[jira] [Commented] (YARN-937) Fix unmanaged AM in non-secure/secure setup post YARN-701

Tue, 23 Jul 2013 22:56:29 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13718018#comment-13718018
 ] 

Bikas Saha commented on YARN-937:
---------------------------------

Not quite sure why we have manually use the RM address to re-create the token. 
YarnClient uses ClientRMProxy that will automatically switch between RM 
instances. Hence, the RM address might change after a failover.
{code}
+  public org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> 
+    getAMRMToken(ApplicationId appId) throws YarnException, IOException {
+    org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> amrmToken = 
null;
+    ApplicationReport report = getApplicationReport(appId);
+    Token token = report.getAmRmToken();
+    if (token != null) {
+    InetSocketAddress address = getConfig().getSocketAddr(
+      YarnConfiguration.RM_SCHEDULER_ADDRESS,
+      YarnConfiguration.DEFAULT_RM_SCHEDULER_ADDRESS,
+      YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT);
+      amrmToken = ConverterUtils.convertFromYarn(token, address);
{code}

typo in name?
{code}
public void testMRAMTokens() throws Exception {
{code}

typo in comment? same exists in the user=foo case.
{code}
+      //managed AMs do return AMRM token
+      Assert.assertNotNull(rmClient.getAMRMToken(appId));
{code}

If the queue ACL's give identical access to a different user then why should 
that user not be allowed to obtain the AMRM token?

Should we return AMRMToken in getApplicationReport() only if the 
currentAppAttempt is in a waiting to register state? Once the attempt is 
registered, is there a need to provide the token to the client?
Similarly the AMLauncher could delete the token file after the app has entered 
running state based on getApplicationReport()?

                
> Fix unmanaged AM in non-secure/secure setup post YARN-701
> ---------------------------------------------------------
>
>                 Key: YARN-937
>                 URL: https://issues.apache.org/jira/browse/YARN-937
>             Project: Hadoop YARN
>          Issue Type: Bug
>    Affects Versions: 2.1.0-beta
>            Reporter: Arun C Murthy
>            Assignee: Alejandro Abdelnur
>            Priority: Blocker
>             Fix For: 2.1.0-beta
>
>         Attachments: YARN-937.patch, YARN-937.patch, YARN-937.patch
>
>
> Fix unmanaged AM in non-secure/secure setup post YARN-701 since app-tokens 
> will be used in both scenarios.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to