Package org.apache.hadoop.yarn.server.resourcemanager.security

Class RMContainerTokenSecretManager

java.lang.Object
org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>
org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager
org.apache.hadoop.yarn.server.resourcemanager.security.RMContainerTokenSecretManager
public class RMContainerTokenSecretManager extends org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager
SecretManager for ContainerTokens. This is RM-specific and rolls the master-keys every so often.

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

    org.apache.hadoop.security.token.SecretManager.InvalidToken

  • Field Summary

    Fields inherited from class org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager

    containerTokenExpiryInterval, currentMasterKey, readLock, readWriteLock, serialNo, writeLock

  • Constructor Summary

    Constructors
    Constructor
    Description
    RMContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    activateNextMasterKey()
    Activate the new master-key
    org.apache.hadoop.yarn.api.records.Token
    createContainerToken(org.apache.hadoop.yarn.api.records.ContainerId containerId, int containerVersion, org.apache.hadoop.yarn.api.records.NodeId nodeId, String appSubmitter, org.apache.hadoop.yarn.api.records.Resource capability, org.apache.hadoop.yarn.api.records.Priority priority, long createTime)
     
    org.apache.hadoop.yarn.api.records.Token
    createContainerToken(org.apache.hadoop.yarn.api.records.ContainerId containerId, int containerVersion, org.apache.hadoop.yarn.api.records.NodeId nodeId, String appSubmitter, org.apache.hadoop.yarn.api.records.Resource capability, org.apache.hadoop.yarn.api.records.Priority priority, long createTime, org.apache.hadoop.yarn.api.records.LogAggregationContext logAggregationContext, String nodeLabelExpression, org.apache.hadoop.yarn.server.api.ContainerType containerType, org.apache.hadoop.yarn.api.records.ExecutionType execType, long allocationRequestId, Set<String> allocationTags)
    Helper function for creating ContainerTokens.
    org.apache.hadoop.yarn.server.api.records.MasterKey
    getNextKey()
     
    void
    rollMasterKey()
    Creates a new master-key and sets it as the primary.
    void
    start()
     
    void
    stop()
     

    Methods inherited from class org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager

    createIdentifier, createNewMasterKey, createPassword, getCurrentKey, retrievePassword, retrievePasswordInternal

    Methods inherited from class org.apache.hadoop.security.token.SecretManager

    checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword, update, validateSecretKeyLength

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • RMContainerTokenSecretManager

      public RMContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)

  • Method Details

    • start

      public void start()

    • stop

      public void stop()

    • rollMasterKey

      @Private public void rollMasterKey()
      Creates a new master-key and sets it as the primary.

    • getNextKey

      @Private public org.apache.hadoop.yarn.server.api.records.MasterKey getNextKey()

    • activateNextMasterKey

      @Private public void activateNextMasterKey()
      Activate the new master-key

    • createContainerToken

      @VisibleForTesting public org.apache.hadoop.yarn.api.records.Token createContainerToken(org.apache.hadoop.yarn.api.records.ContainerId containerId, int containerVersion, org.apache.hadoop.yarn.api.records.NodeId nodeId, String appSubmitter, org.apache.hadoop.yarn.api.records.Resource capability, org.apache.hadoop.yarn.api.records.Priority priority, long createTime)

    • createContainerToken

      public org.apache.hadoop.yarn.api.records.Token createContainerToken(org.apache.hadoop.yarn.api.records.ContainerId containerId, int containerVersion, org.apache.hadoop.yarn.api.records.NodeId nodeId, String appSubmitter, org.apache.hadoop.yarn.api.records.Resource capability, org.apache.hadoop.yarn.api.records.Priority priority, long createTime, org.apache.hadoop.yarn.api.records.LogAggregationContext logAggregationContext, String nodeLabelExpression, org.apache.hadoop.yarn.server.api.ContainerType containerType, org.apache.hadoop.yarn.api.records.ExecutionType execType, long allocationRequestId, Set<String> allocationTags)
      Helper function for creating ContainerTokens.
      Parameters:
      containerId - Container Id
      containerVersion - Container version
      nodeId - Node Id
      appSubmitter - App Submitter
      capability - Capability
      priority - Priority
      createTime - Create Time
      logAggregationContext - Log Aggregation Context
      nodeLabelExpression - Node Label Expression
      containerType - Container Type
      execType - Execution Type
      allocationRequestId - allocationRequestId
      allocationTags - allocation Tags
      Returns:
      the container-token