/// <exception cref="System.IO.IOException"/> public RegisterApplicationMasterResponse RegisterApplicationMaster(RegisterApplicationMasterRequest request) { RegisterApplicationMasterResponse response = Org.Apache.Hadoop.Yarn.Util.Records. NewRecord <RegisterApplicationMasterResponse>(); response.SetMaximumResourceCapability(Resource.NewInstance(10240, 1)); return(response); }
/// <summary>Registers this application master with the resource manager.</summary> /// <remarks> /// Registers this application master with the resource manager. On successful /// registration, starts the heartbeating thread. /// </remarks> /// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> /// <exception cref="System.IO.IOException"/> public override RegisterApplicationMasterResponse RegisterApplicationMaster(string appHostName, int appHostPort, string appTrackingUrl) { RegisterApplicationMasterResponse response = client.RegisterApplicationMaster(appHostName , appHostPort, appTrackingUrl); heartbeatThread.Start(); return(response); }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> /// <exception cref="System.IO.IOException"/> public virtual void TestRegisterApplicationMasterOnHA() { RegisterApplicationMasterRequest request = RegisterApplicationMasterRequest.NewInstance ("localhost", 0, string.Empty); RegisterApplicationMasterResponse response = amClient.RegisterApplicationMaster(request ); NUnit.Framework.Assert.AreEqual(response, this.cluster.CreateFakeRegisterApplicationMasterResponse ()); }
public virtual void TestAuthorizedAccess() { TestAMAuthorization.MyContainerManager containerManager = new TestAMAuthorization.MyContainerManager (); rm = new TestAMAuthorization.MockRMWithAMS(conf, containerManager); rm.Start(); MockNM nm1 = rm.RegisterNode("localhost:1234", 5120); IDictionary <ApplicationAccessType, string> acls = new Dictionary <ApplicationAccessType , string>(2); acls[ApplicationAccessType.ViewApp] = "*"; RMApp app = rm.SubmitApp(1024, "appname", "appuser", acls); nm1.NodeHeartbeat(true); int waitCount = 0; while (containerManager.containerTokens == null && waitCount++ < 20) { Log.Info("Waiting for AM Launch to happen.."); Sharpen.Thread.Sleep(1000); } NUnit.Framework.Assert.IsNotNull(containerManager.containerTokens); RMAppAttempt attempt = app.GetCurrentAppAttempt(); ApplicationAttemptId applicationAttemptId = attempt.GetAppAttemptId(); WaitForLaunchedState(attempt); // Create a client to the RM. Configuration conf = rm.GetConfig(); YarnRPC rpc = YarnRPC.Create(conf); UserGroupInformation currentUser = UserGroupInformation.CreateRemoteUser(applicationAttemptId .ToString()); Credentials credentials = containerManager.GetContainerCredentials(); IPEndPoint rmBindAddress = rm.GetApplicationMasterService().GetBindAddress(); Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> amRMToken = TestAMAuthorization.MockRMWithAMS .SetupAndReturnAMRMToken(rmBindAddress, credentials.GetAllTokens()); currentUser.AddToken(amRMToken); ApplicationMasterProtocol client = currentUser.DoAs(new _PrivilegedAction_206(this , rpc, conf)); RegisterApplicationMasterRequest request = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <RegisterApplicationMasterRequest>(); RegisterApplicationMasterResponse response = client.RegisterApplicationMaster(request ); NUnit.Framework.Assert.IsNotNull(response.GetClientToAMTokenMasterKey()); if (UserGroupInformation.IsSecurityEnabled()) { NUnit.Framework.Assert.IsTrue(((byte[])response.GetClientToAMTokenMasterKey().Array ()).Length > 0); } NUnit.Framework.Assert.AreEqual("Register response has bad ACLs", "*", response.GetApplicationACLs ()[ApplicationAccessType.ViewApp]); }
