[ https://issues.apache.org/jira/browse/YARN-9920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16970754#comment-16970754 ]
Hadoop QA commented on YARN-9920: --------------------------------- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 0s{color} | {color:blue} Docker mode activated. {color} | | {color:red}-1{color} | {color:red} patch {color} | {color:red} 0m 9s{color} | {color:red} YARN-9920 does not apply to trunk. Rebase required? Wrong Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. {color} | \\ \\ || Subsystem || Report/Notes || | JIRA Issue | YARN-9920 | | Console output | https://builds.apache.org/job/PreCommit-YARN-Build/25130/console | | Powered by | Apache Yetus 0.8.0 http://yetus.apache.org | This message was automatically generated. > YarnAuthorizationProvider AccessRequest gets Null RemoteAddress from > FairScheduler > ---------------------------------------------------------------------------------- > > Key: YARN-9920 > URL: https://issues.apache.org/jira/browse/YARN-9920 > Project: Hadoop YARN > Issue Type: Bug > Components: fairscheduler, security > Affects Versions: 3.3.0 > Reporter: Prabhu Joseph > Assignee: Prabhu Joseph > Priority: Major > Attachments: AccessAudist_yarn_clientIPempty.png, > YARN-9920-001.patch, YARN-9920-002.patch, YARN-9920-003.patch > > > YarnAuthorizationProvider AccessRequest has null RemoteAddress in case of > FairScheduler. FSQueue#hasAccess uses Server.getRemoteAddress() which will be > null when the call is from RMWebServices and EventDispatcher. It works fine > when called by IPC Server Handler. > FSQueue#hasAccess is called at three places where (2) and (3) returns null. > *1. IPC Server -> RMAppManager#createAndPopulateNewRMApp -> FSQueue#hasAccess > -> Server.getRemoteAddress returns correct Remote IP.* > > *2. IPC Server -> RMAppManager#createAndPopulateNewRMApp -> > AppAddedSchedulerEvent* > *EventDispatcher -> FairScheduler#addApplication -> FSQueue.hasAccess -> > Server.getRemoteAddress returns null* > > {code:java} > org.apache.hadoop.yarn.security.ConfiguredYarnAuthorizer.checkPermission(ConfiguredYarnAuthorizer.java:101) > at > org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FSQueue.hasAccess(FSQueue.java:316) > at > org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler.addApplication(FairScheduler.java:509) > at > org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler.handle(FairScheduler.java:1268) > at > org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler.handle(FairScheduler.java:133) > at > org.apache.hadoop.yarn.event.EventDispatcher$EventProcessor.run(EventDispatcher.java:66) > {code} > > *3. RMWebServices -> QueueACLsManager#checkAccess -> FSQueue.hasAccess -> > Server.getRemoteAddress returns null.* > {code:java} > org.apache.hadoop.yarn.security.ConfiguredYarnAuthorizer.checkPermission(ConfiguredYarnAuthorizer.java:101) > at > org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FSQueue.hasAccess(FSQueue.java:316) > at > org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler.checkAccess(FairScheduler.java:1610) > at > org.apache.hadoop.yarn.server.resourcemanager.security.QueueACLsManager.checkAccess(QueueACLsManager.java:84) > at > org.apache.hadoop.yarn.server.resourcemanager.webapp.RMWebServices.hasAccess(RMWebServices.java:270) > at > org.apache.hadoop.yarn.server.resourcemanager.webapp.RMWebServices.getApps(RMWebServices.java:553) > {code} > > Have verified with CapacityScheduler and it works fine. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org