Return-Path: X-Original-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3DF8418965 for ; Thu, 24 Dec 2015 01:01:56 +0000 (UTC) Received: (qmail 59123 invoked by uid 500); 24 Dec 2015 01:01:56 -0000 Delivered-To: apmail-hadoop-yarn-issues-archive@hadoop.apache.org Received: (qmail 59082 invoked by uid 500); 24 Dec 2015 01:01:56 -0000 Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: yarn-issues@hadoop.apache.org Delivered-To: mailing list yarn-issues@hadoop.apache.org Received: (qmail 59064 invoked by uid 99); 24 Dec 2015 01:01:56 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Dec 2015 01:01:56 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id EB3512C1F57 for ; Thu, 24 Dec 2015 01:01:55 +0000 (UTC) Date: Thu, 24 Dec 2015 01:01:55 +0000 (UTC) From: "Karthik Kambatla (JIRA)" To: yarn-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (YARN-4353) Provide short circuit user group mapping for NM/AM MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/YARN-4353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15070358#comment-15070358 ] Karthik Kambatla commented on YARN-4353: ---------------------------------------- bq. If secure LDAP is configured for group mapping, then there are some additional complications created by the unnecessary group resolution. Could you elaborate? What complications? I would think Vinod's suggestion here should work, albeit a more substantial change. Could you also comment on how the change here helps/hurts the long-term overall fix? > Provide short circuit user group mapping for NM/AM > -------------------------------------------------- > > Key: YARN-4353 > URL: https://issues.apache.org/jira/browse/YARN-4353 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager > Affects Versions: 2.7.1 > Reporter: Daniel Templeton > Assignee: Daniel Templeton > Attachments: YARN-4353.prelim.patch > > > When the NM launches an AM, the {{ContainerLocalizer}} gets the current user from {{UserGroupInformation}}, which triggers user group mapping, even though the user groups are never accessed. If secure LDAP is configured for group mapping, then there are some additional complications created by the unnecessary group resolution. Additionally, it adds unnecessary latency to the container launch time. > To address the issue, before getting the current user, the {{ContainerLocalizer}} should configure {{UserGroupInformation}} with a null group mapping service that quickly and quietly returns an empty group list for all users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)