[
https://issues.apache.org/jira/browse/YARN-11920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18052584#comment-18052584
]
ASF GitHub Bot commented on YARN-11920:
---------------------------------------
hadoop-yetus commented on PR #8184:
URL: https://github.com/apache/hadoop/pull/8184#issuecomment-3764199202
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
| +0 :ok: | reexec | 24m 58s | | Docker mode activated. |
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | | No case conflicting files
found. |
| +0 :ok: | codespell | 0m 0s | | codespell was not available. |
| +0 :ok: | detsecrets | 0m 0s | | detect-secrets was not available.
|
| +1 :green_heart: | @author | 0m 0s | | The patch does not contain
any @author tags. |
| +1 :green_heart: | test4tests | 0m 0s | | The patch appears to
include 1 new or modified test files. |
|||| _ trunk Compile Tests _ |
| +1 :green_heart: | mvninstall | 34m 47s | | trunk passed |
| +1 :green_heart: | compile | 1m 55s | | trunk passed with JDK Red
Hat, Inc.-21.0.9+10-LTS |
| +1 :green_heart: | compile | 1m 56s | | trunk passed with JDK Red
Hat, Inc.-17.0.17+10-LTS |
| +1 :green_heart: | mvnsite | 1m 22s | | trunk passed |
| +1 :green_heart: | shadedclient | 67m 32s | | branch has no errors
when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 0m 54s | | the patch passed |
| +1 :green_heart: | compile | 1m 32s | | the patch passed with JDK
Red Hat, Inc.-21.0.9+10-LTS |
| -1 :x: | cc | 1m 32s |
[/results-compile-cc-hadoop-yarn-project_hadoop-yarn_hadoop-yarn-server_hadoop-yarn-server-nodemanager-jdkRedHat,Inc.-21.0.9+10-LTS.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8184/1/artifact/out/results-compile-cc-hadoop-yarn-project_hadoop-yarn_hadoop-yarn-server_hadoop-yarn-server-nodemanager-jdkRedHat,Inc.-21.0.9+10-LTS.txt)
|
hadoop-yarn-project_hadoop-yarn_hadoop-yarn-server_hadoop-yarn-server-nodemanager-jdkRedHat,Inc.-21.0.9+10-LTS
with JDK Red Hat, Inc.-21.0.9+10-LTS generated 2 new + 51 unchanged - 0 fixed
= 53 total (was 51) |
| +1 :green_heart: | golang | 1m 32s | | the patch passed |
| +1 :green_heart: | javac | 1m 32s | | the patch passed |
| +1 :green_heart: | compile | 1m 32s | | the patch passed with JDK
Red Hat, Inc.-17.0.17+10-LTS |
| -1 :x: | cc | 1m 32s |
[/results-compile-cc-hadoop-yarn-project_hadoop-yarn_hadoop-yarn-server_hadoop-yarn-server-nodemanager-jdkRedHat,Inc.-17.0.17+10-LTS.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8184/1/artifact/out/results-compile-cc-hadoop-yarn-project_hadoop-yarn_hadoop-yarn-server_hadoop-yarn-server-nodemanager-jdkRedHat,Inc.-17.0.17+10-LTS.txt)
|
hadoop-yarn-project_hadoop-yarn_hadoop-yarn-server_hadoop-yarn-server-nodemanager-jdkRedHat,Inc.-17.0.17+10-LTS
with JDK Red Hat, Inc.-17.0.17+10-LTS generated 2 new + 51 unchanged - 0 fixed
= 53 total (was 51) |
| +1 :green_heart: | golang | 1m 32s | | the patch passed |
| +1 :green_heart: | javac | 1m 32s | | the patch passed |
| -1 :x: | blanks | 0m 0s |
[/blanks-tabs.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8184/1/artifact/out/blanks-tabs.txt)
| The patch 1 line(s) with tabs. |
| +1 :green_heart: | mvnsite | 1m 0s | | the patch passed |
| +1 :green_heart: | shadedclient | 27m 55s | | patch has no errors
when building and testing our client artifacts. |
|||| _ Other Tests _ |
| +1 :green_heart: | unit | 27m 12s | | hadoop-yarn-server-nodemanager
in the patch passed. |
| +1 :green_heart: | asflicense | 0m 57s | | The patch does not
generate ASF License warnings. |
| | | 155m 26s | | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.52 ServerAPI=1.52 base:
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8184/1/artifact/out/Dockerfile
|
| GITHUB PR | https://github.com/apache/hadoop/pull/8184 |
| Optional Tests | dupname asflicense compile cc mvnsite javac unit
codespell detsecrets golang |
| uname | Linux e4b20368f015 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14
20:25:16 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/bin/hadoop.sh |
| git revision | trunk / 4b03638000ce0419c44ff3d5a340abdc10ea0733 |
| Default Java | Red Hat, Inc.-17.0.17+10-LTS |
| Multi-JDK versions |
/usr/lib/jvm/java-21-openjdk-21.0.9.0.10-1.el8.x86_64:Red Hat,
Inc.-21.0.9+10-LTS /usr/lib/jvm/java-17-openjdk-17.0.17.0.10-1.el8.x86_64:Red
Hat, Inc.-17.0.17+10-LTS |
| Test Results |
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8184/1/testReport/ |
| Max. process+thread count | 763 (vs. ulimit of 5500) |
| modules | C:
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager
U:
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager
|
| Console output |
https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8184/1/console |
| versions | git=2.43.7 maven=3.9.11 |
| Powered by | Apache Yetus 0.14.0 https://yetus.apache.org |
This message was automatically generated.
