slfan1989 commented on code in PR #4426:
URL: https://github.com/apache/hadoop/pull/4426#discussion_r897462619
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/main/java/org/apache/hadoop/yarn/server/router/RouterAuditLogger.java:
##########
@@ -240,4 +245,15 @@ static void add(Keys key, String value, StringBuilder b) {
b.append(AuditConstants.PAIR_SEPARATOR).append(key.name())
.append(AuditConstants.KEY_VAL_SEPARATOR).append(value);
}
+
+ /**
+ * A helper api to add remote IP address.
+ */
+ static void addRemoteIP(StringBuilder b) {
+ InetAddress ip = Server.getRemoteIp();
Review Comment:
I think there are mainly 2 reasons:
1.The original YarnClient communicated with the RM, and the RMAuditLogger of
the RM will record the USER, IP, OPERATION, TARGET, RESULT of the client in
detail. Looking at the code, the method for RM to obtain IP is
Server.getRemoteIp();
**RMAuditLogger#createStringBuilderForSuccessEvent**
```
private static StringBuilder createStringBuilderForSuccessEvent(String
user,
String operation, String target, InetAddress ip) {
StringBuilder b = new StringBuilder();
start(Keys.USER, user, b);
if (ip != null) {
add(Keys.IP, ip.getHostAddress(), b);
}
add(Keys.OPERATION, operation, b);
add(Keys.TARGET, target ,b);
add(Keys.RESULT, AuditConstants.SUCCESS, b);
return b;
}
```
**RMAuditLogger#createSuccessLog**
```
static String createSuccessLog(String user, String operation, String
target,
ApplicationId appId, ApplicationAttemptId attemptId,
ContainerId containerId, Resource resource) {
return createSuccessLog(user, operation, target, appId, attemptId,
containerId, resource, null, Server.getRemoteIp(), null, null);
}
```
2.In the YARN-Federation module, the Router is the proxy of YarnClient,
which will cause the RPC client IP address recorded in the RM audit log to be
the IP address of the Router. If you need to handle abnormal tasks, you cannot
directly find the real client IP. Therefore, it is necessary to record the
relevant client ip address on the router side.
When an abnormal application is found, it can be divided into 2 steps
1. We can first know the application_id and router_ip in the RM audit log.
2. According to the information in step 1, in the audit log of the router,
the client that actually submitted the task can be located.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