public virtual RegisterApplicationMasterResponse CreateFakeRegisterApplicationMasterResponse () { Resource minCapability = Resource.NewInstance(2048, 2); Resource maxCapability = Resource.NewInstance(4096, 4); IDictionary <ApplicationAccessType, string> acls = new Dictionary <ApplicationAccessType , string>(); acls[ApplicationAccessType.ModifyApp] = "*"; ByteBuffer key = ByteBuffer.Wrap(Sharpen.Runtime.GetBytesForString("fake_key")); return(RegisterApplicationMasterResponse.NewInstance(minCapability, maxCapability , acls, key, new AList <Container>(), "root", new AList <NMToken>())); }
/// <exception cref="System.Exception"/> public virtual void TestResourceTypes() { Dictionary <YarnConfiguration, EnumSet <YarnServiceProtos.SchedulerResourceTypes> > driver = new Dictionary <YarnConfiguration, EnumSet <YarnServiceProtos.SchedulerResourceTypes > >(); CapacitySchedulerConfiguration csconf = new CapacitySchedulerConfiguration(); csconf.SetResourceComparator(typeof(DominantResourceCalculator)); YarnConfiguration testCapacityDRConf = new YarnConfiguration(csconf); testCapacityDRConf.SetClass(YarnConfiguration.RmScheduler, typeof(CapacityScheduler ), typeof(ResourceScheduler)); YarnConfiguration testCapacityDefConf = new YarnConfiguration(); testCapacityDefConf.SetClass(YarnConfiguration.RmScheduler, typeof(CapacityScheduler ), typeof(ResourceScheduler)); YarnConfiguration testFairDefConf = new YarnConfiguration(); testFairDefConf.SetClass(YarnConfiguration.RmScheduler, typeof(FairScheduler), typeof( ResourceScheduler)); driver[conf] = EnumSet.Of(YarnServiceProtos.SchedulerResourceTypes.Memory); driver[testCapacityDRConf] = EnumSet.Of(YarnServiceProtos.SchedulerResourceTypes. Cpu, YarnServiceProtos.SchedulerResourceTypes.Memory); driver[testCapacityDefConf] = EnumSet.Of(YarnServiceProtos.SchedulerResourceTypes .Memory); driver[testFairDefConf] = EnumSet.Of(YarnServiceProtos.SchedulerResourceTypes.Memory , YarnServiceProtos.SchedulerResourceTypes.Cpu); foreach (KeyValuePair <YarnConfiguration, EnumSet <YarnServiceProtos.SchedulerResourceTypes > > entry in driver) { EnumSet <YarnServiceProtos.SchedulerResourceTypes> expectedValue = entry.Value; MockRM rm = new MockRM(entry.Key); rm.Start(); MockNM nm1 = rm.RegisterNode("127.0.0.1:1234", 6 * Gb); RMApp app1 = rm.SubmitApp(2048); nm1.NodeHeartbeat(true); RMAppAttempt attempt1 = app1.GetCurrentAppAttempt(); MockAM am1 = rm.SendAMLaunched(attempt1.GetAppAttemptId()); RegisterApplicationMasterResponse resp = am1.RegisterAppAttempt(); EnumSet <YarnServiceProtos.SchedulerResourceTypes> types = resp.GetSchedulerResourceTypes (); Log.Info("types = " + types.ToString()); NUnit.Framework.Assert.AreEqual(expectedValue, types); rm.Stop(); } }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> /// <exception cref="System.IO.IOException"/> private RegisterApplicationMasterResponse RegisterApplicationMaster() { RegisterApplicationMasterRequest request = RegisterApplicationMasterRequest.NewInstance (this.appHostName, this.appHostPort, this.appTrackingUrl); RegisterApplicationMasterResponse response = rmClient.RegisterApplicationMaster(request ); lock (this) { lastResponseId = 0; if (!response.GetNMTokensFromPreviousAttempts().IsEmpty()) { PopulateNMTokens(response.GetNMTokensFromPreviousAttempts()); } } return(response); }
protected internal virtual void Register() { //Register IPEndPoint serviceAddr = null; if (clientService != null) { serviceAddr = clientService.GetBindAddress(); } try { RegisterApplicationMasterRequest request = recordFactory.NewRecordInstance <RegisterApplicationMasterRequest >(); if (serviceAddr != null) { request.SetHost(serviceAddr.GetHostName()); request.SetRpcPort(serviceAddr.Port); request.SetTrackingUrl(MRWebAppUtil.GetAMWebappScheme(GetConfig()) + serviceAddr. GetHostName() + ":" + clientService.GetHttpPort()); } RegisterApplicationMasterResponse response = scheduler.RegisterApplicationMaster( request); isApplicationMasterRegistered = true; maxContainerCapability = response.GetMaximumResourceCapability(); this.context.GetClusterInfo().SetMaxContainerCapability(maxContainerCapability); if (UserGroupInformation.IsSecurityEnabled()) { SetClientToAMToken(response.GetClientToAMTokenMasterKey()); } this.applicationACLs = response.GetApplicationACLs(); Log.Info("maxContainerCapability: " + maxContainerCapability); string queue = response.GetQueue(); Log.Info("queue: " + queue); job.SetQueueName(queue); Sharpen.Collections.AddAll(this.schedulerResourceTypes, response.GetSchedulerResourceTypes ()); } catch (Exception are) { Log.Error("Exception while registering", are); throw new YarnRuntimeException(are); } }
/// <exception cref="Com.Google.Protobuf.ServiceException"/> public virtual YarnServiceProtos.RegisterApplicationMasterResponseProto RegisterApplicationMaster (RpcController arg0, YarnServiceProtos.RegisterApplicationMasterRequestProto proto ) { RegisterApplicationMasterRequestPBImpl request = new RegisterApplicationMasterRequestPBImpl (proto); try { RegisterApplicationMasterResponse response = real.RegisterApplicationMaster(request ); return(((RegisterApplicationMasterResponsePBImpl)response).GetProto()); } catch (YarnException e) { throw new ServiceException(e); } catch (IOException e) { throw new ServiceException(e); } }
/// <exception cref="System.Exception"/> public virtual void TestNMTokensRebindOnAMRestart() { YarnConfiguration conf = new YarnConfiguration(); conf.SetInt(YarnConfiguration.RmAmMaxAttempts, 3); MockRM rm1 = new MockRM(conf); rm1.Start(); RMApp app1 = rm1.SubmitApp(200, "myname", "myuser", new Dictionary <ApplicationAccessType , string>(), false, "default", -1, null, "MAPREDUCE", false, true); MockNM nm1 = new MockNM("127.0.0.1:1234", 8000, rm1.GetResourceTrackerService()); nm1.RegisterNode(); MockNM nm2 = new MockNM("127.1.1.1:4321", 8000, rm1.GetResourceTrackerService()); nm2.RegisterNode(); MockAM am1 = MockRM.LaunchAndRegisterAM(app1, rm1, nm1); IList <Container> containers = new AList <Container>(); // nmTokens keeps track of all the nmTokens issued in the allocate call. IList <NMToken> expectedNMTokens = new AList <NMToken>(); // am1 allocate 2 container on nm1. // first container while (true) { AllocateResponse response = am1.Allocate("127.0.0.1", 2000, 2, new AList <ContainerId >()); nm1.NodeHeartbeat(true); Sharpen.Collections.AddAll(containers, response.GetAllocatedContainers()); Sharpen.Collections.AddAll(expectedNMTokens, response.GetNMTokens()); if (containers.Count == 2) { break; } Sharpen.Thread.Sleep(200); System.Console.Out.WriteLine("Waiting for container to be allocated."); } // launch the container-2 nm1.NodeHeartbeat(am1.GetApplicationAttemptId(), 2, ContainerState.Running); ContainerId containerId2 = ContainerId.NewContainerId(am1.GetApplicationAttemptId (), 2); rm1.WaitForState(nm1, containerId2, RMContainerState.Running); // launch the container-3 nm1.NodeHeartbeat(am1.GetApplicationAttemptId(), 3, ContainerState.Running); ContainerId containerId3 = ContainerId.NewContainerId(am1.GetApplicationAttemptId (), 3); rm1.WaitForState(nm1, containerId3, RMContainerState.Running); // fail am1 nm1.NodeHeartbeat(am1.GetApplicationAttemptId(), 1, ContainerState.Complete); am1.WaitForState(RMAppAttemptState.Failed); rm1.WaitForState(app1.GetApplicationId(), RMAppState.Accepted); // restart the am MockAM am2 = MockRM.LaunchAM(app1, rm1, nm1); RegisterApplicationMasterResponse registerResponse = am2.RegisterAppAttempt(); rm1.WaitForState(app1.GetApplicationId(), RMAppState.Running); // check am2 get the nm token from am1. NUnit.Framework.Assert.AreEqual(expectedNMTokens, registerResponse.GetNMTokensFromPreviousAttempts ()); // am2 allocate 1 container on nm2 containers = new AList <Container>(); while (true) { AllocateResponse allocateResponse = am2.Allocate("127.1.1.1", 