[
https://issues.apache.org/jira/browse/YARN-5694?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15654697#comment-15654697
]
Jian He edited comment on YARN-5694 at 11/10/16 6:09 PM:
---------------------------------------------------------
bq. If we agree that it's bad to have two RMs accidentally sharing the same
state store,
If it's in non-HA mode, currently there's no protection in the ZKStore
preventing two RMs from sharing the same store. All the ACLs setting related
code is only used in HA mode. Essentially, with current patch, I doubt it will
get NoAuthException in the verifyThread, without making user change the ACLs
manually. So the handling code in this patch will not be triggered with default
setting. Maybe I'm wrong, you may try on a real cluster.. also, I thinking
setting ACLs for RM is not a required step for deploying non-HA cluster,
forcing this to be set is behavior change..
bq. why would you not want to catch the issue as early as possible?
My point is that first,will this code work as mentioned above. second, if
there's no difference in terms of functionality, why do I need to start a
thread pinging the zk continuously every few seconds. Of course, I might miss
something, you may clarify more...
Also, is the use-case mainly about two clusters sharing the same zk-store with
the same path ? IMHO, this is not a primary use-case to solve, if user
mis-configured, it's user's fault. There are many other places that can go
wrong. e.g. if two clusters configure the same path for anything on HDFS.
If the use-case is about two RMs sharing the same zk-path in the same cluster
with non-HA mode. I think in non-HA mode, the invalid RM will not take workload
in the first place, clients, NMs will not switch to that RM if HA is not
configured properly.
was (Author: jianhe):
bq. If we agree that it's bad to have two RMs accidentally sharing the same
state store,
If it's in non-HA mode, currently there's no protection in the ZKStore
preventing two RMs from sharing the same store. All the ACLs setting related
code is only used in HA mode. Essentially, with current patch, I doubt it will
get NoAuthException in the verifyThread, without making user change the ACLs
manually. So the handling code in this patch will not be triggered with default
setting. Maybe I'm wrong, you may try on a real cluster..
bq. why would you not want to catch the issue as early as possible?
My point is that first,will this code work as mentioned above. second, if
there's no difference in terms of functionality, why do I need to start a
thread pinging the zk continuously every few seconds. Of course, I might miss
something, you may clarify more...
Also, is the use-case mainly about two clusters sharing the same zk-store with
the same path ? IMHO, this is not a primary use-case to solve, if user
mis-configured, it's user's fault. There are many other places that can go
wrong. e.g. if two clusters configure the same path for anything on HDFS.
If the use-case is about two RMs sharing the same zk-path in the same cluster
with non-HA mode. I think in non-HA mode, the invalid RM will not take workload
in the first place, clients, NMs will not switch to that RM if HA is not
configured properly.
> ZKRMStateStore should always start its verification thread to prevent
> accidental state store corruption
> -------------------------------------------------------------------------------------------------------
>
> Key: YARN-5694
> URL: https://issues.apache.org/jira/browse/YARN-5694
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 3.0.0-alpha1
> Reporter: Daniel Templeton
> Assignee: Daniel Templeton
> Priority: Critical
> Labels: oct16-medium
> Attachments: YARN-5694.001.patch, YARN-5694.002.patch,
> YARN-5694.003.patch, YARN-5694.004.patch, YARN-5694.004.patch,
> YARN-5694.005.patch, YARN-5694.006.patch, YARN-5694.007.patch,
> YARN-5694.branch-2.7.001.patch, YARN-5694.branch-2.7.002.patch
>
>
> There are two cases. In branch-2.7, the
> {{ZKRMStateStore.VerifyActiveStatusThread}} is always started, even when
> using embedded or Curator failover. In branch-2.8, the
> {{ZKRMStateStore.VerifyActiveStatusThread}} is only started when HA is
> disabled, which makes no sense. Based on the JIRA that introduced that
> change (YARN-4559), I believe the intent was to start it only when embedded
> failover is disabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
