List of usage examples for org.apache.hadoop.security Credentials numberOfSecretKeys
public int numberOfSecretKeys()
From source file:org.apache.falcon.catalog.HiveCatalogService.java
License:Apache License
private static Credentials getCredentials(Configuration conf) throws IOException { final String tokenFile = System.getenv("HADOOP_TOKEN_FILE_LOCATION"); if (tokenFile == null) { return null; }/* w w w . j a v a 2s . c o m*/ try { LOG.info("Adding credentials/delegation tokens from token file={} to conf", tokenFile); Credentials credentials = Credentials.readTokenStorageFile(new File(tokenFile), conf); LOG.info("credentials numberOfTokens={}, numberOfSecretKeys={}", credentials.numberOfTokens(), credentials.numberOfSecretKeys()); return credentials; } catch (IOException e) { LOG.warn("error while fetching credentials from {}", tokenFile); } return null; }
From source file:org.apache.tez.dag.app.rm.container.AMContainerHelpers.java
License:Apache License
/** * Create the common {@link ContainerLaunchContext} for all attempts. * * @param applicationACLs/* www . j a va2 s.c o m*/ */ private static ContainerLaunchContext createCommonContainerLaunchContext( Map<ApplicationAccessType, String> applicationACLs, Credentials credentials, Map<String, LocalResource> localResources) { // Application environment Map<String, String> environment = new HashMap<String, String>(); // Service data Map<String, ByteBuffer> serviceData = new HashMap<String, ByteBuffer>(); // Tokens // Setup up task credentials buffer ByteBuffer containerCredentialsBuffer = ByteBuffer.wrap(new byte[] {}); try { Credentials containerCredentials = new Credentials(); // All Credentials need to be set so that YARN can localize the resources // correctly, even though they may not be used by all tasks which will run // on this container. LOG.info("Adding #" + credentials.numberOfTokens() + " tokens and #" + credentials.numberOfSecretKeys() + " secret keys for NM use for launching container"); containerCredentials.addAll(credentials); DataOutputBuffer containerTokens_dob = new DataOutputBuffer(); containerCredentials.writeTokenStorageToStream(containerTokens_dob); containerCredentialsBuffer = ByteBuffer.wrap(containerTokens_dob.getData(), 0, containerTokens_dob.getLength()); // Add shuffle token LOG.info("Putting shuffle token in serviceData"); serviceData.put(TezConstants.TEZ_SHUFFLE_HANDLER_SERVICE_ID, serializeServiceData(TokenCache.getSessionToken(containerCredentials))); } catch (IOException e) { throw new TezUncheckedException(e); } // Construct the actual Container // The null fields are per-container and will be constructed for each // container separately. ContainerLaunchContext container = ContainerLaunchContext.newInstance(localResources, environment, null, serviceData, containerCredentialsBuffer, applicationACLs); return container; }
From source file:org.apache.tez.engine.common.security.TokenCache.java
License:Apache License
/** * load job token from a file/*from w w w. ja va2s . c om*/ * @param conf * @throws IOException */ @InterfaceAudience.Private public static Credentials loadTokens(String jobTokenFile, Configuration conf) throws IOException { Path localJobTokenFile = new Path("file:///" + jobTokenFile); Credentials ts = Credentials.readTokenStorageFile(localJobTokenFile, conf); if (LOG.isDebugEnabled()) { LOG.debug("Task: Loaded jobTokenFile from: " + localJobTokenFile.toUri().getPath() + "; num of sec keys = " + ts.numberOfSecretKeys() + " Number of tokens " + ts.numberOfTokens()); } return ts; }
From source file:org.apache.tez.runtime.task.TezChild.java
License:Apache License
/** * Setup/*from w w w . j av a 2 s . co m*/ * * @param containerTask * the new task specification. Must be a valid task * @param childUGI * the old UGI instance being used * @return childUGI */ UserGroupInformation handleNewTaskCredentials(ContainerTask containerTask, UserGroupInformation childUGI) { // Re-use the UGI only if the Credentials have not changed. Preconditions.checkState(!containerTask.shouldDie()); Preconditions.checkState(containerTask.getTaskSpec() != null); if (containerTask.haveCredentialsChanged()) { LOG.info("Refreshing UGI since Credentials have changed"); Credentials taskCreds = containerTask.getCredentials(); if (taskCreds != null) { LOG.info("Credentials : #Tokens=" + taskCreds.numberOfTokens() + ", #SecretKeys=" + taskCreds.numberOfSecretKeys()); childUGI = UserGroupInformation.createRemoteUser(user); childUGI.addCredentials(containerTask.getCredentials()); } else { LOG.info("Not loading any credentials, since no credentials provided"); } } return childUGI; }