package org.apache.hadoop.yarn.service;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.ByteBuffer;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.Options;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.service.CompositeService;
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.util.ExitUtil;
import org.apache.hadoop.util.GenericOptionsParser;
import org.apache.hadoop.util.ShutdownHookManager;
import org.apache.hadoop.yarn.YarnUncaughtExceptionHandler;
import org.apache.hadoop.yarn.api.ApplicationConstants;
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
import org.apache.hadoop.yarn.api.records.ContainerId;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.YarnException;
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
import org.apache.hadoop.yarn.security.client.ClientToAMTokenSecretManager;
import org.apache.hadoop.yarn.service.api.records.Component;
import org.apache.hadoop.yarn.service.api.records.ComponentState;
import org.apache.hadoop.yarn.service.api.records.ServiceState;
import org.apache.hadoop.yarn.service.conf.YarnServiceConstants;
import org.apache.hadoop.yarn.service.exceptions.BadClusterStateException;
import org.apache.hadoop.yarn.service.monitor.ServiceMonitor;
import org.apache.hadoop.yarn.service.utils.ServiceApiUtil;
import org.apache.hadoop.yarn.service.utils.ServiceUtils;
import org.apache.hadoop.yarn.service.utils.SliderFileSystem;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-yarn-services-core-3.3.5.102-eep-920.jar:org/apache/hadoop/yarn/service/ServiceMaster.class */
public class ServiceMaster extends CompositeService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ServiceMaster.class);
    public static final String YARNFILE_OPTION = "yarnfile";
    public static final String SERVICE_NAME_OPTION = "service_name";
    public static final String KEYTAB_OPTION = "keytab";
    public static final String PRINCIPAL_NAME_OPTION = "principal_name";
    private String serviceDefPath;
    private String serviceName;
    private String serviceKeytab;
    private String servicePrincipalName;
    protected ServiceContext context;

    public ServiceMaster(String str) {
        super(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.service.CompositeService, org.apache.hadoop.service.AbstractService
    public void serviceInit(Configuration configuration) throws Exception {
        printSystemEnv();
        this.context = new ServiceContext();
        Path appDir = getAppDir();
        this.context.serviceHdfsDir = appDir.toString();
        this.context.tokens = recordTokensForContainers();
        Credentials credentials = null;
        if (UserGroupInformation.isSecurityEnabled()) {
            credentials = UserGroupInformation.getCurrentUser().getCredentials();
            doSecureLogin();
        }
        SliderFileSystem sliderFileSystem = new SliderFileSystem(configuration);
        sliderFileSystem.setAppDir(appDir);
        this.context.fs = sliderFileSystem;
        loadApplicationJson(this.context, sliderFileSystem);
        if (UserGroupInformation.isSecurityEnabled()) {
            if (credentials != null) {
                UserGroupInformation.getCurrentUser().addCredentials(credentials);
            }
            removeHdfsDelegationToken(UserGroupInformation.getLoginUser());
        }
        for (Map.Entry<String, String> entry : this.context.service.getConfiguration().getProperties().entrySet()) {
            configuration.set(entry.getKey(), entry.getValue());
        }
        ApplicationAttemptId applicationAttemptId = getAMContainerId().getApplicationAttemptId();
        LOG.info("Service AppAttemptId: " + applicationAttemptId);
        this.context.attemptId = applicationAttemptId;
        configuration.setLong(YarnConfiguration.RESOURCEMANAGER_CONNECT_MAX_WAIT_MS, -1L);
        configuration.unset(YarnConfiguration.CLIENT_FAILOVER_MAX_ATTEMPTS);
        DefaultMetricsSystem.initialize("ServiceAppMaster");
        this.context.secretManager = new ClientToAMTokenSecretManager(applicationAttemptId, null);
        ClientAMService createClientAMService = createClientAMService();
        this.context.clientAMService = createClientAMService;
        addService(createClientAMService);
        ServiceScheduler createServiceScheduler = createServiceScheduler(this.context);
        addService(createServiceScheduler);
        this.context.scheduler = createServiceScheduler;
        addService(new ServiceMonitor("Service Monitor", this.context));
        super.serviceInit(configuration);
    }

