hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naganarasimha G R (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-5549) AMLauncher.createAMContainerLaunchContext() should not log the command to be launched indiscriminately
Date Fri, 02 Sep 2016 05:23:20 GMT

    [ https://issues.apache.org/jira/browse/YARN-5549?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15457570#comment-15457570
] 

Naganarasimha G R commented on YARN-5549:
-----------------------------------------

Thanks for the patch [~templedf] and [~kasha] for the comments for the config.
Given that there is already jira raised to ATSV2 to log the command which can be securedly
access later makes sense, but i am +0 for this patch because to get this log it requires a
restart of the NM to enable the modified config and as [~jlowe] mentioned we will not be sure
where the container will be relaunched again in this node on failure. So temporarily if the
node has issues this log and config will be helpfull but in case app's command has issues
this approach offers no help.

Other than this patch looks fine !

> AMLauncher.createAMContainerLaunchContext() should not log the command to be launched
indiscriminately
> ------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-5549
>                 URL: https://issues.apache.org/jira/browse/YARN-5549
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager
>    Affects Versions: 2.7.2
>            Reporter: Daniel Templeton
>            Assignee: Daniel Templeton
>            Priority: Critical
>         Attachments: YARN-5549.001.patch, YARN-5549.002.patch, YARN-5549.003.patch, YARN-5549.004.patch,
YARN-5549.005.patch, YARN-5549.006.patch
>
>
> The command could contain sensitive information, such as keystore passwords or AWS credentials
or other.  Instead of logging it as INFO, we should log it as DEBUG and include a property
to disable logging it at all.  Logging it to a different logger would also be viable and may
create a smaller administrative footprint.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message