Package org.apache.hadoop.yarn.api.records

Examples of org.apache.hadoop.yarn.api.records.ContainerToken

1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
      Resource capability, Priority priority) {

    NodeId nodeId = node.getRMNode().getNodeID();
    ContainerId containerId = BuilderUtils.newContainerId(application
        .getApplicationAttemptId(), application.getNewContainerId());
    ContainerToken containerToken = null;

    // If security is enabled, send the container-tokens too.
    if (UserGroupInformation.isSecurityEnabled()) {
      containerToken =
          containerTokenSecretManager.createContainerToken(containerId, nodeId,
View Full Code Here
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
    // Now talk to the NM for launching the container.
    final ContainerId containerID = allocatedContainer.getId();
    UserGroupInformation authenticatedUser = UserGroupInformation
        .createRemoteUser(containerID.toString());
    ContainerToken containerToken = allocatedContainer.getContainerToken();
    Token<ContainerTokenIdentifier> token = new Token<ContainerTokenIdentifier>(
        containerToken.getIdentifier().array(), containerToken.getPassword()
            .array(), new Text(containerToken.getKind()), new Text(
            containerToken.getService()));
    authenticatedUser.addToken(token);
    authenticatedUser.doAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        ContainerManager client = (ContainerManager) yarnRPC.getProxy(
View Full Code Here
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
    // Now talk to the NM for launching the container with modified resource
    final ContainerId containerID = allocatedContainer.getId();
    UserGroupInformation maliceUser = UserGroupInformation
        .createRemoteUser(containerID.toString());

    ContainerToken containerToken = allocatedContainer.getContainerToken();
    byte[] identifierBytes = containerToken.getIdentifier().array();

    DataInputBuffer di = new DataInputBuffer();
    di.reset(identifierBytes, identifierBytes.length);

    ContainerTokenIdentifier dummyIdentifier = new ContainerTokenIdentifier();
    dummyIdentifier.readFields(di);

    // Malice user modifies the resource amount
    Resource modifiedResource = BuilderUtils.newResource(2048);
    ContainerTokenIdentifier modifiedIdentifier = new ContainerTokenIdentifier(
        dummyIdentifier.getContainerID(), dummyIdentifier.getNmHostAddress(),
        modifiedResource, Long.MAX_VALUE);
    Token<ContainerTokenIdentifier> modifiedToken = new Token<ContainerTokenIdentifier>(
        modifiedIdentifier.getBytes(), containerToken.getPassword().array(),
        new Text(containerToken.getKind()), new Text(containerToken
            .getService()));
    maliceUser.addToken(modifiedToken);
    maliceUser.doAs(new PrivilegedAction<Void>() {
      @Override
      public Void run() {
View Full Code Here
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
    final ContainerId containerID = allocatedContainer.getId();

    /////////// Test calls with illegal containerIDs and illegal Resources
    UserGroupInformation unauthorizedUser = UserGroupInformation
        .createRemoteUser(containerID.toString());
    ContainerToken containerToken = allocatedContainer.getContainerToken();

    byte[] identifierBytes = containerToken.getIdentifier().array();
    DataInputBuffer di = new DataInputBuffer();
    di.reset(identifierBytes, identifierBytes.length);
    final ContainerTokenIdentifier tokenId = new ContainerTokenIdentifier();
    tokenId.readFields(di);

    Token<ContainerTokenIdentifier> token = new Token<ContainerTokenIdentifier>(
        identifierBytes, containerToken.getPassword().array(), new Text(
            containerToken.getKind()), new Text(containerToken.getService()));

    unauthorizedUser.addToken(token);
    ContainerManager client =
        unauthorizedUser.doAs(new PrivilegedAction<ContainerManager>() {
      @Override
      public ContainerManager run() {
        ContainerManager client = (ContainerManager) yarnRPC.getProxy(
            ContainerManager.class, NetUtils
                .createSocketAddr(allocatedContainer.getNodeId().toString()),
            conf);

        LOG.info("Going to contact NM:  unauthorized request");

        callWithIllegalContainerID(client, tokenId);
        callWithIllegalResource(client, tokenId);

        return client;
      }
    });
   
    /////////// End of testing for illegal containerIDs and illegal Resources

    /////////// Test calls with expired tokens
    RPC.stopProxy(client);
    unauthorizedUser = UserGroupInformation
        .createRemoteUser(containerID.toString());

    final ContainerTokenIdentifier newTokenId =
        new ContainerTokenIdentifier(tokenId.getContainerID(),
          tokenId.getNmHostAddress(), tokenId.getResource(),
          System.currentTimeMillis() - 1);
    byte[] passowrd =
        resourceManager.getContainerTokenSecretManager().createPassword(
            newTokenId);
    // Create a valid token by using the key from the RM.
    token = new Token<ContainerTokenIdentifier>(
        newTokenId.getBytes(), passowrd, new Text(
            containerToken.getKind()), new Text(containerToken.getService()));
   
