hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bikas Saha (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-937) Fix unmanaged AM in non-secure/secure setup post YARN-701
Date Wed, 24 Jul 2013 05:55:50 GMT

    [ https://issues.apache.org/jira/browse/YARN-937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13718018#comment-13718018
] 

Bikas Saha commented on YARN-937:
---------------------------------

Not quite sure why we have manually use the RM address to re-create the token. YarnClient
uses ClientRMProxy that will automatically switch between RM instances. Hence, the RM address
might change after a failover.
{code}
+  public org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> 
+    getAMRMToken(ApplicationId appId) throws YarnException, IOException {
+    org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> amrmToken = null;
+    ApplicationReport report = getApplicationReport(appId);
+    Token token = report.getAmRmToken();
+    if (token != null) {
+    InetSocketAddress address = getConfig().getSocketAddr(
+      YarnConfiguration.RM_SCHEDULER_ADDRESS,
+      YarnConfiguration.DEFAULT_RM_SCHEDULER_ADDRESS,
+      YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT);
+      amrmToken = ConverterUtils.convertFromYarn(token, address);
{code}

typo in name?
{code}
public void testMRAMTokens() throws Exception {
{code}

typo in comment? same exists in the user=foo case.
{code}
+      //managed AMs do return AMRM token
+      Assert.assertNotNull(rmClient.getAMRMToken(appId));
{code}

If the queue ACL's give identical access to a different user then why should that user not
be allowed to obtain the AMRM token?

Should we return AMRMToken in getApplicationReport() only if the currentAppAttempt is in a
waiting to register state? Once the attempt is registered, is there a need to provide the
token to the client?
Similarly the AMLauncher could delete the token file after the app has entered running state
based on getApplicationReport()?

                
> Fix unmanaged AM in non-secure/secure setup post YARN-701
> ---------------------------------------------------------
>
>                 Key: YARN-937
>                 URL: https://issues.apache.org/jira/browse/YARN-937
>             Project: Hadoop YARN
>          Issue Type: Bug
>    Affects Versions: 2.1.0-beta
>            Reporter: Arun C Murthy
>            Assignee: Alejandro Abdelnur
>            Priority: Blocker
>             Fix For: 2.1.0-beta
>
>         Attachments: YARN-937.patch, YARN-937.patch, YARN-937.patch
>
>
> Fix unmanaged AM in non-secure/secure setup post YARN-701 since app-tokens will be used
in both scenarios.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message