/// <exception cref="System.IO.IOException"/>
private static ContainerTokenIdentifier CreateContainerTokenId(ContainerId cid, NodeId
nodeId, string user, NMContainerTokenSecretManager secretMgr)
{
long rmid = cid.GetApplicationAttemptId().GetApplicationId().GetClusterTimestamp(
);
ContainerTokenIdentifier ctid = new ContainerTokenIdentifier(cid, nodeId.ToString
(), user, BuilderUtils.NewResource(1024, 1), Runtime.CurrentTimeMillis() + 100000L
, secretMgr.GetCurrentKey().GetKeyId(), rmid, Priority.NewInstance(0), 0);
Org.Apache.Hadoop.Yarn.Api.Records.Token token = BuilderUtils.NewContainerToken(nodeId
, secretMgr.CreatePassword(ctid), ctid);
return(BuilderUtils.NewContainerTokenIdentifier(token));
}
public virtual void TestRecovery()
{
YarnConfiguration conf = new YarnConfiguration();
conf.SetBoolean(YarnConfiguration.NmRecoveryEnabled, true);
NodeId nodeId = NodeId.NewInstance("somehost", 1234);
ContainerId cid1 = BuilderUtils.NewContainerId(1, 1, 1, 1);
ContainerId cid2 = BuilderUtils.NewContainerId(2, 2, 2, 2);
TestNMContainerTokenSecretManager.ContainerTokenKeyGeneratorForTest keygen = new
TestNMContainerTokenSecretManager.ContainerTokenKeyGeneratorForTest(conf);
NMMemoryStateStoreService stateStore = new NMMemoryStateStoreService();
stateStore.Init(conf);
stateStore.Start();
NMContainerTokenSecretManager secretMgr = new NMContainerTokenSecretManager(conf,
stateStore);
secretMgr.SetNodeId(nodeId);
MasterKey currentKey = keygen.GenerateKey();
secretMgr.SetMasterKey(currentKey);
ContainerTokenIdentifier tokenId1 = CreateContainerTokenId(cid1, nodeId, "user1",
secretMgr);
ContainerTokenIdentifier tokenId2 = CreateContainerTokenId(cid2, nodeId, "user2",
secretMgr);
NUnit.Framework.Assert.IsNotNull(secretMgr.RetrievePassword(tokenId1));
NUnit.Framework.Assert.IsNotNull(secretMgr.RetrievePassword(tokenId2));
// restart and verify tokens still valid
secretMgr = new NMContainerTokenSecretManager(conf, stateStore);
secretMgr.SetNodeId(nodeId);
secretMgr.Recover();
NUnit.Framework.Assert.AreEqual(currentKey, secretMgr.GetCurrentKey());
NUnit.Framework.Assert.IsTrue(secretMgr.IsValidStartContainerRequest(tokenId1));
NUnit.Framework.Assert.IsTrue(secretMgr.IsValidStartContainerRequest(tokenId2));
NUnit.Framework.Assert.IsNotNull(secretMgr.RetrievePassword(tokenId1));
NUnit.Framework.Assert.IsNotNull(secretMgr.RetrievePassword(tokenId2));
// roll master key and start a container
secretMgr.StartContainerSuccessful(tokenId2);
currentKey = keygen.GenerateKey();
secretMgr.SetMasterKey(currentKey);
// restart and verify tokens still valid due to prev key persist
secretMgr = new NMContainerTokenSecretManager(conf, stateStore);
secretMgr.SetNodeId(nodeId);
secretMgr.Recover();
NUnit.Framework.Assert.AreEqual(currentKey, secretMgr.GetCurrentKey());
NUnit.Framework.Assert.IsTrue(secretMgr.IsValidStartContainerRequest(tokenId1));
NUnit.Framework.Assert.IsFalse(secretMgr.IsValidStartContainerRequest(tokenId2));
NUnit.Framework.Assert.IsNotNull(secretMgr.RetrievePassword(tokenId1));
NUnit.Framework.Assert.IsNotNull(secretMgr.RetrievePassword(tokenId2));
// roll master key again, restart, and verify keys no longer valid
currentKey = keygen.GenerateKey();
secretMgr.SetMasterKey(currentKey);
secretMgr = new NMContainerTokenSecretManager(conf, stateStore);
secretMgr.SetNodeId(nodeId);
secretMgr.Recover();
NUnit.Framework.Assert.AreEqual(currentKey, secretMgr.GetCurrentKey());
NUnit.Framework.Assert.IsTrue(secretMgr.IsValidStartContainerRequest(tokenId1));
NUnit.Framework.Assert.IsFalse(secretMgr.IsValidStartContainerRequest(tokenId2));
try
{
secretMgr.RetrievePassword(tokenId1);
NUnit.Framework.Assert.Fail("token should not be valid");
}
catch (SecretManager.InvalidToken)
{
}
// expected
try
{
secretMgr.RetrievePassword(tokenId2);
NUnit.Framework.Assert.Fail("token should not be valid");
}
catch (SecretManager.InvalidToken)
{
}
// expected
stateStore.Close();
}
