Package org.apache.hadoop.yarn.server.resourcemanager.security

Class NMTokenSecretManagerInRM

java.lang.Object
org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.NMTokenIdentifier>
org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager
org.apache.hadoop.yarn.server.resourcemanager.security.NMTokenSecretManagerInRM
public class NMTokenSecretManagerInRM extends org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

    org.apache.hadoop.security.token.SecretManager.InvalidToken

  • Field Summary

    Fields inherited from class org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager

    currentMasterKey, readLock, readWriteLock, serialNo, writeLock

  • Constructor Summary

    Constructors
    Constructor
    Description
    NMTokenSecretManagerInRM(org.apache.hadoop.conf.Configuration conf)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    activateNextMasterKey()
    Activate the new master-key
    void
    clearNodeSetForAttempt(org.apache.hadoop.yarn.api.records.ApplicationAttemptId attemptId)
     
    org.apache.hadoop.yarn.api.records.NMToken
    createAndGetNMToken(String applicationSubmitter, org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId, org.apache.hadoop.yarn.api.records.Container container)
     
    org.apache.hadoop.yarn.server.api.records.MasterKey
    getNextKey()
     
    boolean
    isApplicationAttemptNMTokenPresent(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId, org.apache.hadoop.yarn.api.records.NodeId nodeId)
     
    boolean
    isApplicationAttemptRegistered(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
     
    void
    registerApplicationAttempt(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
     
    void
    removeNodeKey(org.apache.hadoop.yarn.api.records.NodeId nodeId)
    This is to be called when NodeManager reconnects or goes down.
    void
    rollMasterKey()
    Creates a new master-key and sets it as the primary.
    void
    start()
     
    void
    stop()
     
    void
    unregisterApplicationAttempt(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
     

    Methods inherited from class org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager

    createIdentifier, createNewMasterKey, createNMToken, createPassword, getCurrentKey, newInstance, retrievePassword, retrivePasswordInternal

    Methods inherited from class org.apache.hadoop.security.token.SecretManager

    checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword, update, validateSecretKeyLength

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • NMTokenSecretManagerInRM

      public NMTokenSecretManagerInRM(org.apache.hadoop.conf.Configuration conf)

  • Method Details

    • rollMasterKey

      @Private public void rollMasterKey()
      Creates a new master-key and sets it as the primary.

    • getNextKey

      @Private public org.apache.hadoop.yarn.server.api.records.MasterKey getNextKey()

    • activateNextMasterKey

      @Private public void activateNextMasterKey()
      Activate the new master-key

    • clearNodeSetForAttempt

      public void clearNodeSetForAttempt(org.apache.hadoop.yarn.api.records.ApplicationAttemptId attemptId)

    • start

      public void start()

    • stop

      public void stop()

    • createAndGetNMToken

      public org.apache.hadoop.yarn.api.records.NMToken createAndGetNMToken(String applicationSubmitter, org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId, org.apache.hadoop.yarn.api.records.Container container)

    • registerApplicationAttempt

      public void registerApplicationAttempt(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)

    • isApplicationAttemptRegistered

      @Private @VisibleForTesting public boolean isApplicationAttemptRegistered(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)

    • isApplicationAttemptNMTokenPresent

      @Private @VisibleForTesting public boolean isApplicationAttemptNMTokenPresent(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId, org.apache.hadoop.yarn.api.records.NodeId nodeId)

    • unregisterApplicationAttempt

      public void unregisterApplicationAttempt(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)

    • removeNodeKey

      public void removeNodeKey(org.apache.hadoop.yarn.api.records.NodeId nodeId)
      This is to be called when NodeManager reconnects or goes down. This will remove if NMTokens if present for any running application from cache.
      Parameters:
      nodeId - Node Id.