4000, 1, new AList < ContainerId>()); nm2.NodeHeartbeat(true); Sharpen.Collections.AddAll(containers, allocateResponse.GetAllocatedContainers()); Sharpen.Collections.AddAll(expectedNMTokens, allocateResponse.GetNMTokens()); if (containers.Count == 1) { break; } Sharpen.Thread.Sleep(200); System.Console.Out.WriteLine("Waiting for container to be allocated."); } nm1.NodeHeartbeat(am2.GetApplicationAttemptId(), 2, ContainerState.Running); ContainerId am2ContainerId2 = ContainerId.NewContainerId(am2.GetApplicationAttemptId (), 2); rm1.WaitForState(nm1, am2ContainerId2, RMContainerState.Running); // fail am2. nm1.NodeHeartbeat(am2.GetApplicationAttemptId(), 1, ContainerState.Complete); am2.WaitForState(RMAppAttemptState.Failed); rm1.WaitForState(app1.GetApplicationId(), RMAppState.Accepted); // restart am MockAM am3 = MockRM.LaunchAM(app1, rm1, nm1); registerResponse = am3.RegisterAppAttempt(); rm1.WaitForState(app1.GetApplicationId(), RMAppState.Running); // check am3 get the NM token from both am1 and am2; IList <NMToken> transferredTokens = registerResponse.GetNMTokensFromPreviousAttempts (); NUnit.Framework.Assert.AreEqual(2, transferredTokens.Count); NUnit.Framework.Assert.IsTrue(transferredTokens.ContainsAll(expectedNMTokens)); rm1.Stop(); }
/// <exception cref="System.Exception"/> public virtual void TestAMRestartWithExistingContainers() { YarnConfiguration conf = new YarnConfiguration(); conf.SetInt(YarnConfiguration.RmAmMaxAttempts, 2); MockRM rm1 = new MockRM(conf); rm1.Start(); RMApp app1 = rm1.SubmitApp(200, "name", "user", new Dictionary <ApplicationAccessType , string>(), false, "default", -1, null, "MAPREDUCE", false, true); MockNM nm1 = new MockNM("127.0.0.1:1234", 10240, rm1.GetResourceTrackerService()); nm1.RegisterNode(); MockNM nm2 = new MockNM("127.0.0.1:2351", 4089, rm1.GetResourceTrackerService()); nm2.RegisterNode(); MockAM am1 = MockRM.LaunchAndRegisterAM(app1, rm1, nm1); int NumContainers = 3; // allocate NUM_CONTAINERS containers am1.Allocate("127.0.0.1", 1024, NumContainers, new AList <ContainerId>()); nm1.NodeHeartbeat(true); // wait for containers to be allocated. IList <Container> containers = am1.Allocate(new AList <ResourceRequest>(), new AList <ContainerId>()).GetAllocatedContainers(); while (containers.Count != NumContainers) { nm1.NodeHeartbeat(true); Sharpen.Collections.AddAll(containers, am1.Allocate(new AList <ResourceRequest>(), new AList <ContainerId>()).GetAllocatedContainers()); Sharpen.Thread.Sleep(200); } // launch the 2nd container, for testing running container transferred. nm1.NodeHeartbeat(am1.GetApplicationAttemptId(), 2, ContainerState.Running); ContainerId containerId2 = ContainerId.NewContainerId(am1.GetApplicationAttemptId (), 2); rm1.WaitForState(nm1, containerId2, RMContainerState.Running); // launch the 3rd container, for testing container allocated by previous // attempt is completed by the next new attempt/ nm1.NodeHeartbeat(am1.GetApplicationAttemptId(), 3, ContainerState.Running); ContainerId containerId3 = ContainerId.NewContainerId(am1.GetApplicationAttemptId (), 3); rm1.WaitForState(nm1, containerId3, RMContainerState.Running); // 4th container still in AQUIRED state. for testing Acquired container is // always killed. ContainerId containerId4 = ContainerId.NewContainerId(am1.GetApplicationAttemptId (), 4); rm1.WaitForState(nm1, containerId4, RMContainerState.Acquired); // 5th container is in Allocated state. for testing allocated container is // always killed. am1.Allocate("127.0.0.1", 1024, 1, new AList <ContainerId>()); nm1.NodeHeartbeat(true); ContainerId containerId5 = ContainerId.NewContainerId(am1.GetApplicationAttemptId (), 5); rm1.WaitForContainerAllocated(nm1, containerId5); rm1.WaitForState(nm1, containerId5, RMContainerState.Allocated); // 6th container is in Reserved