org.apache.hadoop.yarn.server.security
Class BaseContainerTokenSecretManager

java.lang.Object
  org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>
      org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager

public class BaseContainerTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

SecretManager for ContainerTokens. Extended by both RM and NM and hence is present in yarn-server-common package.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

org.apache.hadoop.security.token.SecretManager.InvalidToken

Field Summary

protected long	containerTokenExpiryInterval
protected MasterKeyData	currentMasterKey THE masterKey.
protected Lock	readLock
protected ReadWriteLock	readWriteLock
protected int	serialNo
protected Lock	writeLock

Constructor Summary

BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)

Method Summary

org.apache.hadoop.yarn.security.ContainerTokenIdentifier	createIdentifier() Used by the RPC layer.
protected MasterKeyData	createNewMasterKey()
byte[]	createPassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)
MasterKey	getCurrentKey()
byte[]	retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)
protected byte[]	retrievePasswordInternal(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier, MasterKeyData masterKey)

Methods inherited from class org.apache.hadoop.security.token.SecretManager

checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

serialNo

protected int serialNo

readWriteLock

protected final ReadWriteLock readWriteLock

readLock

protected final Lock readLock

writeLock

protected final Lock writeLock

currentMasterKey

protected MasterKeyData currentMasterKey

THE masterKey. ResourceManager should persist this and recover it on restart instead of generating a new key. The NodeManagers get it from the ResourceManager and use it for validating container-tokens.

containerTokenExpiryInterval

protected final long containerTokenExpiryInterval

Constructor Detail

BaseContainerTokenSecretManager

public BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)

Method Detail

createNewMasterKey

protected MasterKeyData createNewMasterKey()

getCurrentKey

@InterfaceAudience.Private
public MasterKey getCurrentKey()

createPassword

public byte[] createPassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)

Specified by:

createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

retrievePassword

public byte[] retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Specified by:

retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

retrievePasswordInternal

protected byte[] retrievePasswordInternal(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier,
                                          MasterKeyData masterKey)
                                   throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

createIdentifier

public org.apache.hadoop.yarn.security.ContainerTokenIdentifier createIdentifier()

Used by the RPC layer.

Specified by:

createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>