Пример #1
0
        /// <exception cref="System.Exception"/>
        protected internal virtual void RollNMTokenMasterKey(NMTokenSecretManagerInRM nmTokenSecretManagerRM
                                                             , NMTokenSecretManagerInNM nmTokenSecretManagerNM)
        {
            int oldKeyId = nmTokenSecretManagerRM.GetCurrentKey().GetKeyId();

            nmTokenSecretManagerRM.RollMasterKey();
            int interval = 40;

            while (nmTokenSecretManagerNM.GetCurrentKey().GetKeyId() == oldKeyId && interval--
                   > 0)
            {
                Sharpen.Thread.Sleep(1000);
            }
            nmTokenSecretManagerRM.ActivateNextMasterKey();
            NUnit.Framework.Assert.IsTrue((nmTokenSecretManagerNM.GetCurrentKey().GetKeyId()
                                           == nmTokenSecretManagerRM.GetCurrentKey().GetKeyId()));
        }
Пример #2
0
        /// <summary>This tests whether a containerId is serialized/deserialized with epoch.</summary>
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="System.Exception"/>
        /// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
        private void TestContainerTokenWithEpoch(Configuration conf)
        {
            Log.Info("Running test for serializing/deserializing containerIds");
            NMTokenSecretManagerInRM nmTokenSecretManagerInRM = yarnCluster.GetResourceManager
                                                                    ().GetRMContext().GetNMTokenSecretManager();
            ApplicationId            appId                    = ApplicationId.NewInstance(1, 1);
            ApplicationAttemptId     appAttemptId             = ApplicationAttemptId.NewInstance(appId, 0);
            ContainerId              cId                      = ContainerId.NewContainerId(appAttemptId, (5L << 40) | 3L);
            NodeManager              nm                       = yarnCluster.GetNodeManager(0);
            NMTokenSecretManagerInNM nmTokenSecretManagerInNM = nm.GetNMContext().GetNMTokenSecretManager
                                                                    ();
            string user = "******";

            WaitForNMToReceiveNMTokenKey(nmTokenSecretManagerInNM, nm);
            NodeId nodeId = nm.GetNMContext().GetNodeId();

            // Both id should be equal.
            NUnit.Framework.Assert.AreEqual(nmTokenSecretManagerInNM.GetCurrentKey().GetKeyId
                                                (), nmTokenSecretManagerInRM.GetCurrentKey().GetKeyId());
            // Creating a normal Container Token
            RMContainerTokenSecretManager containerTokenSecretManager = yarnCluster.GetResourceManager
                                                                            ().GetRMContext().GetContainerTokenSecretManager();
            Resource r = Resource.NewInstance(1230, 2);

            Org.Apache.Hadoop.Yarn.Api.Records.Token containerToken = containerTokenSecretManager
                                                                      .CreateContainerToken(cId, nodeId, user, r, Priority.NewInstance(0), 0);
            ContainerTokenIdentifier containerTokenIdentifier = new ContainerTokenIdentifier(
                );

            byte[]          tokenIdentifierContent = ((byte[])containerToken.GetIdentifier().Array());
            DataInputBuffer dib = new DataInputBuffer();

            dib.Reset(tokenIdentifierContent, tokenIdentifierContent.Length);
            containerTokenIdentifier.ReadFields(dib);
            NUnit.Framework.Assert.AreEqual(cId, containerTokenIdentifier.GetContainerID());
            NUnit.Framework.Assert.AreEqual(cId.ToString(), containerTokenIdentifier.GetContainerID
                                                ().ToString());
            Org.Apache.Hadoop.Yarn.Api.Records.Token nmToken = nmTokenSecretManagerInRM.CreateNMToken
                                                                   (appAttemptId, nodeId, user);
            YarnRPC rpc = YarnRPC.Create(conf);

            TestStartContainer(rpc, appAttemptId, nodeId, containerToken, nmToken, false);
            IList <ContainerId> containerIds = new List <ContainerId>();

            containerIds.AddItem(cId);
            ContainerManagementProtocol proxy = GetContainerManagementProtocolProxy(rpc, nmToken
                                                                                    , nodeId, user);
            GetContainerStatusesResponse res = proxy.GetContainerStatuses(GetContainerStatusesRequest
                                                                          .NewInstance(containerIds));

