package org.apache.hadoop.yarn.server.nodemanager;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.AbstractFileSystem;
import org.apache.hadoop.fs.CreateFlag;
import org.apache.hadoop.fs.FileContext;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.fs.Options;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.local.LocalFs;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.ContainerId;
import org.apache.hadoop.yarn.api.records.ContainerLaunchContext;
import org.apache.hadoop.yarn.api.records.Resource;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.ConfigurationException;
import org.apache.hadoop.yarn.server.nodemanager.ContainerExecutor;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.launcher.ContainerLaunch;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ContainerLocalizer;
import org.apache.hadoop.yarn.server.nodemanager.executor.ContainerReacquisitionContext;
import org.apache.hadoop.yarn.server.nodemanager.executor.ContainerSignalContext;
import org.apache.hadoop.yarn.server.nodemanager.executor.ContainerStartContext;
import org.apache.hadoop.yarn.server.nodemanager.executor.DeletionAsUserContext;
import org.apache.hadoop.yarn.server.nodemanager.executor.LocalizerStartContext;
import org.apache.hadoop.yarn.server.nodemanager.util.LCEResourcesHandler;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/nodemanager/TestLinuxContainerExecutor.class */
public class TestLinuxContainerExecutor {
    private static final Logger LOG = LoggerFactory.getLogger(TestLinuxContainerExecutor.class);
    private static File workSpace;
    private LocalDirsHandlerService dirsHandler;
    private Configuration conf;
    private FileContext files;
    private LinuxContainerExecutor exec = null;
    private String appSubmitter = null;
    private int id = 0;

    /* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/nodemanager/TestLinuxContainerExecutor$TestResourceHandler.class */
    private static class TestResourceHandler implements LCEResourcesHandler {
        static Set<ContainerId> postExecContainers = new HashSet();

        private TestResourceHandler() {
        }

        public void setConf(Configuration configuration) {
        }

        public Configuration getConf() {
            return null;
        }

        @Override // org.apache.hadoop.yarn.server.nodemanager.util.LCEResourcesHandler
        public void init(LinuxContainerExecutor linuxContainerExecutor) throws IOException {
        }

        @Override // org.apache.hadoop.yarn.server.nodemanager.util.LCEResourcesHandler
        public void preExecute(ContainerId containerId, Resource resource) throws IOException {
        }

        @Override // org.apache.hadoop.yarn.server.nodemanager.util.LCEResourcesHandler
        public void postExecute(ContainerId containerId) {
            postExecContainers.add(containerId);
        }

        @Override // org.apache.hadoop.yarn.server.nodemanager.util.LCEResourcesHandler
        public String getResourcesOption(ContainerId containerId) {
            return null;
        }
    }

    @Before
    public void setup() throws Exception {
        this.files = FileContext.getLocalFSFileContext();
        this.files.mkdir(new Path(workSpace.getAbsolutePath()), (FsPermission) null, true);
        FileUtil.chmod(workSpace.getAbsolutePath(), "777");
        File file = new File(workSpace.getAbsoluteFile(), "localDir");
        this.files.mkdir(new Path(file.getAbsolutePath()), new FsPermission("777"), false);
        File file2 = new File(workSpace.getAbsoluteFile(), "logDir");
        this.files.mkdir(new Path(file2.getAbsolutePath()), new FsPermission("777"), false);
        String property = System.getProperty("container-executor.path");
        if (property == null || property.isEmpty()) {
            return;
        }
        this.conf = new Configuration(false);
        this.conf.setClass("fs.AbstractFileSystem.file.impl", LocalFs.class, AbstractFileSystem.class);
        this.appSubmitter = System.getProperty("application.submitter");
        if (this.appSubmitter == null || this.appSubmitter.isEmpty()) {
            this.appSubmitter = "nobody";
        }
        this.conf.set("yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user", this.appSubmitter);
        LOG.info("Setting yarn.nodemanager.linux-container-executor.path=" + property);
        this.conf.set("yarn.nodemanager.linux-container-executor.path", property);
        this.exec = new LinuxContainerExecutor();
        this.exec.setConf(this.conf);
        this.conf.set("yarn.nodemanager.local-dirs", file.getAbsolutePath());
        this.conf.set("yarn.nodemanager.log-dirs", file2.getAbsolutePath());
        this.dirsHandler = new LocalDirsHandlerService();
        this.dirsHandler.init(this.conf);
        for (String str : this.dirsHandler.getLocalDirs()) {
            this.files.mkdir(new Path(str, ContainerLocalizer.USERCACHE), new FsPermission("777"), false);
            this.files.mkdir(new Path(str, ContainerLocalizer.FILECACHE), new FsPermission("777"), false);
        }
    }

