diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/api/protocolrecords/impl/pb/RegisterApplicationMasterResponsePBImpl.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/api/protocolrecords/impl/pb/RegisterApplicationMasterResponsePBImpl.java index e2962e3..737de04 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/api/protocolrecords/impl/pb/RegisterApplicationMasterResponsePBImpl.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/api/protocolrecords/impl/pb/RegisterApplicationMasterResponsePBImpl.java @@ -211,6 +211,7 @@ public void setApplicationACLs( @Override public void setClientToAMTokenMasterKey(ByteBuffer key) { if (key == null) { + builder.clearClientToAmTokenMasterKey(); return; } maybeInitBuilder(); @@ -219,9 +220,9 @@ public void setClientToAMTokenMasterKey(ByteBuffer key) { @Override public ByteBuffer getClientToAMTokenMasterKey() { - ByteBuffer key = - ByteBuffer.wrap(builder.getClientToAmTokenMasterKey().toByteArray()); - return key; + maybeInitBuilder(); + ByteString key = builder.getClientToAmTokenMasterKey(); + return ByteBuffer.wrap(key.toByteArray()); } private Resource convertFromProtoFormat(ResourceProto resource) { diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ContainerLocalizer.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ContainerLocalizer.java index 706cedd..5d69287 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ContainerLocalizer.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ContainerLocalizer.java @@ -63,8 +63,6 @@ import org.apache.hadoop.yarn.server.nodemanager.api.protocolrecords.LocalizerHeartbeatResponse; import org.apache.hadoop.yarn.server.nodemanager.api.protocolrecords.LocalizerStatus; import org.apache.hadoop.yarn.server.nodemanager.api.protocolrecords.ResourceStatusType; -import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.security.LocalizerTokenIdentifier; -import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.security.LocalizerTokenSecretManager; import org.apache.hadoop.yarn.server.utils.YarnServerBuilderUtils; import org.apache.hadoop.yarn.util.ConverterUtils; import org.apache.hadoop.yarn.util.FSDownload; @@ -141,12 +139,9 @@ public int runLocalization(final InetSocketAddress nmAddr) // create localizer context UserGroupInformation remoteUser = UserGroupInformation.createRemoteUser(user); - LocalizerTokenSecretManager secretManager = - new LocalizerTokenSecretManager(); - LocalizerTokenIdentifier id = secretManager.createIdentifier(); - Token localizerToken = - new Token(id, secretManager); - remoteUser.addToken(localizerToken); + for (Token token : creds.getAllTokens()) { + remoteUser.addToken(token); + } final LocalizationProtocol nodeManager = remoteUser.doAs(new PrivilegedAction() { @Override @@ -155,18 +150,11 @@ public LocalizationProtocol run() { } }); - // create user context - UserGroupInformation ugi = - UserGroupInformation.createRemoteUser(user); - for (Token token : creds.getAllTokens()) { - ugi.addToken(token); - } - ExecutorService exec = null; try { exec = createDownloadThreadPool(); CompletionService ecs = createCompletionService(exec); - localizeFiles(nodeManager, ecs, ugi); + localizeFiles(nodeManager, ecs, remoteUser); return 0; } catch (Throwable e) { // Print traces to stdout so that they can be logged by the NM address @@ -180,7 +168,7 @@ public LocalizationProtocol run() { } LocalDirAllocator.removeContext(appCacheDirContextName); } finally { - closeFileSystems(ugi); + closeFileSystems(remoteUser); } } } diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java index cfd809f..fbaf6c5 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java @@ -108,6 +108,7 @@ import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.event.ResourceLocalizedEvent; import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.event.ResourceReleaseEvent; import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.event.ResourceRequestEvent; +import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.security.LocalizerTokenIdentifier; import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.security.LocalizerTokenSecretManager; import org.apache.hadoop.yarn.server.nodemanager.security.authorize.NMPolicyProvider; import org.apache.hadoop.yarn.server.nodemanager.util.NodeManagerBuilderUtils; @@ -128,6 +129,7 @@ private InetSocketAddress localizationServerAddress; private long cacheTargetSize; private long cacheCleanupPeriod; + private LocalizerTokenSecretManager secretManager; private final ContainerExecutor exec; protected final Dispatcher dispatcher; @@ -267,7 +269,6 @@ LocalizerTracker createLocalizerTracker(Configuration conf) { Server createServer() { Configuration conf = getConfig(); YarnRPC rpc = YarnRPC.create(conf); - LocalizerTokenSecretManager secretManager = null; if (UserGroupInformation.isSecurityEnabled()) { secretManager = new LocalizerTokenSecretManager(); } @@ -1017,6 +1018,10 @@ private void writeCredentials(Path nmPrivateCTokensPath) LOG.debug(tk.getService() + " : " + tk.encodeToUrlString()); } } + LocalizerTokenIdentifier id = secretManager.createIdentifier(); + Token localizerToken = + new Token(id, secretManager); + credentials.addToken(id.getKind(), localizerToken); credentials.writeTokenStorageToStream(tokenOut); } finally { if (tokenOut != null) { diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAMAuthorization.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAMAuthorization.java index c70f809..cf155dd 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAMAuthorization.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAMAuthorization.java @@ -249,6 +249,17 @@ public ApplicationMasterProtocol run() { }); request = Records.newRecord(RegisterApplicationMasterRequest.class); + + request.setApplicationAttemptId(applicationAttemptId); + try { + RegisterApplicationMasterResponse response = + client.registerApplicationMaster(request); + Assert.assertTrue(response.getClientToAMTokenMasterKey() != null); + } catch (Throwable t) { + t.printStackTrace(); + Assert.fail("Exception was not expected!!"); + } + ApplicationAttemptId otherAppAttemptId = BuilderUtils .newApplicationAttemptId(applicationAttemptId.getApplicationId(), 42); request.setApplicationAttemptId(otherAppAttemptId);