[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: YARN-4629.004.patch Fixed checkstyle trivialities. > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell, security >Affects Versions: 2.7.1 > Environment: Secure cluster with the RM principal listed with a > /_HOST entry to be expanded, most common with YARN HA enabled. >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch, > YARN-4629.003.patch, YARN-4629.004.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: YARN-4629.003.patch Here's a more complete patch. It includes unit tests. > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell, security >Affects Versions: 2.7.1 > Environment: Secure cluster with the RM principal listed with a > /_HOST entry to be expanded, most common with YARN HA enabled. >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch, > YARN-4629.003.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: YARN-4629.003.patch > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell, security >Affects Versions: 2.7.1 > Environment: Secure cluster with the RM principal listed with a > /_HOST entry to be expanded, most common with YARN HA enabled. >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch, > YARN-4629.003.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: (was: YARN-4629.003.patch) > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell, security >Affects Versions: 2.7.1 > Environment: Secure cluster with the RM principal listed with a > /_HOST entry to be expanded, most common with YARN HA enabled. >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch, > YARN-4629.003.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated YARN-4629: - Environment: Secure cluster with the RM principal listed with a /_HOST entry to be expanded, most common with YARN HA enabled. Component/s: security > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell, security >Affects Versions: 2.7.1 > Environment: Secure cluster with the RM principal listed with a > /_HOST entry to be expanded, most common with YARN HA enabled. >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: YARN-4629.002.patch How about something like this? If this looks alright, I'll go add some tests. > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell >Affects Versions: 2.7.1 >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[
https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Templeton updated YARN-4629:
---
Attachment: YARN-4629.001.patch
Let' try that again. Here's a straw man of a solution. There are no other
static methods in {{YarnClient}}, so I'm a little concerned about adding one.
An alternative would be to put the method in {{YarnConfiguration}}. Any better
suggestions?
> Distributed shell breaks under strong security
> --
>
> Key: YARN-4629
> URL: https://issues.apache.org/jira/browse/YARN-4629
> Project: Hadoop YARN
> Issue Type: Bug
> Components: applications/distributed-shell
>Affects Versions: 2.7.1
>Reporter: Daniel Templeton
>Assignee: Daniel Templeton
> Attachments: YARN-4629.001.patch
>
>
> If the auth_to_local is set to map requests from unknown hosts to nobody, the
> dist shell app fails. The reason is that the client doesn't translate the
> _HOST placeholder to the local hostname.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[
https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Templeton updated YARN-4629:
---
Attachment: YARN-4629.001.patch
In this patch, the potential exception from {{InetAddress.getLocalhost()}} is
uncaught because if it's thrown, the right response is for the client to fail.
> Distributed shell breaks under strong security
> --
>
> Key: YARN-4629
> URL: https://issues.apache.org/jira/browse/YARN-4629
> Project: Hadoop YARN
> Issue Type: Bug
> Components: applications/distributed-shell
>Affects Versions: 2.7.1
>Reporter: Daniel Templeton
>Assignee: Daniel Templeton
> Attachments: YARN-4629.001.patch
>
>
> If the auth_to_local is set to map requests from unknown hosts to nobody, the
> dist shell app fails. The reason is that the client doesn't translate the
> _HOST placeholder to the local hostname.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
