hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bikas Saha (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-937) Fix unmanaged AM in non-secure/secure setup post YARN-701
Date Wed, 24 Jul 2013 05:55:50 GMT

    [ https://issues.apache.org/jira/browse/YARN-937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13718018#comment-13718018

Bikas Saha commented on YARN-937:

Not quite sure why we have manually use the RM address to re-create the token. YarnClient
uses ClientRMProxy that will automatically switch between RM instances. Hence, the RM address
might change after a failover.
+  public org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> 
+    getAMRMToken(ApplicationId appId) throws YarnException, IOException {
+    org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> amrmToken = null;
+    ApplicationReport report = getApplicationReport(appId);
+    Token token = report.getAmRmToken();
+    if (token != null) {
+    InetSocketAddress address = getConfig().getSocketAddr(
+      YarnConfiguration.RM_SCHEDULER_ADDRESS,
+      YarnConfiguration.DEFAULT_RM_SCHEDULER_ADDRESS,
+      YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT);
+      amrmToken = ConverterUtils.convertFromYarn(token, address);

typo in name?
public void testMRAMTokens() throws Exception {

typo in comment? same exists in the user=foo case.
+      //managed AMs do return AMRM token
+      Assert.assertNotNull(rmClient.getAMRMToken(appId));

If the queue ACL's give identical access to a different user then why should that user not
be allowed to obtain the AMRM token?

Should we return AMRMToken in getApplicationReport() only if the currentAppAttempt is in a
waiting to register state? Once the attempt is registered, is there a need to provide the
token to the client?
Similarly the AMLauncher could delete the token file after the app has entered running state
based on getApplicationReport()?

> Fix unmanaged AM in non-secure/secure setup post YARN-701
> ---------------------------------------------------------
>                 Key: YARN-937
>                 URL: https://issues.apache.org/jira/browse/YARN-937
>             Project: Hadoop YARN
>          Issue Type: Bug
>    Affects Versions: 2.1.0-beta
>            Reporter: Arun C Murthy
>            Assignee: Alejandro Abdelnur
>            Priority: Blocker
>             Fix For: 2.1.0-beta
>         Attachments: YARN-937.patch, YARN-937.patch, YARN-937.patch
> Fix unmanaged AM in non-secure/secure setup post YARN-701 since app-tokens will be used
in both scenarios.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message