            NUnit.Framework.Assert.IsNotNull(res.GetContainerStatuses()[0]);
            NUnit.Framework.Assert.AreEqual(cId, res.GetContainerStatuses()[0].GetContainerId
                                                ());
            NUnit.Framework.Assert.AreEqual(cId.ToString(), res.GetContainerStatuses()[0].GetContainerId
                                                ().ToString());
        }
Пример #3
0
        /// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
        /// <exception cref="System.IO.IOException"/>
        public virtual RegisterNodeManagerResponse RegisterNodeManager(RegisterNodeManagerRequest
                                                                       request)
        {
            NodeId   nodeId                      = request.GetNodeId();
            string   host                        = nodeId.GetHost();
            int      cmPort                      = nodeId.GetPort();
            int      httpPort                    = request.GetHttpPort();
            Resource capability                  = request.GetResource();
            string   nodeManagerVersion          = request.GetNMVersion();
            RegisterNodeManagerResponse response = recordFactory.NewRecordInstance <RegisterNodeManagerResponse
                                                                                    >();

            if (!minimumNodeManagerVersion.Equals("NONE"))
            {
                if (minimumNodeManagerVersion.Equals("EqualToRM"))
                {
                    minimumNodeManagerVersion = YarnVersionInfo.GetVersion();
                }
                if ((nodeManagerVersion == null) || (VersionUtil.CompareVersions(nodeManagerVersion
                                                                                 , minimumNodeManagerVersion)) < 0)
                {
                    string message = "Disallowed NodeManager Version " + nodeManagerVersion + ", is less than the minimum version "
                                     + minimumNodeManagerVersion + " sending SHUTDOWN signal to " + "NodeManager.";
                    Log.Info(message);
                    response.SetDiagnosticsMessage(message);
                    response.SetNodeAction(NodeAction.Shutdown);
                    return(response);
                }
            }
            // Check if this node is a 'valid' node
            if (!this.nodesListManager.IsValidNode(host))
            {
                string message = "Disallowed NodeManager from  " + host + ", Sending SHUTDOWN signal to the NodeManager.";
                Log.Info(message);
                response.SetDiagnosticsMessage(message);
                response.SetNodeAction(NodeAction.Shutdown);
                return(response);
            }
            // Check if this node has minimum allocations
            if (capability.GetMemory() < minAllocMb || capability.GetVirtualCores() < minAllocVcores)
            {
                string message = "NodeManager from  " + host + " doesn't satisfy minimum allocations, Sending SHUTDOWN"
                                 + " signal to the NodeManager.";
                Log.Info(message);
                response.SetDiagnosticsMessage(message);
                response.SetNodeAction(NodeAction.Shutdown);
                return(response);
            }
            response.SetContainerTokenMasterKey(containerTokenSecretManager.GetCurrentKey());
            response.SetNMTokenMasterKey(nmTokenSecretManager.GetCurrentKey());
            RMNode rmNode = new RMNodeImpl(nodeId, rmContext, host, cmPort, httpPort, Resolve
                                               (host), capability, nodeManagerVersion);
            RMNode oldNode = this.rmContext.GetRMNodes().PutIfAbsent(nodeId, rmNode);

            if (oldNode == null)
            {
                this.rmContext.GetDispatcher().GetEventHandler().Handle(new RMNodeStartedEvent(nodeId
                                                                                               , request.GetNMContainerStatuses(), request.GetRunningApplications()));
            }
            else
            {
                Log.Info("Reconnect from the node at: " + host);
                this.nmLivelinessMonitor.Unregister(nodeId);
                // Reset heartbeat ID since node just restarted.
                oldNode.ResetLastNodeHeartBeatResponse();
                this.rmContext.GetDispatcher().GetEventHandler().Handle(new RMNodeReconnectEvent(
                                                                            nodeId, rmNode, request.GetRunningApplications(), request.GetNMContainerStatuses
                                                                                ()));
            }
            // On every node manager register we will be clearing NMToken keys if
            // present for any running application.
            this.nmTokenSecretManager.RemoveNodeKey(nodeId);
            this.nmLivelinessMonitor.Register(nodeId);
            // Handle received container status, this should be processed after new
            // RMNode inserted
            if (!rmContext.IsWorkPreservingRecoveryEnabled())
            {
                if (!request.GetNMContainerStatuses().IsEmpty())
                {
                    Log.Info("received container statuses on node manager register :" + request.GetNMContainerStatuses
                                 ());
                    foreach (NMContainerStatus status in request.GetNMContainerStatuses())
                    {
                        HandleNMContainerStatus(status, nodeId);
                    }
                }
            }
            string message_1 = "NodeManager from node " + host + "(cmPort: " + cmPort + " httpPort: "
                               + httpPort + ") " + "registered with capability: " + capability + ", assigned nodeId "
                               + nodeId;

