hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-5727) Improve YARN shared cache support for LinuxContainerExecutor
Date Thu, 13 Jun 2019 00:58:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-5727?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16862605#comment-16862605

Hadoop QA commented on YARN-5727:

| (x) *{color:red}-1 overall{color}* |
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue}  0m  0s{color} | {color:blue}
Docker mode activated. {color} |
| {color:red}-1{color} | {color:red} patch {color} | {color:red}  0m  6s{color} | {color:red}
YARN-5727 does not apply to trunk. Rebase required? Wrong Branch? See https://wiki.apache.org/hadoop/HowToContribute
for help. {color} |
|| Subsystem || Report/Notes ||
| JIRA Issue | YARN-5727 |
| Console output | https://builds.apache.org/job/PreCommit-YARN-Build/24263/console |
| Powered by | Apache Yetus 0.8.0   http://yetus.apache.org |

This message was automatically generated.

> Improve YARN shared cache support for LinuxContainerExecutor
> ------------------------------------------------------------
>                 Key: YARN-5727
>                 URL: https://issues.apache.org/jira/browse/YARN-5727
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Chris Trezzo
>            Assignee: zhenzhao wang
>            Priority: Major
>         Attachments: YARN-5727-Design-v1.pdf, YARN-5727-Design-v2.pdf, YARN-5727.001.patch
> When running LinuxContainerExecutor in a secure mode ({{yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users}}
set to {{false}}), all localized files are owned by the user that owns the container which
localized the resource. This presents a problem for the shared cache when a YARN application
requests a resource to be uploaded to the shared cache that has a non-public visibility. The
shared cache uploader (running as the node manager user) does not have access to the localized
files and can not compute the checksum of the file or upload it to the cache. The solution
should ideally satisfy the following three requirements:
> # Localized files should still be safe/secure. Other users that run containers should
not be able to modify, or delete the publicly localized files of others.
> # The node manager user should be able to access these files for the purpose of checksumming
and uploading to the shared cache without being a privileged user.
> # The solution should avoid making unnecessary copies of the localized files.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message