken); } catch (IOException e) { throw RPCUtil.GetRemoteException(e); } ContainerId containerId = tokenId.GetContainerID(); containerIdAtContainerManager = containerId.ToString(); attemptIdAtContainerManager = containerId.GetApplicationAttemptId().ToString(); nmHostAtContainerManager = tokenId.GetNmHostAddress(); submitTimeAtContainerManager = long.Parse(env[ApplicationConstants.AppSubmitTimeEnv ]); maxAppAttempts = System.Convert.ToInt32(env[ApplicationConstants.MaxAppAttemptsEnv ]); return(StartContainersResponse.NewInstance(new Dictionary <string, ByteBuffer>(), new AList <ContainerId>(), new Dictionary <ContainerId, SerializedException>())); }
/// <exception cref="System.IO.IOException"/> public virtual StartContainersResponse StartContainers(StartContainersRequest requests ) { StartContainerRequest request = requests.GetStartContainerRequests()[0]; ContainerTokenIdentifier containerTokenIdentifier = MRApp.NewContainerTokenIdentifier (request.GetContainerToken()); // Validate that the container is what RM is giving. NUnit.Framework.Assert.AreEqual(MRApp.NmHost + ":" + MRApp.NmPort, containerTokenIdentifier .GetNmHostAddress()); StartContainersResponse response = TestContainerLauncher.recordFactory.NewRecordInstance <StartContainersResponse>(); this.status = TestContainerLauncher.recordFactory.NewRecordInstance<ContainerStatus >(); try { // make the thread sleep to look like its not going to respond Sharpen.Thread.Sleep(15000); } catch (Exception e) { TestContainerLauncher.Log.Error(e); throw new UndeclaredThrowableException(e); } this.status.SetState(ContainerState.Running); this.status.SetContainerId(containerTokenIdentifier.GetContainerID()); this.status.SetExitStatus(0); return response; }
internal WrappedApplication(TestApplication _enclosing, int id, long timestamp, string user, int numContainers) { this._enclosing = _enclosing; Configuration conf = new Configuration(); this.dispatcher = new DrainDispatcher(); this.containerTokenIdentifierMap = new Dictionary <ContainerId, ContainerTokenIdentifier >(); this.dispatcher.Init(conf); this.localizerBus = Org.Mockito.Mockito.Mock <EventHandler>(); this.launcherBus = Org.Mockito.Mockito.Mock <EventHandler>(); this.monitorBus = Org.Mockito.Mockito.Mock <EventHandler>(); this.auxBus = Org.Mockito.Mockito.Mock <EventHandler>(); this.containerBus = Org.Mockito.Mockito.Mock <EventHandler>(); this.logAggregationBus = Org.Mockito.Mockito.Mock <EventHandler>(); this.dispatcher.Register(typeof(LocalizationEventType), this.localizerBus); this.dispatcher.Register(typeof(ContainersLauncherEventType), this.launcherBus); this.dispatcher.Register(typeof(ContainersMonitorEventType), this.monitorBus); this.dispatcher.Register(typeof(AuxServicesEventType), this.auxBus); this.dispatcher.Register(typeof(ContainerEventType), this.containerBus); this.dispatcher.Register(typeof(LogHandlerEventType), this.logAggregationBus); this.nmTokenSecretMgr = Org.Mockito.Mockito.Mock <NMTokenSecretManagerInNM>(); this.context = Org.Mockito.Mockito.Mock <Context>(); Org.Mockito.Mockito.When(this.context.GetContainerTokenSecretManager()).ThenReturn (new NMContainerTokenSecretManager(conf)); Org.Mockito.Mockito.When(this.context.GetApplicationACLsManager()).ThenReturn(new ApplicationACLsManager(conf)); Org.Mockito.Mockito.When(this.context.GetNMTokenSecretManager()).ThenReturn(this. nmTokenSecretMgr); // Setting master key MasterKey masterKey = new MasterKeyPBImpl(); masterKey.SetKeyId(123); masterKey.SetBytes(ByteBuffer.Wrap(new byte[] { (123) })); this.context.GetContainerTokenSecretManager().SetMasterKey(masterKey); this.user = user; this.appId = BuilderUtils.NewApplicationId(timestamp, id); this.app = new ApplicationImpl(this.dispatcher, this.user, this.appId, null, this .context); this.containers = new AList <Org.Apache.Hadoop.Yarn.Server.Nodemanager.Containermanager.Container.Container >(); for (int i = 0; i < numContainers; i++) { Org.Apache.Hadoop.Yarn.Server.Nodemanager.Containermanager.Container.Container container = this._enclosing.CreateMockedContainer(this.appId, i); this.containers.AddItem(container); long currentTime = Runtime.CurrentTimeMillis(); ContainerTokenIdentifier identifier = new ContainerTokenIdentifier(container.GetContainerId (), string.Empty, string.Empty, null, currentTime + 2000, masterKey.GetKeyId(), currentTime, Priority.NewInstance(0), 0); this.containerTokenIdentifierMap[identifier.GetContainerID()] = identifier; this.context.GetContainerTokenSecretManager().StartContainerSuccessful(identifier ); NUnit.Framework.Assert.IsFalse(this.context.GetContainerTokenSecretManager().IsValidStartContainerRequest (identifier)); } this.dispatcher.Start(); }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> public virtual StartContainersResponse StartContainers(StartContainersRequest requests ) { lock (this) { foreach (StartContainerRequest request in requests.GetStartContainerRequests()) { Token containerToken = request.GetContainerToken(); ContainerTokenIdentifier tokenId = null; try { tokenId = BuilderUtils.NewContainerTokenIdentifier(containerToken); } catch (IOException e) { throw RPCUtil.GetRemoteException(e); } ContainerId containerID = tokenId.GetContainerID(); ApplicationId applicationId = containerID.GetApplicationAttemptId().GetApplicationId (); IList <Container> applicationContainers = containers[applicationId]; if (applicationContainers == null) { applicationContainers = new AList <Container>(); containers[applicationId] = applicationContainers; } // Sanity check foreach (Container container in applicationContainers) { if (container.GetId().CompareTo(containerID) == 0) { throw new InvalidOperationException("Container " + containerID + " already setup on node " + containerManagerAddress); } } Container container_1 = BuilderUtils.NewContainer(containerID, this.nodeId, nodeHttpAddress , tokenId.GetResource(), null, null); // DKDC - Doesn't matter ContainerStatus containerStatus = BuilderUtils.NewContainerStatus(container_1.GetId (), ContainerState.New, string.Empty, -1000); applicationContainers.AddItem(container_1); containerStatusMap[container_1] = containerStatus; Resources.SubtractFrom(available, tokenId.GetResource()); Resources.AddTo(used, tokenId.GetResource()); if (Log.IsDebugEnabled()) { Log.Debug("startContainer:" + " node=" + containerManagerAddress + " application=" + applicationId + " container=" + container_1 + " available=" + available + " used=" + used); } } StartContainersResponse response = StartContainersResponse.NewInstance(null, null , null); return(response); } }
/// <summary> /// Override of this is to validate ContainerTokens generated by using /// different /// <see cref="Org.Apache.Hadoop.Yarn.Server.Api.Records.MasterKey"/> /// s. /// </summary> /// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/> public override byte[] RetrievePassword(ContainerTokenIdentifier identifier) { lock (this) { int keyId = identifier.GetMasterKeyId(); MasterKeyData masterKeyToUse = null; if (this.previousMasterKey != null && keyId == this.previousMasterKey.GetMasterKey ().GetKeyId()) { // A container-launch has come in with a token generated off the last // master-key masterKeyToUse = this.previousMasterKey; } else { if (keyId == base.currentMasterKey.GetMasterKey().GetKeyId()) { // A container-launch has come in with a token generated off the current // master-key masterKeyToUse = base.currentMasterKey; } } if (nodeHostAddr != null && !identifier.GetNmHostAddress().Equals(nodeHostAddr)) { // Valid container token used for incorrect node. throw new SecretManager.InvalidToken("Given Container " + identifier.GetContainerID ().ToString() + " identifier is not valid for current Node manager. Expected : " + nodeHostAddr + " Found : " + identifier.GetNmHostAddress()); } if (masterKeyToUse != null) { return(RetrievePasswordInternal(identifier, masterKeyToUse)); } // Invalid request. Like startContainer() with token generated off // old-master-keys. throw new SecretManager.InvalidToken("Given Container " + identifier.GetContainerID ().ToString() + " seems to have an illegally generated token."); } }