    @After
    public void tearDown() throws Exception {
        FileContext.getLocalFSFileContext().delete(new Path(workSpace.getAbsolutePath()), true);
    }

    private void cleanupUserAppCache(String str) throws Exception {
        Iterator<String> it = this.dirsHandler.getLocalDirs().iterator();
        while (it.hasNext()) {
            Path path = new Path(it.next(), ContainerLocalizer.USERCACHE);
            this.exec.deleteAsUser(new DeletionAsUserContext.Builder().setUser(str).setSubDir(new Path(new Path(path, str), ContainerLocalizer.APPCACHE)).build());
            FileContext.getLocalFSFileContext().delete(path, true);
        }
    }

    private void cleanupUserFileCache(String str) {
        Iterator<String> it = this.dirsHandler.getLocalDirs().iterator();
        while (it.hasNext()) {
            this.exec.deleteAsUser(new DeletionAsUserContext.Builder().setUser(str).setSubDir(new Path(new Path(it.next(), ContainerLocalizer.FILECACHE), str)).build());
        }
    }

    private void cleanupLogDirs(String str) {
        Iterator<String> it = this.dirsHandler.getLogDirs().iterator();
        while (it.hasNext()) {
            this.exec.deleteAsUser(new DeletionAsUserContext.Builder().setUser(str).setSubDir(new Path(new Path(it.next(), "APP_" + this.id), "CONTAINER_" + (this.id - 1))).build());
        }
    }

    private void cleanupAppFiles(String str) throws Exception {
        cleanupUserAppCache(str);
        cleanupUserFileCache(str);
        cleanupLogDirs(str);
        String[] strArr = {"launch_container.sh", ContainerLaunch.FINAL_CONTAINER_TOKENS_FILE, "touch-file"};
        Path path = new Path(workSpace.toURI());
        for (String str2 : strArr) {
            if (new File(workSpace, str2).exists()) {
                this.exec.deleteAsUser(new DeletionAsUserContext.Builder().setUser(str).setSubDir(new Path(str2)).setBasedirs(path).build());
            }
        }
    }

    private boolean shouldRun() {
        if (this.exec != null) {
            return true;
        }
        LOG.warn("Not running test because container-executor.path is not set");
        return false;
    }

    private String writeScriptFile(String... strArr) throws IOException {
        File createTempFile = File.createTempFile("TestLinuxContainerExecutor", ".sh");
        createTempFile.deleteOnExit();
        PrintWriter printWriter = new PrintWriter(new FileOutputStream(createTempFile));
        printWriter.println("#!/bin/sh");
        printWriter.print("exec");
        for (String str : strArr) {
            printWriter.print(" '");
            printWriter.print(str.replace("\\", "\\\\").replace("'", "\\'"));
            printWriter.print("'");
        }
        printWriter.println();
        printWriter.close();
        return createTempFile.getAbsolutePath();
    }

    private synchronized int getNextId() {
        this.id++;
        return this.id;
    }

    private ContainerId getNextContainerId() {
        ContainerId containerId = (ContainerId) Mockito.mock(ContainerId.class);
        Mockito.when(containerId.toString()).thenReturn("CONTAINER_" + getNextId());
        return containerId;
    }

    private int runAndBlock(String... strArr) throws IOException, ConfigurationException {
        return runAndBlock(getNextContainerId(), strArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int runAndBlock(ContainerId containerId, String... strArr) throws IOException, ConfigurationException {
        String str = "APP_" + getNextId();
        Container container = (Container) Mockito.mock(Container.class);
        ContainerLaunchContext containerLaunchContext = (ContainerLaunchContext) Mockito.mock(ContainerLaunchContext.class);
        HashMap hashMap = new HashMap();
        Mockito.when(container.getContainerId()).thenReturn(containerId);
        Mockito.when(container.getLaunchContext()).thenReturn(containerLaunchContext);
        Mockito.when(containerLaunchContext.getEnvironment()).thenReturn(hashMap);
        Path path = new Path(writeScriptFile(strArr));
        Path path2 = new Path("/dev/null");
        Path path3 = new Path(workSpace.getAbsolutePath());
        this.exec.activateContainer(containerId, new Path(path3, "pid.txt"));
        return this.exec.launchContainer(new ContainerStartContext.Builder().setContainer(container).setNmPrivateContainerScriptPath(path).setNmPrivateTokensPath(path2).setUser(this.appSubmitter).setAppId(str).setContainerWorkDir(path3).setLocalDirs(this.dirsHandler.getLocalDirs()).setLogDirs(this.dirsHandler.getLogDirs()).build());
    }

