Return-Path: X-Original-To: apmail-hadoop-common-commits-archive@www.apache.org Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3991E10094 for ; Wed, 11 Feb 2015 19:48:25 +0000 (UTC) Received: (qmail 78848 invoked by uid 500); 11 Feb 2015 19:48:20 -0000 Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org Received: (qmail 78408 invoked by uid 500); 11 Feb 2015 19:48:20 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 77839 invoked by uid 99); 11 Feb 2015 19:48:20 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Feb 2015 19:48:20 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id BA874E08E3; Wed, 11 Feb 2015 19:48:19 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: zjshen@apache.org To: common-commits@hadoop.apache.org Date: Wed, 11 Feb 2015 19:48:30 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [12/50] [abbrv] hadoop git commit: YARN-2971. RM uses conf instead of token service address to renew timeline delegation tokens (jeagles) YARN-2971. RM uses conf instead of token service address to renew timeline delegation tokens (jeagles) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/af084258 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/af084258 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/af084258 Branch: refs/heads/YARN-2928 Commit: af0842589359ad800427337ad2c84fac09907f72 Parents: aab459c Author: Jonathan Eagles Authored: Mon Feb 9 17:56:05 2015 -0600 Committer: Jonathan Eagles Committed: Mon Feb 9 17:56:05 2015 -0600 ---------------------------------------------------------------------- hadoop-yarn-project/CHANGES.txt | 3 +++ .../client/api/impl/TimelineClientImpl.java | 22 ++++++++++++++------ .../client/api/impl/TestTimelineClient.java | 14 +++++++++++-- 3 files changed, 31 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/af084258/hadoop-yarn-project/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index 578a8cc..634a0e7 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -519,6 +519,9 @@ Release 2.7.0 - UNRELEASED YARN-3094. Reset timer for liveness monitors after RM recovery. (Jun Gong via jianhe) + YARN-2971. RM uses conf instead of token service address to renew timeline + delegation tokens (jeagles) + Release 2.6.0 - 2014-11-18 INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/af084258/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java index de9d8da..0b88632 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java @@ -23,6 +23,7 @@ import java.io.IOException; import java.lang.reflect.UndeclaredThrowableException; import java.net.ConnectException; import java.net.HttpURLConnection; +import java.net.InetSocketAddress; import java.net.URI; import java.net.URL; import java.net.URLConnection; @@ -45,6 +46,7 @@ import org.apache.hadoop.classification.InterfaceAudience.Private; import org.apache.hadoop.classification.InterfaceStability.Unstable; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.authentication.client.ConnectionConfigurator; import org.apache.hadoop.security.ssl.SSLFactory; import org.apache.hadoop.security.token.Token; @@ -373,12 +375,14 @@ public class TimelineClientImpl extends TimelineClient { == UserGroupInformation.AuthenticationMethod.PROXY; final String doAsUser = isProxyAccess ? UserGroupInformation.getCurrentUser().getShortUserName() : null; + boolean useHttps = YarnConfiguration.useHttps(this.getConfig()); + final String scheme = useHttps ? "https" : "http"; + final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT); PrivilegedExceptionAction renewDTAction = new PrivilegedExceptionAction() { @Override - public Long run() - throws Exception { + public Long run() throws Exception { // If the timeline DT to renew is different than cached, replace it. // Token to set every time for retry, because when exception happens, // DelegationTokenAuthenticatedURL will reset it to null; @@ -388,8 +392,10 @@ public class TimelineClientImpl extends TimelineClient { DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); + final URI serviceURI = new URI(scheme, null, address.getHostName(), + address.getPort(), RESOURCE_URI_STR, null, null); return authUrl - .renewDelegationToken(resURI.toURL(), token, doAsUser); + .renewDelegationToken(serviceURI.toURL(), token, doAsUser); } }; return (Long) operateDelegationToken(renewDTAction); @@ -405,12 +411,14 @@ public class TimelineClientImpl extends TimelineClient { == UserGroupInformation.AuthenticationMethod.PROXY; final String doAsUser = isProxyAccess ? UserGroupInformation.getCurrentUser().getShortUserName() : null; + boolean useHttps = YarnConfiguration.useHttps(this.getConfig()); + final String scheme = useHttps ? "https" : "http"; + final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT); PrivilegedExceptionAction cancelDTAction = new PrivilegedExceptionAction() { @Override - public Void run() - throws Exception { + public Void run() throws Exception { // If the timeline DT to cancel is different than cached, replace it. // Token to set every time for retry, because when exception happens, // DelegationTokenAuthenticatedURL will reset it to null; @@ -420,7 +428,9 @@ public class TimelineClientImpl extends TimelineClient { DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); - authUrl.cancelDelegationToken(resURI.toURL(), token, doAsUser); + final URI serviceURI = new URI(scheme, null, address.getHostName(), + address.getPort(), RESOURCE_URI_STR, null, null); + authUrl.cancelDelegationToken(serviceURI.toURL(), token, doAsUser); return null; } }; http://git-wip-us.apache.org/repos/asf/hadoop/blob/af084258/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java index c8027a2..859a6c9 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClient.java @@ -238,7 +238,10 @@ public class TestTimelineClient { new TimelineDelegationTokenIdentifier( new Text("tester"), new Text("tester"), new Text("tester")); client.renewDelegationToken( - new Token(timelineDT, dtManager)); + new Token(timelineDT.getBytes(), + dtManager.createPassword(timelineDT), + timelineDT.getKind(), + new Text("0.0.0.0:8188"))); assertFail(); } catch (RuntimeException ce) { assertException(client, ce); @@ -250,7 +253,10 @@ public class TestTimelineClient { new TimelineDelegationTokenIdentifier( new Text("tester"), new Text("tester"), new Text("tester")); client.cancelDelegationToken( - new Token(timelineDT, dtManager)); + new Token(timelineDT.getBytes(), + dtManager.createPassword(timelineDT), + timelineDT.getKind(), + new Text("0.0.0.0:8188"))); assertFail(); } catch (RuntimeException ce) { assertException(client, ce); @@ -371,5 +377,9 @@ public class TestTimelineClient { return new TimelineDelegationTokenIdentifier(); } + @Override + public synchronized byte[] createPassword(TimelineDelegationTokenIdentifier identifier) { + return super.createPassword(identifier); + } } }