            Log.Info(message_1);
            response.SetNodeAction(NodeAction.Normal);
            response.SetRMIdentifier(ResourceManager.GetClusterTimeStamp());
            response.SetRMVersion(YarnVersionInfo.GetVersion());
            return(response);
        }
Пример #4
0
        /// <summary>
        /// This tests a malice user getting a proper token but then messing with it by
        /// tampering with containerID/Resource etc..
        /// </summary>
        /// <remarks>
        /// This tests a malice user getting a proper token but then messing with it by
        /// tampering with containerID/Resource etc.. His/her containers should be
        /// rejected.
        /// </remarks>
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="System.Exception"/>
        /// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
        private void TestContainerToken(Configuration conf)
        {
            Log.Info("Running test for malice user");

            /*
             * We need to check for containerToken (authorization).
             * Here we will be assuming that we have valid NMToken
             * 1) ContainerToken used is expired.
             * 2) ContainerToken is tampered (resource is modified).
             */
            NMTokenSecretManagerInRM nmTokenSecretManagerInRM = yarnCluster.GetResourceManager
                                                                    ().GetRMContext().GetNMTokenSecretManager();
            ApplicationId            appId                    = ApplicationId.NewInstance(1, 1);
            ApplicationAttemptId     appAttemptId             = ApplicationAttemptId.NewInstance(appId, 0);
            ContainerId              cId                      = ContainerId.NewContainerId(appAttemptId, 0);
            NodeManager              nm                       = yarnCluster.GetNodeManager(0);
            NMTokenSecretManagerInNM nmTokenSecretManagerInNM = nm.GetNMContext().GetNMTokenSecretManager
                                                                    ();
            string user = "******";

            WaitForNMToReceiveNMTokenKey(nmTokenSecretManagerInNM, nm);
            NodeId nodeId = nm.GetNMContext().GetNodeId();

            // Both id should be equal.
            NUnit.Framework.Assert.AreEqual(nmTokenSecretManagerInNM.GetCurrentKey().GetKeyId
                                                (), nmTokenSecretManagerInRM.GetCurrentKey().GetKeyId());
            RMContainerTokenSecretManager containerTokenSecretManager = yarnCluster.GetResourceManager
                                                                            ().GetRMContext().GetContainerTokenSecretManager();
            Resource r = Resource.NewInstance(1230, 2);

            Org.Apache.Hadoop.Yarn.Api.Records.Token containerToken = containerTokenSecretManager
                                                                      .CreateContainerToken(cId, nodeId, user, r, Priority.NewInstance(0), 0);
            ContainerTokenIdentifier containerTokenIdentifier = GetContainerTokenIdentifierFromToken
                                                                    (containerToken);
            // Verify new compatible version ContainerTokenIdentifier can work successfully.
            ContainerTokenIdentifierForTest newVersionTokenIdentifier = new ContainerTokenIdentifierForTest
                                                                            (containerTokenIdentifier, "message");

            byte[] password = containerTokenSecretManager.CreatePassword(newVersionTokenIdentifier
                                                                         );
            Org.Apache.Hadoop.Yarn.Api.Records.Token newContainerToken = BuilderUtils.NewContainerToken
                                                                             (nodeId, password, newVersionTokenIdentifier);
            Org.Apache.Hadoop.Yarn.Api.Records.Token nmToken = nmTokenSecretManagerInRM.CreateNMToken
                                                                   (appAttemptId, nodeId, user);
            YarnRPC rpc = YarnRPC.Create(conf);

