public class NMContainerTokenSecretManager
extends org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager
Constructor and Description |
---|
NMContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf) |
NMContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf,
NMStateStoreService stateStore) |
Modifier and Type | Method and Description |
---|---|
boolean |
isValidStartContainerRequest(org.apache.hadoop.yarn.security.ContainerTokenIdentifier containerTokenIdentifier)
Container will be remembered based on expiration time of the container
token used for starting the container.
|
void |
recover() |
protected void |
removeAnyContainerTokenIfExpired() |
byte[] |
retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)
Override of this is to validate ContainerTokens generated by using
different
MasterKey s. |
void |
setMasterKey(org.apache.hadoop.yarn.server.api.records.MasterKey masterKeyRecord)
Used by NodeManagers to create a token-secret-manager with the key obtained
from the RM.
|
void |
setNodeId(org.apache.hadoop.yarn.api.records.NodeId nodeId) |
void |
startContainerSuccessful(org.apache.hadoop.yarn.security.ContainerTokenIdentifier tokenId)
Container start has gone through.
|
createIdentifier, createNewMasterKey, createPassword, getCurrentKey, retrievePasswordInternal
public NMContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)
public NMContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf, NMStateStoreService stateStore)
public void recover() throws IOException
IOException
@InterfaceAudience.Private public void setMasterKey(org.apache.hadoop.yarn.server.api.records.MasterKey masterKeyRecord)
masterKeyRecord
- public byte[] retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
MasterKey
s.retrievePassword
in class org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager
org.apache.hadoop.security.token.SecretManager.InvalidToken
public void startContainerSuccessful(org.apache.hadoop.yarn.security.ContainerTokenIdentifier tokenId)
protected void removeAnyContainerTokenIfExpired()
public boolean isValidStartContainerRequest(org.apache.hadoop.yarn.security.ContainerTokenIdentifier containerTokenIdentifier)
public void setNodeId(org.apache.hadoop.yarn.api.records.NodeId nodeId)
Copyright © 2008–2023 Apache Software Foundation. All rights reserved.