Package org.apache.hadoop.yarn.server.security

Class BaseContainerTokenSecretManager

java.lang.Object
org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>
org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager
public class BaseContainerTokenSecretManager extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>
SecretManager for ContainerTokens. Extended by both RM and NM and hence is present in yarn-server-common package.

  • Field Details

    • serialNo

      protected int serialNo

    • readWriteLock

      protected final ReadWriteLock readWriteLock

    • readLock

      protected final Lock readLock

    • writeLock

      protected final Lock writeLock

    • currentMasterKey

      protected MasterKeyData currentMasterKey
      THE masterKey. ResourceManager should persist this and recover it on restart instead of generating a new key. The NodeManagers get it from the ResourceManager and use it for validating container-tokens.

    • containerTokenExpiryInterval

      protected final long containerTokenExpiryInterval

  • Constructor Details

    • BaseContainerTokenSecretManager

      public BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)

  • Method Details

    • createNewMasterKey

      protected MasterKeyData createNewMasterKey()

    • getCurrentKey

      @Private public MasterKey getCurrentKey()

    • createPassword

      public byte[] createPassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)
      Specified by:
      createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

    • retrievePassword

      public byte[] retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
      Specified by:
      retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>
      Throws:
      org.apache.hadoop.security.token.SecretManager.InvalidToken

    • retrievePasswordInternal

      protected byte[] retrievePasswordInternal(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier, MasterKeyData masterKey) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
      Throws:
      org.apache.hadoop.security.token.SecretManager.InvalidToken

    • createIdentifier

      public org.apache.hadoop.yarn.security.ContainerTokenIdentifier createIdentifier()
      Used by the RPC layer.
      Specified by:
      createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>