    @Test
    public void testContainerLocalizer() throws Exception {
        Assume.assumeTrue(shouldRun());
        Path localPathForWrite = this.dirsHandler.getLocalPathForWrite("nmPrivate/" + String.format(ContainerLocalizer.TOKEN_FILE_NAME_FMT, "container_01_01"));
        this.files.create(localPathForWrite, EnumSet.of(CreateFlag.CREATE, CreateFlag.OVERWRITE), new Options.CreateOpts[0]);
        InetSocketAddress socketAddr = new YarnConfiguration(this.conf).getSocketAddr("yarn.nodemanager.bind-host", "yarn.nodemanager.localizer.address", "0.0.0.0:8040", 8040);
        this.exec = new LinuxContainerExecutor() { // from class: org.apache.hadoop.yarn.server.nodemanager.TestLinuxContainerExecutor.1
            @Override // org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor
            public void buildMainArgs(List<String> list, String str, String str2, String str3, InetSocketAddress inetSocketAddress, List<String> list2) {
                MockContainerLocalizer.buildMainArgs(list, str, str2, str3, inetSocketAddress, list2);
            }
        };
        this.exec.setConf(this.conf);
        this.exec.startLocalizer(new LocalizerStartContext.Builder().setNmPrivateContainerTokens(localPathForWrite).setNmAddr(socketAddr).setUser(this.appSubmitter).setAppId("application_01_01").setLocId("container_01_01").setDirsHandler(this.dirsHandler).build());
        Path localPathForWrite2 = this.dirsHandler.getLocalPathForWrite("nmPrivate/" + String.format(ContainerLocalizer.TOKEN_FILE_NAME_FMT, "container_01_02"));
        this.files.create(localPathForWrite2, EnumSet.of(CreateFlag.CREATE, CreateFlag.OVERWRITE), new Options.CreateOpts[0]);
        this.exec.startLocalizer(new LocalizerStartContext.Builder().setNmPrivateContainerTokens(localPathForWrite2).setNmAddr(socketAddr).setUser(this.appSubmitter).setAppId("application_01_01").setLocId("container_01_02").setDirsHandler(this.dirsHandler).build());
        cleanupUserAppCache(this.appSubmitter);
    }

    @Test
    public void testContainerLaunch() throws Exception {
        Assume.assumeTrue(shouldRun());
        String str = this.conf.get("yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user", "nobody");
        File file = new File(workSpace, "touch-file");
        Assert.assertEquals(0L, runAndBlock("touch", file.getAbsolutePath()));
        Assert.assertEquals(str, FileContext.getLocalFSFileContext().getFileStatus(new Path(file.getAbsolutePath())).getOwner());
        cleanupAppFiles(str);
    }

    @Test
    public void testNonSecureRunAsSubmitter() throws Exception {
        Assume.assumeTrue(shouldRun());
        Assume.assumeFalse(UserGroupInformation.isSecurityEnabled());
        String str = this.appSubmitter;
        this.conf.set("yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users", SchemaSymbols.ATTVAL_FALSE);
        this.exec.setConf(this.conf);
        File file = new File(workSpace, "touch-file");
        Assert.assertEquals(0L, runAndBlock("touch", file.getAbsolutePath()));
        Assert.assertEquals(str, FileContext.getLocalFSFileContext().getFileStatus(new Path(file.getAbsolutePath())).getOwner());
        cleanupAppFiles(str);
        this.conf.unset("yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users");
        this.exec.setConf(this.conf);
    }