            NUnit.Framework.Assert.IsTrue(TestStartContainer(rpc, appAttemptId, nodeId, newContainerToken
                                                             , nmToken, false).IsEmpty());
            // Creating a tampered Container Token
            RMContainerTokenSecretManager tamperedContainerTokenSecretManager = new RMContainerTokenSecretManager
                                                                                    (conf);

            tamperedContainerTokenSecretManager.RollMasterKey();
            do
            {
                tamperedContainerTokenSecretManager.RollMasterKey();
                tamperedContainerTokenSecretManager.ActivateNextMasterKey();
            }while (containerTokenSecretManager.GetCurrentKey().GetKeyId() == tamperedContainerTokenSecretManager
                    .GetCurrentKey().GetKeyId());
            ContainerId cId2 = ContainerId.NewContainerId(appAttemptId, 1);

            // Creating modified containerToken
            Org.Apache.Hadoop.Yarn.Api.Records.Token containerToken2 = tamperedContainerTokenSecretManager
                                                                       .CreateContainerToken(cId2, nodeId, user, r, Priority.NewInstance(0), 0);
            StringBuilder sb = new StringBuilder("Given Container ");

            sb.Append(cId2);
            sb.Append(" seems to have an illegally generated token.");
            NUnit.Framework.Assert.IsTrue(TestStartContainer(rpc, appAttemptId, nodeId, containerToken2
                                                             , nmToken, true).Contains(sb.ToString()));
        }
Пример #5
0
        /// <exception cref="System.Exception"/>
        private void TestNMTokens(Configuration conf)
        {
            NMTokenSecretManagerInRM nmTokenSecretManagerRM = yarnCluster.GetResourceManager(
                ).GetRMContext().GetNMTokenSecretManager();
            NMTokenSecretManagerInNM nmTokenSecretManagerNM = yarnCluster.GetNodeManager(0).GetNMContext
                                                                  ().GetNMTokenSecretManager();
            RMContainerTokenSecretManager containerTokenSecretManager = yarnCluster.GetResourceManager
                                                                            ().GetRMContext().GetContainerTokenSecretManager();
            NodeManager nm = yarnCluster.GetNodeManager(0);

            WaitForNMToReceiveNMTokenKey(nmTokenSecretManagerNM, nm);
            // Both id should be equal.
            NUnit.Framework.Assert.AreEqual(nmTokenSecretManagerNM.GetCurrentKey().GetKeyId()
                                            , nmTokenSecretManagerRM.GetCurrentKey().GetKeyId());

            /*
             * Below cases should be tested.
             * 1) If Invalid NMToken is used then it should be rejected.
             * 2) If valid NMToken but belonging to another Node is used then that
             * too should be rejected.
             * 3) NMToken for say appAttempt-1 is used for starting/stopping/retrieving
             * status for container with containerId for say appAttempt-2 should
             * be rejected.
             * 4) After start container call is successful nmtoken should have been
             * saved in NMTokenSecretManagerInNM.
             * 5) If start container call was successful (no matter if container is
             * still running or not), appAttempt->NMToken should be present in
             * NMTokenSecretManagerInNM's cache. Any future getContainerStatus call
             * for containerId belonging to that application attempt using
             * applicationAttempt's older nmToken should not get any invalid
             * nmToken error. (This can be best tested if we roll over NMToken
             * master key twice).
             */
            YarnRPC              rpc               = YarnRPC.Create(conf);
            string               user              = "******";
            Resource             r                 = Resource.NewInstance(1024, 1);
            ApplicationId        appId             = ApplicationId.NewInstance(1, 1);
            ApplicationAttemptId validAppAttemptId = ApplicationAttemptId.NewInstance(appId,
                                                                                      1);
            ContainerId validContainerId = ContainerId.NewContainerId(validAppAttemptId, 0);
            NodeId      validNode        = yarnCluster.GetNodeManager(0).GetNMContext().GetNodeId();
            NodeId      invalidNode      = NodeId.NewInstance("InvalidHost", 1234);
            Token       validNMToken     = nmTokenSecretManagerRM.CreateNMToken(validAppAttemptId, validNode
                                                                                , user);
            Token validContainerToken = containerTokenSecretManager.CreateContainerToken(validContainerId
                                                                                         , validNode, user, r, Priority.NewInstance(10), 1234);
            ContainerTokenIdentifier identifier = BuilderUtils.NewContainerTokenIdentifier(validContainerToken
                                                                                           );

