hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bikas Saha (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-948) CapacityScheduler should validate the release container list before actually releasing them
Date Wed, 24 Jul 2013 20:01:53 GMT

    [ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13718768#comment-13718768
] 

Bikas Saha commented on YARN-948:
---------------------------------

If this is a check that a container matches the application then its not scheduler specific.
It should be done in the RM.
                
> CapacityScheduler should validate the release container list before actually releasing
them
> -------------------------------------------------------------------------------------------
>
>                 Key: YARN-948
>                 URL: https://issues.apache.org/jira/browse/YARN-948
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Omkar Vinit Joshi
>            Assignee: Omkar Vinit Joshi
>
> At present we are blinding passing the allocate request containing containers to be released
to CapacityScheduler. This may result into one application releasing another application's
container.
> {code}
>   @Override
>   @Lock(Lock.NoLock.class)
>   public Allocation allocate(ApplicationAttemptId applicationAttemptId,
>       List<ResourceRequest> ask, List<ContainerId> release, 
>       List<String> blacklistAdditions, List<String> blacklistRemovals) {
>     FiCaSchedulerApp application = getApplication(applicationAttemptId);
> ....
> ....
>     // Release containers
>     for (ContainerId releasedContainerId : release) {
>       RMContainer rmContainer = getRMContainer(releasedContainerId);
>       if (rmContainer == null) {
>          RMAuditLogger.logFailure(application.getUser(),
>              AuditConstants.RELEASE_CONTAINER, 
>              "Unauthorized access or invalid container", "CapacityScheduler",
>              "Trying to release container not owned by app or with invalid id",
>              application.getApplicationId(), releasedContainerId);
>       }
>       completedContainer(rmContainer,
>           SchedulerUtils.createAbnormalContainerStatus(
>               releasedContainerId, 
>               SchedulerUtils.RELEASED_CONTAINER),
>           RMContainerEventType.RELEASED);
>     }
> {code}
> Current checks are not sufficient and we should prevent this..... thoughts?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message