[
https://issues.apache.org/jira/browse/YARN-7468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16321108#comment-16321108
]
Wangda Tan commented on YARN-7468:
----------------------------------
Thanks [~xgong], more comments beyond javadocs/findbugs warnings and UT
failures.
1) Inside ResourceHandlerModule:
To me, the following changes are incompatible:
{code}
String handler = conf.get(YarnConfiguration.NM_NETWORK_RESOURCE_HANDLER,
YarnConfiguration.DEFAULT_NM_NETWORK_RESOURCE_HANDLER);
if (handler.equals(TrafficControlBandwidthHandlerImpl.class.getName())) {
return getOutboundBandwidthResourceHandler(conf);
} else if (handler.equals(
NetworkPacketTaggingHandlerImpl.class.getName())) {
return getNetworkTaggingHandler(conf);
} else {
throw new YarnRuntimeException(
"Unsupported handler specified in the configuraiton:"
+ YarnConfiguration.NM_NETWORK_RESOURCE_HANDLER
+ ". The supported handler could be either "
+ NetworkPacketTaggingHandlerImpl.class.getName() + " or "
+ TrafficControlBandwidthHandlerImpl.class.getName() + ".");
}
{code}
User has to config NM_NETWORK_RESOURCE_HANDLER in order to use
TrafficControlBandwidthHandlerImpl. We should not touch existing logics to
initialize TrafficControlBandwidthHandlerImpl, and add a new config like
NM_NETWORK_TAG_PREFIX + ".enabled" to control tagging implementation.
Since the two classes cannot be used at the same time, an additional check need
to be added to ResourceHandlerModule to avoid this happen.
2) A couple of renames:
- NM_NETWORK_TAG_MAPPING_PARSER to NM_NETWORK_TAG_MAPPING_MANAGER/CONVERTER (or
any better name you prefered). This could be beyond a parser of text file. We
need to rename related configs/Factories, etc.
- Since cgroup cannot accept an arbitary String as network tag, suggest to
rename getNetworkTagID to getNetworkTagHexID
3) Other minor comments:
- createNetworkTagMappingParser could be private.
- getBytesSentPerContainer should be removed.
- There're a couple of javadocs inside NetworkPacketTaggingHandlerImpl
mentioned "bandwidth", which should be removed/updated.
> Provide means for container network policy control
> --------------------------------------------------
>
> Key: YARN-7468
> URL: https://issues.apache.org/jira/browse/YARN-7468
> Project: Hadoop YARN
> Issue Type: Task
> Components: nodemanager
> Reporter: Clay B.
> Assignee: Xuan Gong
> Attachments: YARN-7468.trunk.1.patch, YARN-7468.trunk.1.patch,
> YARN-7468.trunk.2.patch, YARN-7468.trunk.2.patch, YARN-7468.trunk.3.patch,
> [YARN-7468] [Design] Provide means for container network policy control.pdf
>
>
> To prevent data exfiltration from a YARN cluster, it would be very helpful to
> have "firewall" rules able to map to a user/queue's containers.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