    @VisibleForTesting
    protected ClientAMService createClientAMService() {
        return new ClientAMService(this.context);
    }

    @VisibleForTesting
    protected ByteBuffer recordTokensForContainers() throws IOException {
        Credentials credentials = new Credentials(UserGroupInformation.getCurrentUser().getCredentials());
        Iterator<Token<? extends TokenIdentifier>> it = credentials.getAllTokens().iterator();
        while (it.hasNext()) {
            Token<? extends TokenIdentifier> next = it.next();
            LOG.info(next.toString());
            if (next.getKind().equals(AMRMTokenIdentifier.KIND_NAME)) {
                it.remove();
            }
        }
        DataOutputBuffer dataOutputBuffer = new DataOutputBuffer();
        try {
            credentials.writeTokenStorageToStream(dataOutputBuffer);
            dataOutputBuffer.close();
            return ByteBuffer.wrap(dataOutputBuffer.getData(), 0, dataOutputBuffer.getLength());
        } catch (Throwable th) {
            dataOutputBuffer.close();
            throw th;
        }
    }

    private void doSecureLogin() throws IOException, URISyntaxException {
        File file = new File(String.format(YarnServiceConstants.KEYTAB_LOCATION, getServiceName()));
        if (!file.exists()) {
            LOG.info("No keytab localized at " + file);
            String keytab = this.context.service == null ? this.serviceKeytab : this.context.service.getKerberosPrincipal().getKeytab();
            if (!StringUtils.isEmpty(keytab)) {
                URI uri = new URI(keytab);
                if (uri.getScheme().equals("file")) {
                    file = new File(uri);
                    LOG.info("Using pre-installed keytab from localhost: " + keytab);
                }
            }
        }
        if (!file.exists()) {
            LOG.info("No keytab exists: " + file);
            return;
        }
        String principalName = this.context.service == null ? this.servicePrincipalName : this.context.service.getKerberosPrincipal().getPrincipalName();
        if (StringUtils.isEmpty(principalName)) {
            principalName = UserGroupInformation.getLoginUser().getShortUserName();
            LOG.info("No principal name specified.  Will use AM login identity {} to attempt keytab-based login", principalName);
        }
        LOG.info("User before logged in is: " + UserGroupInformation.getCurrentUser());
        String serverPrincipal = SecurityUtil.getServerPrincipal(principalName, ServiceUtils.getLocalHostName(getConfig()));
        UserGroupInformation.loginUserFromKeytab(serverPrincipal, file.getAbsolutePath());
        LOG.info("User after logged in is: " + UserGroupInformation.getCurrentUser());
        this.context.principal = serverPrincipal;
        this.context.keytab = file.getAbsolutePath();
    }

    private static void removeHdfsDelegationToken(UserGroupInformation userGroupInformation) {
        if (!userGroupInformation.isFromKeytab()) {
            LOG.error("AM is not holding on a keytab in a secure deployment: service will fail when tokens expire");
        }
        Iterator<Token<? extends TokenIdentifier>> it = userGroupInformation.getCredentials().getAllTokens().iterator();
        while (it.hasNext()) {
            Token<? extends TokenIdentifier> next = it.next();
            if (next.getKind().equals(DelegationTokenIdentifier.HDFS_DELEGATION_KIND)) {
                LOG.info("Remove HDFS delegation token {}.", next);
                it.remove();
            }
        }
    }

    protected ContainerId getAMContainerId() throws BadClusterStateException {
        return ContainerId.fromString(ServiceUtils.mandatoryEnvVariable(ApplicationConstants.Environment.CONTAINER_ID.name()));
    }

    protected Path getAppDir() {
        return new Path(this.serviceDefPath).getParent();
    }

