1. I think you'd need to talk to the YARN team about persisting stuff elsewhere 2. On an insecure cluster, the user "mapred" will be running code for everyone, so you'd need to handle the situation "multiple YARN users with the same named slider apps" 3. It may be that the command line is too long. What if the file was created in some tmp dir and then copied into the container?
On 9 July 2014 03:21, Jon Maron <[email protected]> wrote: > Using the current working dir doesn’t work with openssl - it seems to gag > on the long path in the unit test environment: > > (Emulated the runtime execution to see this error): > > openssl ca -create_serial -out > /Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/ca.crt > -days 365 -keyfile > /Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/ca.key > -key 3QxUtKyILrV5Its1l8YiyyAKPMRq86Uxq0L5iDRtgVO3xAunFs -selfsign > -extensions jdk7_ca -config > /Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/ca.config > -batch -infiles > /Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/ca.csr > Using configuration from > /Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/ca.config > Check that the request matches the signature > Signature ok > The Subject's Distinguished Name is as follows > countryName :PRINTABLE:'AU' > stateOrProvinceName :PRINTABLE:'Some-State' > organizationName :PRINTABLE:'Internet Widgits Pty Ltd' > Certificate is to be certified until Jul 9 02:12:31 2015 GMT (365 days) > > Write out database with 1 new entries > certificate file name too long > 24151:error:02001002:system library:fopen:No such file or > directory:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/bio/bss_file.c:356:fopen('/Users/jmaron/dev/workspaces/slider-asf/incubator-slider/slider-core/target/TestActionExists/TestActionExists-localDir-nm-0_0/usercache/jmaron/appcache/application_1404871405081_0001/container_1404871405081_0001_01_000001/security/db/serial','r') > 24151:error:20074002:BIO routines:FILE_CTRL:system > lib:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/bio/bss_file.c:358: > > Is there any objection if I simply go with a unique temp dir per app > master for creating the app master security directory structure (stores > certs, keystones etc, all password protected)? > > — Jon > > On Jul 8, 2014, at 1:10 PM, Sumit Mohanty <[email protected]> > wrote: > > > /hadoop/yarn/local/usercache/yarn/appcache/application_ > > 1404328298542_0019/container_1404328298542_0019_01_000002 is the working > > dir. > > > > For example, agent refers to a sub-dir within as > > "${AGENT_WORK_ROOT}/app/run" > > > > > > On Tue, Jul 8, 2014 at 9:28 AM, Jon Maron <[email protected]> > wrote: > > > >> Perhaps it's simply the working dir? I'll give that a try... > >> > >>> On Jul 8, 2014, at 11:56 AM, Jon Maron <[email protected]> wrote: > >>> > >>> Hi, > >>> > >>> In my current commit I am placing SSL security files for the slider app > >> master in /home/yarn/.slider/security. They are created dynamically by > the > >> application master. I’d prefer to specify the appropriate, container > >> associated directory (under /hadoop/yarn/…, I imagine). This would > allow > >> for a clean removal of the files (I suppose the argument could be made > that > >> the host based certificate can be reused by relaunched app masters, but > I > >> imagine the creation of new cert stores etc for a given app master has > >> advantages as well). However, I still haven’t found what looks to be > the > >> acceptable/approved way for ascertaining that location (API etc), e.g. > >>> > >>> > >> > /hadoop/yarn/local/usercache/yarn/appcache/application_1404328298542_0019/container_1404328298542_0019_01_000002/infra > >>> > >>> Anyone know the API to invoke or system property to retrieve this > >> directory? > >>> > >>> Thanks! > >>> > >>> — Jon > >>> > >> > >> -- > >> CONFIDENTIALITY NOTICE > >> NOTICE: This message is intended for the use of the individual or > entity to > >> which it is addressed and may contain information that is confidential, > >> privileged and exempt from disclosure under applicable law. If the > reader > >> of this message is not the intended recipient, you are hereby notified > that > >> any printing, copying, dissemination, distribution, disclosure or > >> forwarding of this communication is strictly prohibited. If you have > >> received this communication in error, please contact the sender > immediately > >> and delete it from your system. Thank You. > >> > > > > -- > > CONFIDENTIALITY NOTICE > > NOTICE: This message is intended for the use of the individual or entity > to > > which it is addressed and may contain information that is confidential, > > privileged and exempt from disclosure under applicable law. If the reader > > of this message is not the intended recipient, you are hereby notified > that > > any printing, copying, dissemination, distribution, disclosure or > > forwarding of this communication is strictly prohibited. If you have > > received this communication in error, please contact the sender > immediately > > and delete it from your system. Thank You. > > > -- > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity to > which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader > of this message is not the intended recipient, you are hereby notified that > any printing, copying, dissemination, distribution, disclosure or > forwarding of this communication is strictly prohibited. If you have > received this communication in error, please contact the sender immediately > and delete it from your system. Thank You. > -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