state. am1.Allocate("127.0.0.1", 6000, 1, new AList <ContainerId>()); ContainerId containerId6 = ContainerId.NewContainerId(am1.GetApplicationAttemptId (), 6); nm1.NodeHeartbeat(true); SchedulerApplicationAttempt schedulerAttempt = ((AbstractYarnScheduler)rm1.GetResourceScheduler ()).GetCurrentAttemptForContainer(containerId6); while (schedulerAttempt.GetReservedContainers().IsEmpty()) { System.Console.Out.WriteLine("Waiting for container " + containerId6 + " to be reserved." ); nm1.NodeHeartbeat(true); Sharpen.Thread.Sleep(200); } // assert containerId6 is reserved. NUnit.Framework.Assert.AreEqual(containerId6, schedulerAttempt.GetReservedContainers ()[0].GetContainerId()); // fail the AM by sending CONTAINER_FINISHED event without registering. nm1.NodeHeartbeat(am1.GetApplicationAttemptId(), 1, ContainerState.Complete); am1.WaitForState(RMAppAttemptState.Failed); // wait for some time. previous AM's running containers should still remain // in scheduler even though am failed Sharpen.Thread.Sleep(3000); rm1.WaitForState(nm1, containerId2, RMContainerState.Running); // acquired/allocated containers are cleaned up. NUnit.Framework.Assert.IsNull(rm1.GetResourceScheduler().GetRMContainer(containerId4 )); NUnit.Framework.Assert.IsNull(rm1.GetResourceScheduler().GetRMContainer(containerId5 )); // wait for app to start a new attempt. rm1.WaitForState(app1.GetApplicationId(), RMAppState.Accepted); // assert this is a new AM. ApplicationAttemptId newAttemptId = app1.GetCurrentAppAttempt().GetAppAttemptId(); NUnit.Framework.Assert.IsFalse(newAttemptId.Equals(am1.GetApplicationAttemptId()) ); // launch the new AM RMAppAttempt attempt2 = app1.GetCurrentAppAttempt(); nm1.NodeHeartbeat(true); MockAM am2 = rm1.SendAMLaunched(attempt2.GetAppAttemptId()); RegisterApplicationMasterResponse registerResponse = am2.RegisterAppAttempt(); // Assert two containers are running: container2 and container3; NUnit.Framework.Assert.AreEqual(2, registerResponse.GetContainersFromPreviousAttempts ().Count); bool containerId2Exists = false; bool containerId3Exists = false; foreach (Container container in registerResponse.GetContainersFromPreviousAttempts ()) { if (container.GetId().Equals(containerId2)) { containerId2Exists = true; } if (container.GetId().Equals(containerId3)) { containerId3Exists = true; } } NUnit.Framework.Assert.IsTrue(containerId2Exists && containerId3Exists); rm1.WaitForState(app1.GetApplicationId(), RMAppState.Running); // complete container by sending the container complete event which has earlier // attempt's attemptId nm1.NodeHeartbeat(am1.GetApplicationAttemptId(), 3, ContainerState.Complete); // Even though the completed container containerId3 event was sent to the // earlier failed attempt, new RMAppAttempt can also capture this container // info. // completed containerId4 is also transferred to the new attempt. RMAppAttempt newAttempt = app1.GetRMAppAttempt(am2.GetApplicationAttemptId()); // 4 containers finished, acquired/allocated/reserved/completed. WaitForContainersToFinish(4, newAttempt); bool container3Exists = false; bool container4Exists = false; bool container5Exists = false; bool container6Exists = false; foreach (ContainerStatus status in newAttempt.GetJustFinishedContainers()) { if (status.GetContainerId().Equals(containerId3)) { // containerId3 is the container ran by previous attempt but finished by the // new attempt. container3Exists = true; } if (status.GetContainerId().Equals(containerId4)) { // containerId4 is the Acquired Container killed by the previous attempt, // it's now inside new attempt's finished container list. container4Exists = true; } if (status.GetContainerId().Equals(containerId5)) { // containerId5 is the Allocated container killed by previous failed attempt. container5Exists = true; } if (status.GetContainerId().Equals(containerId6)) { // containerId6 