/// <summary> /// Container will be remembered based on expiration time of the container /// token used for starting the container. /// </summary> /// <remarks> /// Container will be remembered based on expiration time of the container /// token used for starting the container. It is safe to use expiration time /// as there is one to many mapping between expiration time and containerId. /// </remarks> /// <returns>true if the current token identifier is not present in cache.</returns> public virtual bool IsValidStartContainerRequest(ContainerTokenIdentifier containerTokenIdentifier ) { lock (this) { RemoveAnyContainerTokenIfExpired(); long expTime = containerTokenIdentifier.GetExpiryTimeStamp(); IList <ContainerId> containers = this.recentlyStartedContainerTracker[expTime]; if (containers == null || !containers.Contains(containerTokenIdentifier.GetContainerID ())) { return(true); } else { return(false); } } }
public ContainerTokenIdentifierForTest(ContainerTokenIdentifier identifier, string message) { YarnSecurityTestTokenProtos.ContainerTokenIdentifierForTestProto.Builder builder = YarnSecurityTestTokenProtos.ContainerTokenIdentifierForTestProto.NewBuilder(); ContainerIdPBImpl containerID = (ContainerIdPBImpl)identifier.GetContainerID(); if (containerID != null) { builder.SetContainerId(containerID.GetProto()); } builder.SetNmHostAddr(identifier.GetNmHostAddress()); builder.SetAppSubmitter(identifier.GetApplicationSubmitter()); ResourcePBImpl resource = (ResourcePBImpl)identifier.GetResource(); if (resource != null) { builder.SetResource(resource.GetProto()); } builder.SetExpiryTimeStamp(identifier.GetExpiryTimeStamp()); builder.SetMasterKeyId(identifier.GetMasterKeyId()); builder.SetRmIdentifier(identifier.GetRMIdentifier()); PriorityPBImpl priority = (PriorityPBImpl)identifier.GetPriority(); if (priority != null) { builder.SetPriority(priority.GetProto()); } builder.SetCreationTime(identifier.GetCreationTime()); builder.SetMessage(message); LogAggregationContextPBImpl logAggregationContext = (LogAggregationContextPBImpl) identifier.GetLogAggregationContext(); if (logAggregationContext != null) { builder.SetLogAggregationContext(logAggregationContext.GetProto()); } proto = ((YarnSecurityTestTokenProtos.ContainerTokenIdentifierForTestProto)builder .Build()); }
/// <summary>Container start has gone through.</summary> /// <remarks> /// Container start has gone through. We need to store the containerId in order /// to block future container start requests with same container token. This /// container token needs to be saved till its container token expires. /// </remarks> public virtual void StartContainerSuccessful(ContainerTokenIdentifier tokenId) { lock (this) { RemoveAnyContainerTokenIfExpired(); ContainerId containerId = tokenId.GetContainerID(); long expTime = tokenId.GetExpiryTimeStamp(); // We might have multiple containers with same expiration time. if (!recentlyStartedContainerTracker.Contains(expTime)) { recentlyStartedContainerTracker[expTime] = new AList <ContainerId>(); } recentlyStartedContainerTracker[expTime].AddItem(containerId); try { stateStore.StoreContainerToken(containerId, expTime); } catch (IOException e) { Log.Error("Unable to store token for container " + containerId, e); } } }