BaseContainerTokenSecretManager (hadoop-yarn-server-common 2.0.3-alpha API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.yarn.server.security
Class BaseContainerTokenSecretManager

java.lang.Object
  org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>
      org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager

public class BaseContainerTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

SecretManager for ContainerTokens. Extended by both RM and NM and hence is present in yarn-server-common package.

Nested Class Summary
`protected class`	`BaseContainerTokenSecretManager.MasterKeyData`

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
`org.apache.hadoop.security.token.SecretManager.InvalidToken`

Field Summary
`protected long`	`containerTokenExpiryInterval`
`protected BaseContainerTokenSecretManager.MasterKeyData`	`currentMasterKey` THE masterKey.
`protected Lock`	`readLock`
`protected ReadWriteLock`	`readWriteLock`
`protected Lock`	`writeLock`

Constructor Summary
`BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)`

Method Summary
`org.apache.hadoop.yarn.api.records.ContainerToken`	`createContainerToken(org.apache.hadoop.yarn.api.records.ContainerId containerId, org.apache.hadoop.yarn.api.records.NodeId nodeId, String appSubmitter, org.apache.hadoop.yarn.api.records.Resource capability)` Helper function for creating ContainerTokens
`org.apache.hadoop.yarn.security.ContainerTokenIdentifier`	`createIdentifier()` Used by the RPC layer.
`protected BaseContainerTokenSecretManager.MasterKeyData`	`createNewMasterKey()`
`byte[]`	`createPassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)`
`MasterKey`	`getCurrentKey()`
`byte[]`	`retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)`
`protected byte[]`	`retrievePasswordInternal(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier, BaseContainerTokenSecretManager.MasterKeyData masterKey)`

Methods inherited from class org.apache.hadoop.security.token.SecretManager
`checkAvailableForRead, createPassword, createSecretKey, generateSecret`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

readWriteLock

protected final ReadWriteLock readWriteLock

readLock

protected final Lock readLock

writeLock

protected final Lock writeLock

currentMasterKey

protected BaseContainerTokenSecretManager.MasterKeyData currentMasterKey

THE masterKey. ResourceManager should persist this and recover it on restart instead of generating a new key. The NodeManagers get it from the ResourceManager and use it for validating container-tokens.

containerTokenExpiryInterval

protected final long containerTokenExpiryInterval

Constructor Detail

BaseContainerTokenSecretManager

public BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)

Method Detail

createNewMasterKey

protected BaseContainerTokenSecretManager.MasterKeyData createNewMasterKey()

getCurrentKey

@InterfaceAudience.Private
public MasterKey getCurrentKey()

createPassword

public byte[] createPassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)

Specified by:: createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

retrievePassword

public byte[] retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Specified by:: retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

Throws:: org.apache.hadoop.security.token.SecretManager.InvalidToken

retrievePasswordInternal

protected byte[] retrievePasswordInternal(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier,
                                          BaseContainerTokenSecretManager.MasterKeyData masterKey)
                                   throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Throws:: org.apache.hadoop.security.token.SecretManager.InvalidToken

createIdentifier

public org.apache.hadoop.yarn.security.ContainerTokenIdentifier createIdentifier()

Used by the RPC layer.

Specified by:: createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

createContainerToken

public org.apache.hadoop.yarn.api.records.ContainerToken createContainerToken(org.apache.hadoop.yarn.api.records.ContainerId containerId,
                                                                              org.apache.hadoop.yarn.api.records.NodeId nodeId,
                                                                              String appSubmitter,
                                                                              org.apache.hadoop.yarn.api.records.Resource capability)

Helper function for creating ContainerTokens

Parameters:: containerId -; nodeId -; appSubmitter -; capability -
Returns:: the container-token