[
https://issues.apache.org/jira/browse/YARN-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13774204#comment-13774204
]
Karthik Kambatla commented on YARN-1026:
----------------------------------------
Good news: the ACL-based fencing seems to work. I ll clean up and post the
changes to ZKRMStateStore on YARN-1222.
I used digest:ha-admin-socket-address:ha-admin-socket-address:cd to give the RM
exclusive privileges to create/delete under the root. Every write
(create/delete/set) is enclosed in create-delete "fence-node". Everything works
fine and the RM is able to run jobs until I change the permissions on the root
node from a client.
> Test and verify ACL based ZKRMStateStore fencing for RM State Store
> -------------------------------------------------------------------
>
> Key: YARN-1026
> URL: https://issues.apache.org/jira/browse/YARN-1026
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Bikas Saha
> Assignee: Karthik Kambatla
>
> ZooKeeper allows create/delete ACL's for immediate children of a znode. It
> also has admin ACL's on a znode that allow changing the create/delete ACL's
> on that znode. RM instances could share the admin ACL's on the state store
> root znode. When an RM transitions to active, it can use the shared admin
> ACL's to give itself exclusive create/delete permissions on the children of
> the root znode. If all ZK state store operations are atomic and involve a
> create/delete znode then the above effectively fences other RM instances from
> modifying the store. This ACL change is only allowed when transitioning to
> active.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
