Package org.apache.hadoop.yarn.api.records

Examples of org.apache.hadoop.yarn.api.records.ContainerToken

1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
        unreserve(application, priority, node, rmContainer);
      }

      // Create container tokens in secure-mode
      if (UserGroupInformation.isSecurityEnabled()) {
        ContainerToken containerToken =
            createContainerToken(application, container);
        if (containerToken == null) {
          // Something went wrong...
          return Resources.none();
        }
View Full Code Here
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
    return container;
  }

  public static ContainerToken newContainerToken(NodeId nodeId,
      ByteBuffer password, ContainerTokenIdentifier tokenIdentifier) {
    ContainerToken containerToken = recordFactory
        .newRecordInstance(ContainerToken.class);
    containerToken.setIdentifier(ByteBuffer.wrap(tokenIdentifier.getBytes()));
    containerToken.setKind(ContainerTokenIdentifier.KIND.toString());
    containerToken.setPassword(password);
    // RPC layer client expects ip:port as service for tokens
    InetSocketAddress addr = NetUtils.createSocketAddr(nodeId.getHost(),
        nodeId.getPort());
    containerToken.setService(addr.getAddress().getHostAddress() + ":"
        + addr.getPort());
    return containerToken;
  }
View Full Code Here
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
    final YarnRPC rpc = YarnRPC.create(conf); // TODO: Don't create again and again.

    UserGroupInformation currentUser = UserGroupInformation
        .createRemoteUser(containerId.toString());
    if (UserGroupInformation.isSecurityEnabled()) {
      ContainerToken containerToken = container.getContainerToken();
      Token<ContainerTokenIdentifier> token =
          new Token<ContainerTokenIdentifier>(
              containerToken.getIdentifier().array(),
              containerToken.getPassword().array(), new Text(
                  containerToken.getKind()), new Text(
                  containerToken.getService()));
      currentUser.addToken(token);
    }
    return currentUser.doAs(new PrivilegedAction<ContainerManager>() {
      @Override
      public ContainerManager run() {
View Full Code Here
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
      Resource capability, Priority priority) {

    NodeId nodeId = node.getRMNode().getNodeID();
    ContainerId containerId = BuilderUtils.newContainerId(application
        .getApplicationAttemptId(), application.getNewContainerId());
    ContainerToken containerToken = null;

    // If security is enabled, send the container-tokens too.
    if (UserGroupInformation.isSecurityEnabled()) {
      ContainerTokenIdentifier tokenIdentifier = new ContainerTokenIdentifier(
          containerId, nodeId.toString(), capability);
View Full Code Here
511
512
513
514
515
516
517
518
519
520
521
      for (int i=0; i < assignedContainers; ++i) {

        NodeId nodeId = node.getRMNode().getNodeID();
        ContainerId containerId = BuilderUtils.newContainerId(application
            .getApplicationAttemptId(), application.getNewContainerId());
        ContainerToken containerToken = null;

        // If security is enabled, send the container-tokens too.
        if (UserGroupInformation.isSecurityEnabled()) {
          ContainerTokenIdentifier tokenIdentifier = new ContainerTokenIdentifier(
              containerId, nodeId.toString(), capability);
View Full Code Here
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
        unreserve(application, priority, node, rmContainer);
      }

      // Create container tokens in secure-mode
      if (UserGroupInformation.isSecurityEnabled()) {
        ContainerToken containerToken =
            createContainerToken(application, container);
        if (containerToken == null) {
          // Something went wrong...
          return Resources.none();
        }
View Full Code Here
530
531
532
533
534
535
536
537
538
539
540
      for (int i=0; i < assignedContainers; ++i) {

        NodeId nodeId = node.getRMNode().getNodeID();
        ContainerId containerId = BuilderUtils.newContainerId(application
            .getApplicationAttemptId(), application.getNewContainerId());
        ContainerToken containerToken = null;

        // If security is enabled, send the container-tokens too.
        if (UserGroupInformation.isSecurityEnabled()) {
          containerToken =
              this.rmContext.getContainerTokenSecretManager()
View Full Code Here
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
      Resource capability, Priority priority) {

    NodeId nodeId = node.getRMNode().getNodeID();
    ContainerId containerId = BuilderUtils.newContainerId(application
        .getApplicationAttemptId(), application.getNewContainerId());
    ContainerToken containerToken = null;

    // If security is enabled, send the container-tokens too.
    if (UserGroupInformation.isSecurityEnabled()) {
      containerToken =
          containerTokenSecretManager.createContainerToken(containerId, nodeId,
View Full Code Here
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
    // Now talk to the NM for launching the container.
    final ContainerId containerID = allocatedContainer.getId();
    UserGroupInformation authenticatedUser = UserGroupInformation
        .createRemoteUser(containerID.toString());
    ContainerToken containerToken = allocatedContainer.getContainerToken();
    Token<ContainerTokenIdentifier> token = new Token<ContainerTokenIdentifier>(
        containerToken.getIdentifier().array(), containerToken.getPassword()
            .array(), new Text(containerToken.getKind()), new Text(
            containerToken.getService()));
    authenticatedUser.addToken(token);
    authenticatedUser.doAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        ContainerManager client = (ContainerManager) yarnRPC.getProxy(
View Full Code Here
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
    // Now talk to the NM for launching the container with modified resource
    final ContainerId containerID = allocatedContainer.getId();
    UserGroupInformation maliceUser = UserGroupInformation
        .createRemoteUser(containerID.toString());

    ContainerToken containerToken = allocatedContainer.getContainerToken();
    byte[] identifierBytes = containerToken.getIdentifier().array();

    DataInputBuffer di = new DataInputBuffer();
    di.reset(identifierBytes, identifierBytes.length);

    ContainerTokenIdentifier dummyIdentifier = new ContainerTokenIdentifier();
    dummyIdentifier.readFields(di);

    // Malice user modifies the resource amount
    Resource modifiedResource = BuilderUtils.newResource(2048);
    ContainerTokenIdentifier modifiedIdentifier = new ContainerTokenIdentifier(
        dummyIdentifier.getContainerID(), dummyIdentifier.getNmHostAddress(),
        modifiedResource, Long.MAX_VALUE, dummyIdentifier.getMasterKeyId());
    Token<ContainerTokenIdentifier> modifiedToken = new Token<ContainerTokenIdentifier>(
        modifiedIdentifier.getBytes(), containerToken.getPassword().array(),
        new Text(containerToken.getKind()), new Text(containerToken
            .getService()));
    maliceUser.addToken(modifiedToken);
    maliceUser.doAs(new PrivilegedAction<Void>() {
      @Override
      public Void run() {
View Full Code Here
TOP

Related Classes of org.apache.hadoop.yarn.api.records.ContainerToken

  • org.apache.hadoop.mapreduce.v2.app.launcher.ContainerLauncherImpl$Container
  • org.apache.hadoop.mapreduce.v2.app.launcher.ContainerLauncherImpl$EventProcessor
  • org.apache.hadoop.yarn.server.resourcemanager.amlauncher.AMLauncher
  • org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.LeafQueue
  • org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.AppSchedulable
  • org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler
  • org.apache.hadoop.yarn.server.TestContainerManagerSecurity
  • org.apache.hadoop.yarn.util.BuilderUtils
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.