Exemplo n.º 1
0
        /// <exception cref="System.Exception"/>
        public virtual void TestAMRMTokenSecretManagerStateStore(RMStateStoreTestBase.RMStateStoreHelper
                                                                 stateStoreHelper)
        {
            System.Console.Out.WriteLine("Start testing");
            RMStateStore store = stateStoreHelper.GetRMStateStore();

            RMStateStoreTestBase.TestDispatcher dispatcher = new RMStateStoreTestBase.TestDispatcher
                                                                 ();
            store.SetRMDispatcher(dispatcher);
            RMContext rmContext = Org.Mockito.Mockito.Mock <RMContext>();

            Org.Mockito.Mockito.When(rmContext.GetStateStore()).ThenReturn(store);
            Configuration          conf        = new YarnConfiguration();
            AMRMTokenSecretManager appTokenMgr = new AMRMTokenSecretManager(conf, rmContext);
            //create and save the first masterkey
            MasterKeyData firstMasterKeyData   = appTokenMgr.CreateNewMasterKey();
            AMRMTokenSecretManagerState state1 = AMRMTokenSecretManagerState.NewInstance(firstMasterKeyData
                                                                                         .GetMasterKey(), null);

            rmContext.GetStateStore().StoreOrUpdateAMRMTokenSecretManager(state1, false);
            // load state
            store = stateStoreHelper.GetRMStateStore();
            Org.Mockito.Mockito.When(rmContext.GetStateStore()).ThenReturn(store);
            store.SetRMDispatcher(dispatcher);
            RMStateStore.RMState state = store.LoadState();
            NUnit.Framework.Assert.IsNotNull(state.GetAMRMTokenSecretManagerState());
            NUnit.Framework.Assert.AreEqual(firstMasterKeyData.GetMasterKey(), state.GetAMRMTokenSecretManagerState
                                                ().GetCurrentMasterKey());
            NUnit.Framework.Assert.IsNull(state.GetAMRMTokenSecretManagerState().GetNextMasterKey
                                              ());
            //create and save the second masterkey
            MasterKeyData secondMasterKeyData  = appTokenMgr.CreateNewMasterKey();
            AMRMTokenSecretManagerState state2 = AMRMTokenSecretManagerState.NewInstance(firstMasterKeyData
                                                                                         .GetMasterKey(), secondMasterKeyData.GetMasterKey());

            rmContext.GetStateStore().StoreOrUpdateAMRMTokenSecretManager(state2, true);
            // load state
            store = stateStoreHelper.GetRMStateStore();
            Org.Mockito.Mockito.When(rmContext.GetStateStore()).ThenReturn(store);
            store.SetRMDispatcher(dispatcher);
            RMStateStore.RMState state_2 = store.LoadState();
            NUnit.Framework.Assert.IsNotNull(state_2.GetAMRMTokenSecretManagerState());
            NUnit.Framework.Assert.AreEqual(firstMasterKeyData.GetMasterKey(), state_2.GetAMRMTokenSecretManagerState
                                                ().GetCurrentMasterKey());
            NUnit.Framework.Assert.AreEqual(secondMasterKeyData.GetMasterKey(), state_2.GetAMRMTokenSecretManagerState
                                                ().GetNextMasterKey());
            // re-create the masterKeyData based on the recovered masterkey
            // should have the same secretKey
            appTokenMgr.Recover(state_2);
            NUnit.Framework.Assert.AreEqual(appTokenMgr.GetCurrnetMasterKeyData().GetSecretKey
                                                (), firstMasterKeyData.GetSecretKey());
            NUnit.Framework.Assert.AreEqual(appTokenMgr.GetNextMasterKeyData().GetSecretKey()
                                            , secondMasterKeyData.GetSecretKey());
            store.Close();
        }
        // Test verify for AM issued with rolled-over AMRMToken
        // is still able to communicate with restarted RM.
        /// <exception cref="System.Exception"/>
        public virtual void TestAMRMClientOnAMRMTokenRollOverOnRMRestart()
        {
            conf.SetLong(YarnConfiguration.RmAmrmTokenMasterKeyRollingIntervalSecs, rolling_interval_sec
                         );
            conf.SetLong(YarnConfiguration.RmAmExpiryIntervalMs, am_expire_ms);
            MemoryRMStateStore memStore = new MemoryRMStateStore();

            memStore.Init(conf);
            // start first RM
            TestAMRMClientOnRMRestart.MyResourceManager2 rm1 = new TestAMRMClientOnRMRestart.MyResourceManager2
                                                                   (conf, memStore);
            rm1.Start();
            DrainDispatcher dispatcher = (DrainDispatcher)rm1.GetRMContext().GetDispatcher();
            long            startTime  = Runtime.CurrentTimeMillis();
            // Submit the application
            RMApp app = rm1.SubmitApp(1024);

            dispatcher.Await();
            MockNM nm1 = new MockNM("h1:1234", 15120, rm1.GetResourceTrackerService());

            nm1.RegisterNode();
            nm1.NodeHeartbeat(true);
            // Node heartbeat
            dispatcher.Await();
            ApplicationAttemptId appAttemptId = app.GetCurrentAppAttempt().GetAppAttemptId();

            rm1.SendAMLaunched(appAttemptId);
            dispatcher.Await();
            AMRMTokenSecretManager amrmTokenSecretManagerForRM1 = rm1.GetRMContext().GetAMRMTokenSecretManager
                                                                      ();

            Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> token = amrmTokenSecretManagerForRM1
                                                                                 .CreateAndGetAMRMToken(appAttemptId);
            UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();

            ugi.AddTokenIdentifier(token.DecodeIdentifier());
            AMRMClient <AMRMClient.ContainerRequest> amClient = new TestAMRMClientOnRMRestart.MyAMRMClientImpl
                                                                    (rm1);

            amClient.Init(conf);
            amClient.Start();
            amClient.RegisterApplicationMaster("h1", 10000, string.Empty);
            amClient.Allocate(0.1f);
            // Wait for enough time and make sure the roll_over happens
            // At mean time, the old AMRMToken should continue to work
            while (Runtime.CurrentTimeMillis() - startTime < rolling_interval_sec * 1000)
            {
                amClient.Allocate(0.1f);
                try
                {
                    Sharpen.Thread.Sleep(1000);
                }
                catch (Exception)
                {
                }
            }
            // DO NOTHING
            NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetMasterKey().GetMasterKey
                                              ().GetKeyId() != token.DecodeIdentifier().GetKeyId());
            amClient.Allocate(0.1f);
            // active the nextMasterKey, and replace the currentMasterKey
            Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> newToken = amrmTokenSecretManagerForRM1
                                                                                    .CreateAndGetAMRMToken(appAttemptId);
            int waitCount = 0;

            while (waitCount++ <= 50)
            {
                if (amrmTokenSecretManagerForRM1.GetCurrnetMasterKeyData().GetMasterKey().GetKeyId
                        () != token.DecodeIdentifier().GetKeyId())
                {
                    break;
                }
                try
                {
                    amClient.Allocate(0.1f);
                }
                catch (Exception)
                {
                    break;
                }
                Sharpen.Thread.Sleep(500);
            }
            NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetNextMasterKeyData()
                                          == null);
            NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetCurrnetMasterKeyData
                                              ().GetMasterKey().GetKeyId() == newToken.DecodeIdentifier().GetKeyId());
            // start 2nd RM
            conf.Set(YarnConfiguration.RmSchedulerAddress, "0.0.0.0:9030");
            TestAMRMClientOnRMRestart.MyResourceManager2 rm2 = new TestAMRMClientOnRMRestart.MyResourceManager2
                                                                   (conf, memStore);
            rm2.Start();
            nm1.SetResourceTrackerService(rm2.GetResourceTrackerService());
            ((TestAMRMClientOnRMRestart.MyAMRMClientImpl)amClient).UpdateRMProxy(rm2);
            dispatcher = (DrainDispatcher)rm2.GetRMContext().GetDispatcher();
            AMRMTokenSecretManager amrmTokenSecretManagerForRM2 = rm2.GetRMContext().GetAMRMTokenSecretManager
                                                                      ();

            NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM2.GetCurrnetMasterKeyData
                                              ().GetMasterKey().GetKeyId() == newToken.DecodeIdentifier().GetKeyId());
            NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM2.GetNextMasterKeyData()
                                          == null);
            try
            {
                UserGroupInformation testUser = UserGroupInformation.CreateRemoteUser("testUser");
                SecurityUtil.SetTokenService(token, rm2.GetApplicationMasterService().GetBindAddress
                                                 ());
                testUser.AddToken(token);
                testUser.DoAs(new _PrivilegedAction_480(rm2)).Allocate(Org.Apache.Hadoop.Yarn.Util.Records
                                                                       .NewRecord <AllocateRequest>());
                NUnit.Framework.Assert.Fail("The old Token should not work");
            }
            catch (Exception ex)
            {
                NUnit.Framework.Assert.IsTrue(ex is SecretManager.InvalidToken);
                NUnit.Framework.Assert.IsTrue(ex.Message.Contains("Invalid AMRMToken from " + token
                                                                  .DecodeIdentifier().GetApplicationAttemptId()));
            }
            // make sure the recovered AMRMToken works for new RM
            amClient.Allocate(0.1f);
            amClient.UnregisterApplicationMaster(FinalApplicationStatus.Succeeded, null, null
                                                 );
            amClient.Stop();
            rm1.Stop();
            rm2.Stop();
        }