public _PrivilegedAction_480(TestAMRMClientOnRMRestart.MyResourceManager2 rm2) { this.rm2 = rm2; }
// Test verify for AM issued with rolled-over AMRMToken // is still able to communicate with restarted RM. /// <exception cref="System.Exception"/> public virtual void TestAMRMClientOnAMRMTokenRollOverOnRMRestart() { conf.SetLong(YarnConfiguration.RmAmrmTokenMasterKeyRollingIntervalSecs, rolling_interval_sec ); conf.SetLong(YarnConfiguration.RmAmExpiryIntervalMs, am_expire_ms); MemoryRMStateStore memStore = new MemoryRMStateStore(); memStore.Init(conf); // start first RM TestAMRMClientOnRMRestart.MyResourceManager2 rm1 = new TestAMRMClientOnRMRestart.MyResourceManager2 (conf, memStore); rm1.Start(); DrainDispatcher dispatcher = (DrainDispatcher)rm1.GetRMContext().GetDispatcher(); long startTime = Runtime.CurrentTimeMillis(); // Submit the application RMApp app = rm1.SubmitApp(1024); dispatcher.Await(); MockNM nm1 = new MockNM("h1:1234", 15120, rm1.GetResourceTrackerService()); nm1.RegisterNode(); nm1.NodeHeartbeat(true); // Node heartbeat dispatcher.Await(); ApplicationAttemptId appAttemptId = app.GetCurrentAppAttempt().GetAppAttemptId(); rm1.SendAMLaunched(appAttemptId); dispatcher.Await(); AMRMTokenSecretManager amrmTokenSecretManagerForRM1 = rm1.GetRMContext().GetAMRMTokenSecretManager (); Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> token = amrmTokenSecretManagerForRM1 .CreateAndGetAMRMToken(appAttemptId); UserGroupInformation ugi = UserGroupInformation.GetCurrentUser(); ugi.AddTokenIdentifier(token.DecodeIdentifier()); AMRMClient <AMRMClient.ContainerRequest> amClient = new TestAMRMClientOnRMRestart.MyAMRMClientImpl (rm1); amClient.Init(conf); amClient.Start(); amClient.RegisterApplicationMaster("h1", 10000, string.Empty); amClient.Allocate(0.1f); // Wait for enough time and make sure the roll_over happens // At mean time, the old AMRMToken should continue to work while (Runtime.CurrentTimeMillis() - startTime < rolling_interval_sec * 1000) { amClient.Allocate(0.1f); try { Sharpen.Thread.Sleep(1000); } catch (Exception) { } } // DO NOTHING NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetMasterKey().GetMasterKey ().GetKeyId() != token.DecodeIdentifier().GetKeyId()); amClient.Allocate(0.1f); // active the nextMasterKey, and replace the currentMasterKey Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> newToken = amrmTokenSecretManagerForRM1 .CreateAndGetAMRMToken(appAttemptId); int waitCount = 0; while (waitCount++ <= 50) { if (amrmTokenSecretManagerForRM1.GetCurrnetMasterKeyData().GetMasterKey().GetKeyId () != token.DecodeIdentifier().GetKeyId()) { break; } try { amClient.Allocate(0.1f); } catch (Exception) { break; } Sharpen.Thread.Sleep(500); } NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetNextMasterKeyData() == null); NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM1.GetCurrnetMasterKeyData ().GetMasterKey().GetKeyId() == newToken.DecodeIdentifier().GetKeyId()); // start 2nd RM conf.Set(YarnConfiguration.RmSchedulerAddress, "0.0.0.0:9030"); TestAMRMClientOnRMRestart.MyResourceManager2 rm2 = new TestAMRMClientOnRMRestart.MyResourceManager2 (conf, memStore); rm2.Start(); nm1.SetResourceTrackerService(rm2.GetResourceTrackerService()); ((TestAMRMClientOnRMRestart.MyAMRMClientImpl)amClient).UpdateRMProxy(rm2); dispatcher = (DrainDispatcher)rm2.GetRMContext().GetDispatcher(); AMRMTokenSecretManager amrmTokenSecretManagerForRM2 = rm2.GetRMContext().GetAMRMTokenSecretManager (); NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM2.GetCurrnetMasterKeyData ().GetMasterKey().GetKeyId() == newToken.DecodeIdentifier().GetKeyId()); NUnit.Framework.Assert.IsTrue(amrmTokenSecretManagerForRM2.GetNextMasterKeyData() == null); try { UserGroupInformation testUser = UserGroupInformation.CreateRemoteUser("testUser"); SecurityUtil.SetTokenService(token, rm2.GetApplicationMasterService().GetBindAddress ()); testUser.AddToken(token); testUser.DoAs(new _PrivilegedAction_480(rm2)).Allocate(Org.Apache.Hadoop.Yarn.Util.Records .NewRecord <AllocateRequest>()); NUnit.Framework.Assert.Fail("The old Token should not work"); } catch (Exception ex) { NUnit.Framework.Assert.IsTrue(ex is SecretManager.InvalidToken); NUnit.Framework.Assert.IsTrue(ex.Message.Contains("Invalid AMRMToken from " + token .DecodeIdentifier().GetApplicationAttemptId())); } // make sure the recovered AMRMToken works for new RM amClient.Allocate(0.1f); amClient.UnregisterApplicationMaster(FinalApplicationStatus.Succeeded, null, null ); amClient.Stop(); rm1.Stop(); rm2.Stop(); }