[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: YARN-4629.004.patch Fixed checkstyle trivialities. > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell, security >Affects Versions: 2.7.1 > Environment: Secure cluster with the RM principal listed with a > /_HOST entry to be expanded, most common with YARN HA enabled. >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch, > YARN-4629.003.patch, YARN-4629.004.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: YARN-4629.003.patch Here's a more complete patch. It includes unit tests. > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell, security >Affects Versions: 2.7.1 > Environment: Secure cluster with the RM principal listed with a > /_HOST entry to be expanded, most common with YARN HA enabled. >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch, > YARN-4629.003.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: YARN-4629.003.patch > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell, security >Affects Versions: 2.7.1 > Environment: Secure cluster with the RM principal listed with a > /_HOST entry to be expanded, most common with YARN HA enabled. >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch, > YARN-4629.003.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: (was: YARN-4629.003.patch) > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell, security >Affects Versions: 2.7.1 > Environment: Secure cluster with the RM principal listed with a > /_HOST entry to be expanded, most common with YARN HA enabled. >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch, > YARN-4629.003.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated YARN-4629: - Environment: Secure cluster with the RM principal listed with a /_HOST entry to be expanded, most common with YARN HA enabled. Component/s: security > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell, security >Affects Versions: 2.7.1 > Environment: Secure cluster with the RM principal listed with a > /_HOST entry to be expanded, most common with YARN HA enabled. >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: YARN-4629.002.patch How about something like this? If this looks alright, I'll go add some tests. > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell >Affects Versions: 2.7.1 >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch, YARN-4629.002.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: YARN-4629.001.patch Let' try that again. Here's a straw man of a solution. There are no other static methods in {{YarnClient}}, so I'm a little concerned about adding one. An alternative would be to put the method in {{YarnConfiguration}}. Any better suggestions? > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell >Affects Versions: 2.7.1 >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-4629) Distributed shell breaks under strong security
[ https://issues.apache.org/jira/browse/YARN-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Templeton updated YARN-4629: --- Attachment: YARN-4629.001.patch In this patch, the potential exception from {{InetAddress.getLocalhost()}} is uncaught because if it's thrown, the right response is for the client to fail. > Distributed shell breaks under strong security > -- > > Key: YARN-4629 > URL: https://issues.apache.org/jira/browse/YARN-4629 > Project: Hadoop YARN > Issue Type: Bug > Components: applications/distributed-shell >Affects Versions: 2.7.1 >Reporter: Daniel Templeton >Assignee: Daniel Templeton > Attachments: YARN-4629.001.patch > > > If the auth_to_local is set to map requests from unknown hosts to nobody, the > dist shell app fails. The reason is that the client doesn't translate the > _HOST placeholder to the local hostname. -- This message was sent by Atlassian JIRA (v6.3.4#6332)