Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package gobblin.yarn; import java.io.IOException; import java.util.Collection; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.TokenIdentifier; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.typesafe.config.Config; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Throwables; import com.google.common.eventbus.EventBus; import com.google.common.eventbus.Subscribe; import com.google.common.util.concurrent.AbstractIdleService; import gobblin.yarn.event.DelegationTokenUpdatedEvent; /** * A class for managing token renewing in the containers including the container for the * {@link GobblinApplicationMaster}. * * <p> * This class implements a simple monitor for modifications on the token file and reloads tokens * in the token file if the file has been modified and adds the tokens to the credentials of the * current login user. * </p> * * @author Yinan Li */ public class YarnContainerSecurityManager extends AbstractIdleService { private static final Logger LOGGER = LoggerFactory.getLogger(YarnContainerSecurityManager.class); private final FileSystem fs; private final Path tokenFilePath; private final EventBus eventBus; public YarnContainerSecurityManager(Config config, FileSystem fs, EventBus eventBus) { this.fs = fs; this.tokenFilePath = new Path(this.fs.getHomeDirectory(), config.getString(GobblinYarnConfigurationKeys.APPLICATION_NAME_KEY) + Path.SEPARATOR + GobblinYarnConfigurationKeys.TOKEN_FILE_NAME); this.eventBus = eventBus; } @SuppressWarnings("unused") @Subscribe public void handleTokenFileUpdatedEvent(DelegationTokenUpdatedEvent delegationTokenUpdatedEvent) { try { addDelegationTokens(readDelegationTokens(this.tokenFilePath)); } catch (IOException ioe) { throw Throwables.propagate(ioe); } } @Override protected void startUp() throws Exception { this.eventBus.register(this); } @Override protected void shutDown() throws Exception { // Nothing to do } /** * Read the {@link Token}s stored in the token file. */ @VisibleForTesting Collection<Token<? extends TokenIdentifier>> readDelegationTokens(Path tokenFilePath) throws IOException { LOGGER.info("Reading updated token from token file: " + tokenFilePath); return YarnHelixUtils.readTokensFromFile(tokenFilePath, this.fs.getConf()); } @VisibleForTesting void addDelegationTokens(Collection<Token<? extends TokenIdentifier>> tokens) throws IOException { for (Token<? extends TokenIdentifier> token : tokens) { if (!UserGroupInformation.getCurrentUser().addToken(token)) { LOGGER.error(String.format("Failed to add token %s to user %s", token.toString(), UserGroupInformation.getLoginUser().getShortUserName())); } } } }