    protected String getServiceName() {
        return this.serviceName;
    }

    protected ServiceScheduler createServiceScheduler(ServiceContext serviceContext) throws IOException, YarnException {
        return new ServiceScheduler(serviceContext);
    }

    protected void loadApplicationJson(ServiceContext serviceContext, SliderFileSystem sliderFileSystem) throws IOException {
        serviceContext.service = ServiceApiUtil.loadServiceFrom(sliderFileSystem, new Path(this.serviceDefPath));
        serviceContext.service.setState(ServiceState.ACCEPTED);
        LOG.info(serviceContext.service.toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.service.CompositeService, org.apache.hadoop.service.AbstractService
    public void serviceStart() throws Exception {
        LOG.info("Starting service as user " + UserGroupInformation.getCurrentUser());
        UserGroupInformation.getLoginUser().doAs(() -> {
            super.serviceStart();
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.service.CompositeService, org.apache.hadoop.service.AbstractService
    public void serviceStop() throws Exception {
        LOG.info("Stopping app master");
        super.serviceStop();
    }

    public static synchronized void checkAndUpdateServiceState(ServiceScheduler serviceScheduler) {
        ServiceState state = serviceScheduler.getApp().getState();
        boolean z = true;
        Iterator<Component> it = serviceScheduler.getApp().getComponents().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (it.next().getState() != ComponentState.STABLE) {
                z = false;
                break;
            }
        }
        if (z) {
            serviceScheduler.getApp().setState(ServiceState.STABLE);
        } else if (state == ServiceState.STABLE) {
            serviceScheduler.getApp().setState(ServiceState.STARTED);
        }
        if (state != serviceScheduler.getApp().getState()) {
            LOG.info("Service state changed from {} -> {}", state, serviceScheduler.getApp().getState());
        }
        populateYarnSysFS(serviceScheduler);
    }

    private static void populateYarnSysFS(ServiceScheduler serviceScheduler) {
        serviceScheduler.syncSysFs(serviceScheduler.getApp());
    }

    private void printSystemEnv() {
        for (Map.Entry<String, String> entry : System.getenv().entrySet()) {
            LOG.info("{} = {}", entry.getKey(), entry.getValue());
        }
    }

    public static void main(String[] strArr) throws Exception {
        Thread.setDefaultUncaughtExceptionHandler(new YarnUncaughtExceptionHandler());
        org.apache.hadoop.util.StringUtils.startupShutdownMessage((Class<?>) ServiceMaster.class, strArr, LOG);
        try {
            ServiceMaster serviceMaster = new ServiceMaster("Service Master");
            ShutdownHookManager.get().addShutdownHook(new CompositeService.CompositeServiceShutdownHook(serviceMaster), 30);
            YarnConfiguration yarnConfiguration = new YarnConfiguration();
            Options options = new Options();
            options.addOption(YARNFILE_OPTION, true, "HDFS path to JSON service specification");
            options.getOption(YARNFILE_OPTION).setRequired(true);
            options.addOption("service_name", true, "Service name");
            options.getOption("service_name").setRequired(true);
            options.addOption(KEYTAB_OPTION, true, "Service AM keytab");
            options.addOption(PRINCIPAL_NAME_OPTION, true, "Service AM keytab principal");
            CommandLine commandLine = new GenericOptionsParser(yarnConfiguration, options, strArr).getCommandLine();
            serviceMaster.serviceDefPath = commandLine.getOptionValue(YARNFILE_OPTION);
            serviceMaster.serviceName = commandLine.getOptionValue("service_name");
            serviceMaster.serviceKeytab = commandLine.getOptionValue(KEYTAB_OPTION);
            serviceMaster.servicePrincipalName = commandLine.getOptionValue(PRINCIPAL_NAME_OPTION);
            serviceMaster.init(yarnConfiguration);
            serviceMaster.start();
        } catch (Throwable th) {
            LOG.error("Error starting service master", th);
            ExitUtil.terminate(1, "Error starting service master");
        }
    }
}