    @Test
    public void testContainerKill() throws Exception {
        String processId;
        Assume.assumeTrue(shouldRun());
        final ContainerId nextContainerId = getNextContainerId();
        Thread thread = new Thread() { // from class: org.apache.hadoop.yarn.server.nodemanager.TestLinuxContainerExecutor.2
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                try {
                    TestLinuxContainerExecutor.this.runAndBlock(nextContainerId, "sleep", "100");
                } catch (IOException | ConfigurationException e) {
                    TestLinuxContainerExecutor.LOG.warn("Caught exception while running sleep", e);
                }
            }
        };
        thread.setDaemon(true);
        thread.start();
        Assert.assertTrue(thread.isAlive());
        int i = 10;
        while (true) {
            processId = this.exec.getProcessId(nextContainerId);
            if (processId != null || i <= 0) {
                break;
            }
            LOG.info("Sleeping for 200 ms before checking for pid ");
            Thread.sleep(200L);
            i--;
        }
        Assert.assertNotNull(processId);
        LOG.info("Going to killing the process.");
        this.exec.signalContainer(new ContainerSignalContext.Builder().setUser(this.appSubmitter).setPid(processId).setSignal(ContainerExecutor.Signal.TERM).build());
        LOG.info("sleeping for 100ms to let the sleep be killed");
        Thread.sleep(100L);
        Assert.assertFalse(thread.isAlive());
        cleanupAppFiles(this.appSubmitter);
    }

    @Test
    public void testCGroups() throws Exception {
        Assume.assumeTrue(shouldRun());
        String property = System.getProperty("cgroups.mount");
        Assume.assumeTrue((property == null || property.isEmpty()) ? false : true);
        Assert.assertTrue("Cgroups mount point does not exist", new File(property).exists());
        ArrayList arrayList = new ArrayList();
        String[] strArr = {"cpu", "net_cls"};
        for (String str : strArr) {
            arrayList.add(str + "=" + property + "/" + str);
            Assert.assertTrue(new File(property, str).exists());
        }
        try {
            this.exec.mountCgroups(arrayList, "hadoop-yarn");
            for (String str2 : strArr) {
                Assert.assertTrue(str2 + " cgroup not mounted", new File(property + "/" + str2 + "/tasks").exists());
                Assert.assertTrue(str2 + " cgroup hierarchy not created", new File(property + "/" + str2 + "/hadoop-yarn").exists());
                Assert.assertTrue(str2 + " cgroup hierarchy created incorrectly", new File(property + "/" + str2 + "/hadoop-yarn/tasks").exists());
            }
        } catch (IOException e) {
            Assert.fail("Couldn't mount cgroups " + e.toString());
            throw e;
        }
    }

    @Test
    public void testLocalUser() throws Exception {
        Assume.assumeTrue(shouldRun());
        try {
            Configuration yarnConfiguration = new YarnConfiguration();
            yarnConfiguration.set("hadoop.security.authentication", "simple");
            UserGroupInformation.setConfiguration(yarnConfiguration);
            LinuxContainerExecutor linuxContainerExecutor = new LinuxContainerExecutor();
            linuxContainerExecutor.setConf(yarnConfiguration);
            Assert.assertEquals("nobody", linuxContainerExecutor.getRunAsUser("foo"));
            yarnConfiguration.set("yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user", "bar");
            LinuxContainerExecutor linuxContainerExecutor2 = new LinuxContainerExecutor();
            linuxContainerExecutor2.setConf(yarnConfiguration);
            Assert.assertEquals("bar", linuxContainerExecutor2.getRunAsUser("foo"));
            yarnConfiguration.set("yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user", "bar");
            yarnConfiguration.set("yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users", SchemaSymbols.ATTVAL_FALSE);
            LinuxContainerExecutor linuxContainerExecutor3 = new LinuxContainerExecutor();
            linuxContainerExecutor3.setConf(yarnConfiguration);
            Assert.assertEquals("foo", linuxContainerExecutor3.getRunAsUser("foo"));
            Configuration yarnConfiguration2 = new YarnConfiguration();
            yarnConfiguration2.set("hadoop.security.authentication", "kerberos");
            UserGroupInformation.setConfiguration(yarnConfiguration2);
            LinuxContainerExecutor linuxContainerExecutor4 = new LinuxContainerExecutor();
            linuxContainerExecutor4.setConf(yarnConfiguration2);
            Assert.assertEquals("foo", linuxContainerExecutor4.getRunAsUser("foo"));
            YarnConfiguration yarnConfiguration3 = new YarnConfiguration();
            yarnConfiguration3.set("hadoop.security.authentication", "simple");
            UserGroupInformation.setConfiguration(yarnConfiguration3);
        } catch (Throwable th) {
            YarnConfiguration yarnConfiguration4 = new YarnConfiguration();
            yarnConfiguration4.set("hadoop.security.authentication", "simple");
            UserGroupInformation.setConfiguration(yarnConfiguration4);
            throw th;
        }
    }

