hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lowe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-3452) Bogus token usernames cause many invalid group lookups
Date Fri, 06 Nov 2015 16:52:27 GMT

    [ https://issues.apache.org/jira/browse/YARN-3452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14993941#comment-14993941

Jason Lowe commented on YARN-3452:

Yeah, probably nothing good.  [~gss2002] pointed out HADOOP-12413 which I think will also
remove the bogus lookups in practice when users aren't using the reverse ACL feature that
was added in HADOOP-10650.  I'll pull that into 2.6 and 2.7, since I think most users won't
be using that new feature.  We'll still need to stop using the bogus usernames for those that
are using that reverse-ACL feature or if someone else tries to do something with the ugi assuming
it actually was a valid user.

> Bogus token usernames cause many invalid group lookups
> ------------------------------------------------------
>                 Key: YARN-3452
>                 URL: https://issues.apache.org/jira/browse/YARN-3452
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: security
>            Reporter: Jason Lowe
> YARN uses a number of bogus usernames for tokens, like application attempt IDs for NM
tokens or even the hardcoded "testing" for the container localizer token.  These tokens cause
the RPC layer to do group lookups on these bogus usernames which will never succeed but can
take a long time to perform.

This message was sent by Atlassian JIRA

View raw message