            NUnit.Framework.Assert.AreEqual(Priority.NewInstance(10), identifier.GetPriority(
                                                ));
            NUnit.Framework.Assert.AreEqual(1234, identifier.GetCreationTime());
            StringBuilder sb;
            // testInvalidNMToken ... creating NMToken using different secret manager.
            NMTokenSecretManagerInRM tempManager = new NMTokenSecretManagerInRM(conf);

            tempManager.RollMasterKey();
            do
            {
                tempManager.RollMasterKey();
                tempManager.ActivateNextMasterKey();
            }while (tempManager.GetCurrentKey().GetKeyId() == nmTokenSecretManagerRM.GetCurrentKey
                        ().GetKeyId());
            // Making sure key id is different.
            // Testing that NM rejects the requests when we don't send any token.
            if (UserGroupInformation.IsSecurityEnabled())
            {
                sb = new StringBuilder("Client cannot authenticate via:[TOKEN]");
            }
            else
            {
                sb = new StringBuilder("SIMPLE authentication is not enabled.  Available:[TOKEN]"
                                       );
            }
            string errorMsg = TestStartContainer(rpc, validAppAttemptId, validNode, validContainerToken
                                                 , null, true);

            NUnit.Framework.Assert.IsTrue(errorMsg.Contains(sb.ToString()));
            Token invalidNMToken = tempManager.CreateNMToken(validAppAttemptId, validNode, user
                                                             );

            sb = new StringBuilder("Given NMToken for application : ");
            sb.Append(validAppAttemptId.ToString()).Append(" seems to have been generated illegally."
                                                           );
            NUnit.Framework.Assert.IsTrue(sb.ToString().Contains(TestStartContainer(rpc, validAppAttemptId
                                                                                    , validNode, validContainerToken, invalidNMToken, true)));
            // valid NMToken but belonging to other node
            invalidNMToken = nmTokenSecretManagerRM.CreateNMToken(validAppAttemptId, invalidNode
                                                                  , user);
            sb = new StringBuilder("Given NMToken for application : ");
            sb.Append(validAppAttemptId).Append(" is not valid for current node manager.expected : "
                                                ).Append(validNode.ToString()).Append(" found : ").Append(invalidNode.ToString()
                                                                                                          );
            NUnit.Framework.Assert.IsTrue(sb.ToString().Contains(TestStartContainer(rpc, validAppAttemptId
                                                                                    , validNode, validContainerToken, invalidNMToken, true)));
            // using correct tokens. nmtoken for app attempt should get saved.
            conf.SetInt(YarnConfiguration.RmContainerAllocExpiryIntervalMs, 4 * 60 * 1000);
            validContainerToken = containerTokenSecretManager.CreateContainerToken(validContainerId
                                                                                   , validNode, user, r, Priority.NewInstance(0), 0);
            NUnit.Framework.Assert.IsTrue(TestStartContainer(rpc, validAppAttemptId, validNode
                                                             , validContainerToken, validNMToken, false).IsEmpty());
            NUnit.Framework.Assert.IsTrue(nmTokenSecretManagerNM.IsAppAttemptNMTokenKeyPresent
                                              (validAppAttemptId));
            // using a new compatible version nmtoken, expect container can be started
            // successfully.
            ApplicationAttemptId validAppAttemptId2 = ApplicationAttemptId.NewInstance(appId,
                                                                                       2);
            ContainerId validContainerId2    = ContainerId.NewContainerId(validAppAttemptId2, 0);
            Token       validContainerToken2 = containerTokenSecretManager.CreateContainerToken(validContainerId2
                                                                                                , validNode, user, r, Priority.NewInstance(0), 0);
            Token validNMToken2 = nmTokenSecretManagerRM.CreateNMToken(validAppAttemptId2, validNode
                                                                       , user);
            // First, get a new NMTokenIdentifier.
            NMTokenIdentifier newIdentifier = new NMTokenIdentifier();

            byte[]          tokenIdentifierContent = ((byte[])validNMToken2.GetIdentifier().Array());
            DataInputBuffer dib = new DataInputBuffer();

            dib.Reset(tokenIdentifierContent, tokenIdentifierContent.Length);
            newIdentifier.ReadFields(dib);
            // Then, generate a new version NMTokenIdentifier (NMTokenIdentifierNewForTest)
            // with additional field of message.
            NMTokenIdentifierNewForTest newVersionIdentifier = new NMTokenIdentifierNewForTest
                                                                   (newIdentifier, "message");