is the reserved container killed by previous failed attempt. container6Exists = true; } } NUnit.Framework.Assert.IsTrue(container3Exists && container4Exists && container5Exists && container6Exists); // New SchedulerApplicationAttempt also has the containers info. rm1.WaitForState(nm1, containerId2, RMContainerState.Running); // record the scheduler attempt for testing. SchedulerApplicationAttempt schedulerNewAttempt = ((AbstractYarnScheduler)rm1.GetResourceScheduler ()).GetCurrentAttemptForContainer(containerId2); // finish this application MockRM.FinishAMAndVerifyAppState(app1, rm1, nm1, am2); // the 2nd attempt released the 1st attempt's running container, when the // 2nd attempt finishes. NUnit.Framework.Assert.IsFalse(schedulerNewAttempt.GetLiveContainers().Contains(containerId2 )); // all 4 normal containers finished. System.Console.Out.WriteLine("New attempt's just finished containers: " + newAttempt .GetJustFinishedContainers()); WaitForContainersToFinish(5, newAttempt); rm1.Stop(); }
/// <exception cref="System.Exception"/> public virtual void TestClientTokenRace() { conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication, "kerberos"); UserGroupInformation.SetConfiguration(conf); ContainerManagementProtocol containerManager = Org.Mockito.Mockito.Mock <ContainerManagementProtocol >(); StartContainersResponse mockResponse = Org.Mockito.Mockito.Mock <StartContainersResponse >(); Org.Mockito.Mockito.When(containerManager.StartContainers((StartContainersRequest )Matchers.Any())).ThenReturn(mockResponse); DrainDispatcher dispatcher = new DrainDispatcher(); MockRM rm = new _MockRMWithCustomAMLauncher_433(dispatcher, conf, containerManager ); rm.Start(); // Submit an app RMApp app = rm.SubmitApp(1024); // Set up a node. MockNM nm1 = rm.RegisterNode("localhost:1234", 3072); nm1.NodeHeartbeat(true); dispatcher.Await(); nm1.NodeHeartbeat(true); dispatcher.Await(); ApplicationAttemptId appAttempt = app.GetCurrentAppAttempt().GetAppAttemptId(); MockAM mockAM = new MockAM(rm.GetRMContext(), rm.GetApplicationMasterService(), app .GetCurrentAppAttempt().GetAppAttemptId()); UserGroupInformation appUgi = UserGroupInformation.CreateRemoteUser(appAttempt.ToString ()); RegisterApplicationMasterResponse response = appUgi.DoAs(new _PrivilegedAction_469 (mockAM)); // Get the app-report. GetApplicationReportRequest request = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <GetApplicationReportRequest>(); request.SetApplicationId(app.GetApplicationId()); GetApplicationReportResponse reportResponse = rm.GetClientRMService().GetApplicationReport (request); ApplicationReport appReport = reportResponse.GetApplicationReport(); Org.Apache.Hadoop.Yarn.Api.Records.Token originalClientToAMToken = appReport.GetClientToAMToken (); // ClientToAMToken master key should have been received on register // application master response. ByteBuffer clientMasterKey = response.GetClientToAMTokenMasterKey(); NUnit.Framework.Assert.IsNotNull(clientMasterKey); NUnit.Framework.Assert.IsTrue(((byte[])clientMasterKey.Array()).Length > 0); // Start the AM with the correct shared-secret. ApplicationAttemptId appAttemptId = app.GetAppAttempts().Keys.GetEnumerator().Next (); NUnit.Framework.Assert.IsNotNull(appAttemptId); TestClientToAMTokens.CustomAM am = new TestClientToAMTokens.CustomAM(appAttemptId , null); am.Init(conf); am.Start(); // Now the real test! // Set up clients to be able to pick up correct tokens. SecurityUtil.SetSecurityInfoProviders(new TestClientToAMTokens.CustomSecurityInfo ()); Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier> token = ConverterUtils .ConvertFromYarn(originalClientToAMToken, am.address); // Schedule the key to be set after a significant delay Timer timer = new Timer(); TimerTask timerTask = new _TimerTask_516(am, clientMasterKey); timer.Schedule(timerTask, 250); // connect should pause waiting for the master key to arrive VerifyValidToken(conf, am, token); am.Stop(); rm.Stop(); }
