Package org.apache.hadoop.yarn.server.resourcemanager.security

Class DelegationTokenRenewer

java.lang.Object
org.apache.hadoop.service.AbstractService
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer
All Implemented Interfaces:
Closeable, AutoCloseable, org.apache.hadoop.service.Service
@Private @Unstable public class DelegationTokenRenewer extends org.apache.hadoop.service.AbstractService
Service to renew application delegation tokens.

  • Field Details

    • HDFS_DELEGATION_KIND

      @VisibleForTesting public static final org.apache.hadoop.io.Text HDFS_DELEGATION_KIND

    • SCHEME

      public static final String SCHEME
      See Also:

    • RM_SYSTEM_CREDENTIALS_VALID_TIME_REMAINING

      public static final String RM_SYSTEM_CREDENTIALS_VALID_TIME_REMAINING
      See Also:

    • DEFAULT_RM_SYSTEM_CREDENTIALS_VALID_TIME_REMAINING

      public static final long DEFAULT_RM_SYSTEM_CREDENTIALS_VALID_TIME_REMAINING
      See Also:

  • Constructor Details

    • DelegationTokenRenewer

      public DelegationTokenRenewer()

  • Method Details

    • serviceInit

      protected void serviceInit(org.apache.hadoop.conf.Configuration conf) throws Exception
      Overrides:
      serviceInit in class org.apache.hadoop.service.AbstractService
      Throws:
      Exception

    • createNewThreadPoolService

      protected ThreadPoolExecutor createNewThreadPoolService(org.apache.hadoop.conf.Configuration conf)

    • serviceStart

      protected void serviceStart() throws Exception
      Overrides:
      serviceStart in class org.apache.hadoop.service.AbstractService
      Throws:
      Exception

    • serviceStop

      protected void serviceStop()
      Overrides:
      serviceStop in class org.apache.hadoop.service.AbstractService

    • getDelegationTokens

      @VisibleForTesting public Set<org.apache.hadoop.security.token.Token<?>> getDelegationTokens()

    • addApplicationAsync

      public void addApplicationAsync(org.apache.hadoop.yarn.api.records.ApplicationId applicationId, org.apache.hadoop.security.Credentials ts, boolean shouldCancelAtEnd, String user, org.apache.hadoop.conf.Configuration tokenConf)
      Asynchronously add application tokens for renewal.
      Parameters:
      applicationId - added application
      ts - tokens
      shouldCancelAtEnd - true if tokens should be canceled when the app is done else false.
      user - user
      tokenConf - tokenConf sent by the app-submitter

    • addApplicationAsyncDuringRecovery

      public void addApplicationAsyncDuringRecovery(org.apache.hadoop.yarn.api.records.ApplicationId applicationId, org.apache.hadoop.security.Credentials ts, boolean shouldCancelAtEnd, String user, org.apache.hadoop.conf.Configuration tokenConf)
      Asynchronously add application tokens for renewal.
      Parameters:
      applicationId - added application
      ts - tokens
      shouldCancelAtEnd - true if tokens should be canceled when the app is done else false.
      user - user
      tokenConf - tokenConf sent by the app-submitter

    • addApplicationSync

      public void addApplicationSync(org.apache.hadoop.yarn.api.records.ApplicationId applicationId, org.apache.hadoop.security.Credentials ts, boolean shouldCancelAtEnd, String user) throws IOException, InterruptedException
      Throws:
      IOException
      InterruptedException

    • setTimerForTokenRenewal

      @VisibleForTesting protected void setTimerForTokenRenewal(DelegationTokenRenewer.DelegationTokenToRenew token) throws IOException
      set task to renew the token.
      Parameters:
      token - DelegationTokenToRenew.
      Throws:
      IOException - if an IO error occurred.

    • renewToken

      @VisibleForTesting protected void renewToken(DelegationTokenRenewer.DelegationTokenToRenew dttr) throws IOException
      Throws:
      IOException

    • obtainSystemTokensForUser

      @VisibleForTesting protected org.apache.hadoop.security.token.Token<?>[] obtainSystemTokensForUser(String user, org.apache.hadoop.security.Credentials credentials) throws IOException, InterruptedException
      Throws:
      IOException
      InterruptedException

    • applicationFinished

      public void applicationFinished(org.apache.hadoop.yarn.api.records.ApplicationId applicationId)
      Removing delegation token for completed applications.
      Parameters:
      applicationId - completed application

    • updateKeepAliveApplications

      public void updateKeepAliveApplications(List<org.apache.hadoop.yarn.api.records.ApplicationId> appIds)
      Add a list of applications to the keep alive list. If an appId already exists, update it's keep-alive time.
      Parameters:
      appIds - the list of applicationIds to be kept alive.

    • setRMContext

      public void setRMContext(RMContext rmContext)

    • setDelegationTokenRenewerPoolTracker

      @VisibleForTesting public void setDelegationTokenRenewerPoolTracker(boolean flag)

    • getAllTokens

      protected ConcurrentMap<org.apache.hadoop.security.token.Token<?>,DelegationTokenRenewer.DelegationTokenToRenew> getAllTokens()