    @Test
    public void testNonsecureUsernamePattern() throws Exception {
        Assume.assumeTrue(shouldRun());
        try {
            Configuration yarnConfiguration = new YarnConfiguration();
            yarnConfiguration.set("hadoop.security.authentication", "simple");
            UserGroupInformation.setConfiguration(yarnConfiguration);
            LinuxContainerExecutor linuxContainerExecutor = new LinuxContainerExecutor();
            linuxContainerExecutor.setConf(yarnConfiguration);
            linuxContainerExecutor.verifyUsernamePattern("foo");
            try {
                linuxContainerExecutor.verifyUsernamePattern("foo/x");
                Assert.fail();
            } catch (IllegalArgumentException e) {
            } catch (Throwable th) {
                Assert.fail(th.toString());
            }
            yarnConfiguration.set("yarn.nodemanager.linux-container-executor.nonsecure-mode.user-pattern", "foo");
            LinuxContainerExecutor linuxContainerExecutor2 = new LinuxContainerExecutor();
            linuxContainerExecutor2.setConf(yarnConfiguration);
            linuxContainerExecutor2.verifyUsernamePattern("foo");
            try {
                linuxContainerExecutor2.verifyUsernamePattern("bar");
                Assert.fail();
            } catch (IllegalArgumentException e2) {
            } catch (Throwable th2) {
                Assert.fail(th2.toString());
            }
            Configuration yarnConfiguration2 = new YarnConfiguration();
            yarnConfiguration2.set("hadoop.security.authentication", "kerberos");
            UserGroupInformation.setConfiguration(yarnConfiguration2);
            LinuxContainerExecutor linuxContainerExecutor3 = new LinuxContainerExecutor();
            linuxContainerExecutor3.setConf(yarnConfiguration2);
            linuxContainerExecutor3.verifyUsernamePattern("foo");
            linuxContainerExecutor3.verifyUsernamePattern("foo/w");
            YarnConfiguration yarnConfiguration3 = new YarnConfiguration();
            yarnConfiguration3.set("hadoop.security.authentication", "simple");
            UserGroupInformation.setConfiguration(yarnConfiguration3);
        } catch (Throwable th3) {
            YarnConfiguration yarnConfiguration4 = new YarnConfiguration();
            yarnConfiguration4.set("hadoop.security.authentication", "simple");
            UserGroupInformation.setConfiguration(yarnConfiguration4);
            throw th3;
        }
    }

    @Test(timeout = 10000)
    public void testPostExecuteAfterReacquisition() throws Exception {
        Assume.assumeTrue(shouldRun());
        ContainerId newContainerId = ContainerId.newContainerId(ApplicationAttemptId.newInstance(ApplicationId.newInstance(12345L, 67890), 54321), 9876L);
        Configuration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.setClass("yarn.nodemanager.linux-container-executor.resources-handler.class", TestResourceHandler.class, LCEResourcesHandler.class);
        LinuxContainerExecutor linuxContainerExecutor = new LinuxContainerExecutor();
        linuxContainerExecutor.setConf(yarnConfiguration);
        try {
            linuxContainerExecutor.init();
        } catch (IOException e) {
        }
        Container container = (Container) Mockito.mock(Container.class);
        ContainerLaunchContext containerLaunchContext = (ContainerLaunchContext) Mockito.mock(ContainerLaunchContext.class);
        HashMap hashMap = new HashMap();
        Mockito.when(container.getLaunchContext()).thenReturn(containerLaunchContext);
        Mockito.when(containerLaunchContext.getEnvironment()).thenReturn(hashMap);
        linuxContainerExecutor.reacquireContainer(new ContainerReacquisitionContext.Builder().setContainer(container).setUser("foouser").setContainerId(newContainerId).build());
        Assert.assertTrue("postExec not called after reacquisition", TestResourceHandler.postExecContainers.contains(newContainerId));
    }

    static {
        String property = System.getProperty("workspace.dir");
        if (property == null || property.isEmpty()) {
            property = "target";
        }
        workSpace = new File(property, TestLinuxContainerExecutor.class.getName() + "-workSpace");
    }
}