public virtual void TestClientToAMTokens() { conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication, "kerberos"); UserGroupInformation.SetConfiguration(conf); ContainerManagementProtocol containerManager = Org.Mockito.Mockito.Mock <ContainerManagementProtocol >(); StartContainersResponse mockResponse = Org.Mockito.Mockito.Mock <StartContainersResponse >(); Org.Mockito.Mockito.When(containerManager.StartContainers((StartContainersRequest )Matchers.Any())).ThenReturn(mockResponse); DrainDispatcher dispatcher = new DrainDispatcher(); MockRM rm = new _MockRMWithCustomAMLauncher_192(dispatcher, conf, containerManager ); rm.Start(); // Submit an app RMApp app = rm.SubmitApp(1024); // Set up a node. MockNM nm1 = rm.RegisterNode("localhost:1234", 3072); nm1.NodeHeartbeat(true); dispatcher.Await(); nm1.NodeHeartbeat(true); dispatcher.Await(); ApplicationAttemptId appAttempt = app.GetCurrentAppAttempt().GetAppAttemptId(); MockAM mockAM = new MockAM(rm.GetRMContext(), rm.GetApplicationMasterService(), app .GetCurrentAppAttempt().GetAppAttemptId()); UserGroupInformation appUgi = UserGroupInformation.CreateRemoteUser(appAttempt.ToString ()); RegisterApplicationMasterResponse response = appUgi.DoAs(new _PrivilegedAction_229 (mockAM)); // Get the app-report. GetApplicationReportRequest request = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <GetApplicationReportRequest>(); request.SetApplicationId(app.GetApplicationId()); GetApplicationReportResponse reportResponse = rm.GetClientRMService().GetApplicationReport (request); ApplicationReport appReport = reportResponse.GetApplicationReport(); Org.Apache.Hadoop.Yarn.Api.Records.Token originalClientToAMToken = appReport.GetClientToAMToken (); // ClientToAMToken master key should have been received on register // application master response. NUnit.Framework.Assert.IsNotNull(response.GetClientToAMTokenMasterKey()); NUnit.Framework.Assert.IsTrue(((byte[])response.GetClientToAMTokenMasterKey().Array ()).Length > 0); // Start the AM with the correct shared-secret. ApplicationAttemptId appAttemptId = app.GetAppAttempts().Keys.GetEnumerator().Next (); NUnit.Framework.Assert.IsNotNull(appAttemptId); TestClientToAMTokens.CustomAM am = new TestClientToAMTokens.CustomAM(appAttemptId , ((byte[])response.GetClientToAMTokenMasterKey().Array())); am.Init(conf); am.Start(); // Now the real test! // Set up clients to be able to pick up correct tokens. SecurityUtil.SetSecurityInfoProviders(new TestClientToAMTokens.CustomSecurityInfo ()); // Verify denial for unauthenticated user try { TestClientToAMTokens.CustomProtocol client = (TestClientToAMTokens.CustomProtocol )RPC.GetProxy <TestClientToAMTokens.CustomProtocol>(1L, am.address, conf); client.Ping(); NUnit.Framework.Assert.Fail("Access by unauthenticated user should fail!!"); } catch (Exception) { NUnit.Framework.Assert.IsFalse(am.pinged); } Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier> token = ConverterUtils .ConvertFromYarn(originalClientToAMToken, am.address); // Verify denial for a malicious user with tampered ID VerifyTokenWithTamperedID(conf, am, token); // Verify denial for a malicious user with tampered user-name VerifyTokenWithTamperedUserName(conf, am, token); // Now for an authenticated user VerifyValidToken(conf, am, token); // Verify for a new version token VerifyNewVersionToken(conf, am, token, rm); am.Stop(); rm.Stop(); }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> /// <exception cref="System.IO.IOException"/> public virtual RegisterApplicationMasterResponse RegisterApplicationMaster(RegisterApplicationMasterRequest request) { AMRMTokenIdentifier amrmTokenIdentifier = AuthorizeRequest(); ApplicationAttemptId applicationAttemptId = amrmTokenIdentifier.GetApplicationAttemptId (); ApplicationId appID = applicationAttemptId.GetApplicationId(); ApplicationMasterService.AllocateResponseLock Lock = responseMap[applicationAttemptId ]; if (Lock == null) { RMAuditLogger.LogFailure(this.rmContext.GetRMApps()[appID].GetUser(), RMAuditLogger.AuditConstants .RegisterAm, "Application doesn't exist in cache " + applicationAttemptId, "ApplicationMasterService" , "Error in registering application master", appID, applicationAttemptId); ThrowApplicationDoesNotExistInCacheException(applicationAttemptId); } // Allow only one thread in AM to do registerApp at a time. lock (Lock) { AllocateResponse lastResponse = Lock.GetAllocateResponse(); if (HasApplicationMasterRegistered(applicationAttemptId)) { string message = "Application Master is already registered : " + appID; Log.Warn(message); RMAuditLogger.LogFailure(this.rmContext.GetRMApps()[appID].GetUser(), RMAuditLogger.AuditConstants .RegisterAm, string.Empty, "ApplicationMasterService", message, appID, applicationAttemptId ); throw new InvalidApplicationMasterRequestException(message); } this.amLivelinessMonitor.ReceivedPing(applicationAttemptId); RMApp app = this.rmContext.GetRMApps()[appID]; // Setting the response id to 0 to identify if the // application master is register for the respective attemptid lastResponse.SetResponseId(0); Lock.SetAllocateResponse(lastResponse); Log.Info("AM registration " + applicationAttemptId); this.rmContext.GetDispatcher().GetEventHandler().Handle(new RMAppAttemptRegistrationEvent (applicationAttemptId, request.GetHost(), request.GetRpcPort(), request.GetTrackingUrl ())); RMAuditLogger.LogSuccess(app.GetUser(), RMAuditLogger.AuditConstants.RegisterAm, "ApplicationMasterService", appID, applicationAttemptId); // Pick up min/max resource from scheduler... RegisterApplicationMasterResponse response = recordFactory.NewRecordInstance <RegisterApplicationMasterResponse >(); response.SetMaximumResourceCapability(rScheduler.GetMaximumResourceCapability(app .GetQueue())); response.SetApplicationACLs(app.GetRMAppAttempt(applicationAttemptId).GetSubmissionContext ().GetAMContainerSpec().GetApplicationACLs()); response.SetQueue(app.GetQueue()); if (UserGroupInformation.IsSecurityEnabled()) { Log.Info("Setting client token master key"); response.SetClientToAMTokenMasterKey(ByteBuffer.Wrap(rmContext.GetClientToAMTokenSecretManager ().GetMasterKey(applicationAttemptId).GetEncoded())); } // For work-preserving AM restart, retrieve previous attempts' containers // and corresponding NM tokens. if (app.GetApplicationSubmissionContext().GetKeepContainersAcrossApplicationAttempts ()) { IList <Container> transferredContainers = ((AbstractYarnScheduler)rScheduler).GetTransferredContainers (applicationAttemptId); if (!transferredContainers.IsEmpty()) { response.SetContainersFromPreviousAttempts(transferredContainers); IList <NMToken> nmTokens = new AList <NMToken>(); foreach (Container container in transferredContainers) { try { NMToken token = rmContext.GetNMTokenSecretManager().CreateAndGetNMToken(app.GetUser (), applicationAttemptId, container); if (null != token) { nmTokens.AddItem(token); } } catch (ArgumentException e) { // if it's a DNS issue, throw UnknowHostException directly and // that // will be automatically retried by RMProxy in RPC layer. if (e.InnerException is UnknownHostException) { throw (UnknownHostException)e.InnerException; } } } response.SetNMTokensFromPreviousAttempts(nmTokens); Log.Info("Application " + appID + " retrieved " + transferredContainers.Count + " containers from previous" + " attempts and " + nmTokens.Count + " NM tokens."); } } response.SetSchedulerResourceTypes(rScheduler.GetSchedulingResourceTypes()); return(response); } }