   
   
    unauthorizedUser.addToken(token);
    unauthorizedUser.doAs(new PrivilegedAction<Void>() {
View Full Code Here
128
129
130
131
132
133
134
135
136
137
138
      }
     

      final String containerManagerBindAddr = event.getContainerMgrAddress();
      ContainerId containerID = event.getContainerID();
      ContainerToken containerToken = event.getContainerToken();

      ContainerManager proxy = null;
      try {

        proxy = getCMProxy(containerID, containerManagerBindAddr,
View Full Code Here
185
186
187
188
189
190
191
192
193
194
195
      if(this.state == ContainerState.PREP) {
        this.state = ContainerState.KILLED_BEFORE_LAUNCH;
      } else {
        final String containerManagerBindAddr = event.getContainerMgrAddress();
        ContainerId containerID = event.getContainerID();
        ContainerToken containerToken = event.getContainerToken();
        TaskAttemptId taskAttemptID = event.getTaskAttemptID();
        LOG.info("KILLING " + taskAttemptID);

        ContainerManager proxy = null;
        try {
View Full Code Here
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
        unreserve(application, priority, node, rmContainer);
      }

      // Create container tokens in secure-mode
      if (UserGroupInformation.isSecurityEnabled()) {
        ContainerToken containerToken =
            createContainerToken(application, container);
        if (containerToken == null) {
          // Something went wrong...
          return Resources.none();
        }
View Full Code Here
533
534
535
536
537
538
539
540
541
542
543
      for (int i=0; i < assignedContainers; ++i) {

        NodeId nodeId = node.getRMNode().getNodeID();
        ContainerId containerId = BuilderUtils.newContainerId(application
            .getApplicationAttemptId(), application.getNewContainerId());
        ContainerToken containerToken = null;

        // If security is enabled, send the container-tokens too.
        if (UserGroupInformation.isSecurityEnabled()) {
          ContainerTokenIdentifier tokenIdentifier = new ContainerTokenIdentifier(
              containerId, nodeId.toString(), capability);
View Full Code Here
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
    // Now talk to the NM for launching the container.
    final ContainerId containerID = allocatedContainer.getId();
    UserGroupInformation authenticatedUser = UserGroupInformation
        .createRemoteUser(containerID.toString());
    ContainerToken containerToken = allocatedContainer.getContainerToken();
    Token<ContainerTokenIdentifier> token = new Token<ContainerTokenIdentifier>(
        containerToken.getIdentifier().array(), containerToken.getPassword()
            .array(), new Text(containerToken.getKind()), new Text(
            containerToken.getService()));
    authenticatedUser.addToken(token);
    authenticatedUser.doAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        ContainerManager client = (ContainerManager) yarnRPC.getProxy(
View Full Code Here
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
    // Now talk to the NM for launching the container with modified resource
    final ContainerId containerID = allocatedContainer.getId();
    UserGroupInformation maliceUser = UserGroupInformation
        .createRemoteUser(containerID.toString());

    ContainerToken containerToken = allocatedContainer.getContainerToken();
    byte[] identifierBytes = containerToken.getIdentifier().array();

    DataInputBuffer di = new DataInputBuffer();
    di.reset(identifierBytes, identifierBytes.length);

    ContainerTokenIdentifier dummyIdentifier = new ContainerTokenIdentifier();
    dummyIdentifier.readFields(di);
    // Malice user modifies the resource amount
    Resource modifiedResource = BuilderUtils.newResource(2048);
    ContainerTokenIdentifier modifiedIdentifier = new ContainerTokenIdentifier(
        dummyIdentifier.getContainerID(), dummyIdentifier.getNmHostAddress(),
        modifiedResource);
    Token<ContainerTokenIdentifier> modifiedToken = new Token<ContainerTokenIdentifier>(
        modifiedIdentifier.getBytes(), containerToken.getPassword().array(),
        new Text(containerToken.getKind()), new Text(containerToken
            .getService()));
    maliceUser.addToken(modifiedToken);
    maliceUser.doAs(new PrivilegedAction<Void>() {
      @Override
      public Void run() {
View Full Code Here
TOP

Related Classes of org.apache.hadoop.yarn.api.records.ContainerToken

  • org.apache.hadoop.mapreduce.v2.app.launcher.ContainerLauncherImpl$Container
  • org.apache.hadoop.mapreduce.v2.app.launcher.ContainerLauncherImpl$EventProcessor
  • org.apache.hadoop.yarn.server.resourcemanager.amlauncher.AMLauncher
  • org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.LeafQueue
  • org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.AppSchedulable
  • org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler
  • org.apache.hadoop.yarn.server.TestContainerManagerSecurity
  • org.apache.hadoop.yarn.util.BuilderUtils
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.