            // check new version NMTokenIdentifier has correct info.
            NUnit.Framework.Assert.AreEqual("The ApplicationAttemptId is changed after set to "
                                            + "newVersionIdentifier", validAppAttemptId2.GetAttemptId(), newVersionIdentifier
                                            .GetApplicationAttemptId().GetAttemptId());
            NUnit.Framework.Assert.AreEqual("The message is changed after set to newVersionIdentifier"
                                            , "message", newVersionIdentifier.GetMessage());
            NUnit.Framework.Assert.AreEqual("The NodeId is changed after set to newVersionIdentifier"
                                            , validNode, newVersionIdentifier.GetNodeId());
            // create new Token based on new version NMTokenIdentifier.
            Token newVersionedNMToken = BaseNMTokenSecretManager.NewInstance(nmTokenSecretManagerRM
                                                                             .RetrievePassword(newVersionIdentifier), newVersionIdentifier);

            // Verify startContainer is successful and no exception is thrown.
            NUnit.Framework.Assert.IsTrue(TestStartContainer(rpc, validAppAttemptId2, validNode
                                                             , validContainerToken2, newVersionedNMToken, false).IsEmpty());
            NUnit.Framework.Assert.IsTrue(nmTokenSecretManagerNM.IsAppAttemptNMTokenKeyPresent
                                              (validAppAttemptId2));
            //Now lets wait till container finishes and is removed from node manager.
            WaitForContainerToFinishOnNM(validContainerId);
            sb = new StringBuilder("Attempt to relaunch the same container with id ");
            sb.Append(validContainerId);
            NUnit.Framework.Assert.IsTrue(TestStartContainer(rpc, validAppAttemptId, validNode
                                                             , validContainerToken, validNMToken, true).Contains(sb.ToString()));
            // Container is removed from node manager's memory by this time.
            // trying to stop the container. It should not throw any exception.
            TestStopContainer(rpc, validAppAttemptId, validNode, validContainerId, validNMToken
                              , false);
            // Rolling over master key twice so that we can check whether older keys
            // are used for authentication.
            RollNMTokenMasterKey(nmTokenSecretManagerRM, nmTokenSecretManagerNM);
            // Key rolled over once.. rolling over again
            RollNMTokenMasterKey(nmTokenSecretManagerRM, nmTokenSecretManagerNM);
            // trying get container status. Now saved nmToken should be used for
            // authentication... It should complain saying container was recently
            // stopped.
            sb = new StringBuilder("Container ");
            sb.Append(validContainerId);
            sb.Append(" was recently stopped on node manager");
            NUnit.Framework.Assert.IsTrue(TestGetContainer(rpc, validAppAttemptId, validNode,
                                                           validContainerId, validNMToken, true).Contains(sb.ToString()));
            // Now lets remove the container from nm-memory
            nm.GetNodeStatusUpdater().ClearFinishedContainersFromCache();
            // This should fail as container is removed from recently tracked finished
            // containers.
            sb = new StringBuilder("Container ");
            sb.Append(validContainerId.ToString());
            sb.Append(" is not handled by this NodeManager");
            NUnit.Framework.Assert.IsTrue(TestGetContainer(rpc, validAppAttemptId, validNode,
                                                           validContainerId, validNMToken, false).Contains(sb.ToString()));
            // using appAttempt-1 NMtoken for launching container for appAttempt-2 should
            // succeed.
            ApplicationAttemptId attempt2 = ApplicationAttemptId.NewInstance(appId, 2);
            Token attempt1NMToken         = nmTokenSecretManagerRM.CreateNMToken(validAppAttemptId, validNode
                                                                                 , user);
            Token newContainerToken = containerTokenSecretManager.CreateContainerToken(ContainerId
                                                                                       .NewContainerId(attempt2, 1), validNode, user, r, Priority.NewInstance(0), 0);

            NUnit.Framework.Assert.IsTrue(TestStartContainer(rpc, attempt2, validNode, newContainerToken
                                                             , attempt1NMToken, false).IsEmpty());
        }