svn commit: r1508570 - in /hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project: ./ hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/

[shv]

Author: shv
Date: Tue Jul 30 18:19:19 2013
New Revision: 1508570

URL: http://svn.apache.org/r1508570
Log:
YARN-854. Fixing YARN bugs that are failing applications in secure environment. 
Contributed by Omkar Vinit Joshi and shv.

Modified:
    hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/CHANGES.txt
    
hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ContainerLocalizer.java
    
hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java

Modified: 
hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/CHANGES.txt
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/CHANGES.txt?rev=1508570&r1=1508569&r2=1508570&view=diff
==============================================================================
--- hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/CHANGES.txt 
(original)
+++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/CHANGES.txt 
Tue Jul 30 18:19:19 2013
@@ -12,6 +12,9 @@ Release 2.0.6-alpha - UNRELEASED
 
   BUG FIXES
 
+    YARN-854. Fixing YARN bugs that are failing applications in secure
+    environment. (Omkar Vinit Joshi and shv)
+
 Release 2.0.5-alpha - 06/06/2013
 
   INCOMPATIBLE CHANGES

Modified: 
hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ContainerLocalizer.java
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ContainerLocalizer.java?rev=1508570&r1=1508569&r2=1508570&view=diff
==============================================================================
--- 
hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ContainerLocalizer.java
 (original)
+++ 
hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ContainerLocalizer.java
 Tue Jul 30 18:19:19 2013
@@ -64,7 +64,6 @@ import org.apache.hadoop.yarn.server.nod
 import 
org.apache.hadoop.yarn.server.nodemanager.api.protocolrecords.LocalizerStatus;
 import 
org.apache.hadoop.yarn.server.nodemanager.api.protocolrecords.ResourceStatusType;
 import 
org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.security.LocalizerTokenIdentifier;
-import 
org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.security.LocalizerTokenSecretManager;
 import org.apache.hadoop.yarn.util.ConverterUtils;
 import org.apache.hadoop.yarn.util.FSDownload;
 
@@ -144,12 +143,7 @@ public class ContainerLocalizer {
     // create localizer context
     UserGroupInformation remoteUser =
       UserGroupInformation.createRemoteUser(user);
-    LocalizerTokenSecretManager secretManager =
-      new LocalizerTokenSecretManager();
-    LocalizerTokenIdentifier id = secretManager.createIdentifier();
-    Token<LocalizerTokenIdentifier> localizerToken =
-      new Token<LocalizerTokenIdentifier>(id, secretManager);
-    remoteUser.addToken(localizerToken);
+    remoteUser.addToken(creds.getToken(LocalizerTokenIdentifier.KIND));
     final LocalizationProtocol nodeManager =
         remoteUser.doAs(new PrivilegedAction<LocalizationProtocol>() {
           @Override

Modified: 
hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java?rev=1508570&r1=1508569&r2=1508570&view=diff
==============================================================================
--- 
hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java
 (original)
+++ 
hadoop/common/branches/branch-2.0.6-alpha/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/localizer/ResourceLocalizationService.java
 Tue Jul 30 18:19:19 2013
@@ -99,6 +99,7 @@ import org.apache.hadoop.yarn.server.nod
 import 
org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.event.ResourceLocalizedEvent;
 import 
org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.event.ResourceReleaseEvent;
 import 
org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.event.ResourceRequestEvent;
+import 
org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.security.LocalizerTokenIdentifier;
 import 
org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.security.LocalizerTokenSecretManager;
 import 
org.apache.hadoop.yarn.server.nodemanager.security.authorize.NMPolicyProvider;
 import org.apache.hadoop.yarn.service.AbstractService;
@@ -126,6 +127,7 @@ public class ResourceLocalizationService
   private LocalizerTracker localizerTracker;
   private RecordFactory recordFactory;
   private final ScheduledExecutorService cacheCleanup;
+  private LocalizerTokenSecretManager secretManager;
 
   private final LocalResourcesTracker publicRsrc;
 
@@ -238,7 +240,6 @@ public class ResourceLocalizationService
   Server createServer() {
     Configuration conf = getConfig();
     YarnRPC rpc = YarnRPC.create(conf);
-    LocalizerTokenSecretManager secretManager = null;
     if (UserGroupInformation.isSecurityEnabled()) {
       secretManager = new LocalizerTokenSecretManager();
     }
@@ -898,6 +899,12 @@ public class ResourceLocalizationService
             LOG.debug(tk.getService() + " : " + tk.encodeToUrlString());
           }
         }
+        if (UserGroupInformation.isSecurityEnabled()) {
+          LocalizerTokenIdentifier id = secretManager.createIdentifier();
+          Token<LocalizerTokenIdentifier> localizerToken =
+              new Token<LocalizerTokenIdentifier>(id, secretManager);
+          credentials.addToken(id.getKind(), localizerToken);
+        }
         credentials.writeTokenStorageToStream(tokenOut);
       } finally {
         if (tokenOut != null) {