> linux-container-executor requires flexible directory permissions.
> -----------------------------------------------------------------
>
> Key: YARN-11920
> URL: https://issues.apache.org/jira/browse/YARN-11920
> Project: Hadoop YARN
> Issue Type: New Feature
> Reporter: Edward Capriolo
> Priority: Major
> Labels: pull-request-available
>
> When running yarn node-manager directories are created which the node manager
> can not write to. I discussed this on the mailing list:
> {quote}Hello. I am trying to run linux-container-executor in a setup without
> kerberos. I want to see it "change user" and run a map reduce job.
> I have a fork of linux-container-executor with some gratuitous println:
> main : command provided 0
> 2026-01-12T19:51:25.467740715Z main : run as user is auser
> 2026-01-12T19:51:25.467750476Z main : requested yarn user is auser
> 2026-01-12T19:51:25.467760225Z main : validate_container_id
> 2026-01-12T19:51:25.467771148Z main : huh
> 2026-01-12T19:51:25.467784131Z validated command: INITIALIZE_CONTAINER
> 2026-01-12T19:51:25.467795274Z init : set_user
> 2026-01-12T19:51:25.467805332Z maybe free_user
> 2026-01-12T19:51:25.467815142Z going to check user
> 2026-01-12T19:51:25.467824798Z min id
> 2026-01-12T19:51:25.467833618Z min id 1000
> 2026-01-12T19:51:25.467842685Z Get user info
> 2026-01-12T19:51:25.467851066Z init : set_user done
> 2026-01-12T19:51:25.467860879Z initialize_app(
> 2026-01-12T19:51:25.467871118Z create user dirs
> 2026-01-12T19:51:25.467881131Z initialize_user.
> 2026-01-12T19:51:25.467890384Z created
> 2026-01-12T19:51:25.467900435Z create_log_dirs().
> 2026-01-12T19:51:25.467911090Z create container log
> 2026-01-12T19:51:25.467920790Z create_container_log_dirs
> 2026-01-12T19:51:25.467931683Z open_file_as_nm.
> 2026-01-12T19:51:25.467941717Z change_user
> 2026-01-12T19:51:25.467952667Z change_user.
> *2026-01-12T19:51:25.467962032Z Can't create directory
> /yarn-root/nm-local-dir/usercache/auser/appcache - Permission denied*
> 2026-01-12T19:51:25.467973350Z Did not create any app directories
> I am creating users like this:
> RUN addgroup -S hadoop
> RUN addgroup -S hdfs && adduser -S -G hdfs -H -D hdfs
> RUN addgroup -S yarn && adduser -S -G yarn -H -D yarn
> RUN addgroup yarn hadoop
> RUN addgroup -S auser && adduser -S -G auser -H -D auser
> I am launching a wordcount as "auser" like so:
> [https://github.com/edwardcapriolo/edgy-ansible/blob/main/imaging/hadoop/compositions/ha_rm_zk_pki_tls/enter_auser.sh]
> This is what teh directory inside the node manager looks like:
> nm1:/yarn-root/nm-local-dir/usercache# rm -rf auser/
> nm1:/yarn-root/nm-local-dir/usercache# ld -lahd /yarn-root/
> nm1:/yarn-root/nm-local-dir/usercache# ls -lahd /yarn-root/
> drwxr-xr-x 1 yarn root 24 Jan 12 19:32 /yarn-root/
> nm1:/yarn-root/nm-local-dir/usercache# ls -lahd /yarn-root/nm-local-dir/
> drwxr-xr-x 1 yarn hadoop 54 Jan 12 19:32
> /yarn-root/nm-local-dir/
> nm1:/yarn-root/nm-local-dir/usercache# ls -lahd /yarn-root/nm-local-dir/
> filecache/ nmPrivate/ usercache/
> nm1:/yarn-root/nm-local-dir/usercache# ls -lahd
> /yarn-root/nm-local-dir/usercache/
> drwxr-sr-x 1 yarn hadoop 10 Jan 12 20:38
> /yarn-root/nm-local-dir/usercache/
> nm1:/yarn-root/nm-local-dir/usercache# ls -lahd
> /yarn-root/nm-local-dir/usercache/auser/
> drwxr-s--- 1 auser hadoop 0 Jan 12 20:38
> /yarn-root/nm-local-dir/usercache/auser/
> My node manager is running as yarn
> nm1:/$ ps -ef | grep yarn
> 1 yarn 0:20 /usr/bin/java -Dproc_nodemanager
> nm1:/$ id -u yarn
> 101
> nm1:/$ id -g yarn
> 103
> nm1:/$ id -G yarn
> 103 101
> nm1:/$ id -G yarn -n
> yarn hadoop
> nm1:/$ umask
> 0022
> I am guessing that the issue is
> drwxr-s--- 1 auser hadoop 0 Jan 12 20:38 auser
> Ths directory gets owned by auser/hadoop but the group write is off?
> My yarn config is here:
> [https://github.com/edwardcapriolo/edgy-ansible/blob/main/imaging/hadoop/compositions/ha_rm_zk_pki_tls/hd_conf/yarn-site.xml#L126]
> Also manually changing it it just gets put back
> nm1:/yarn-root/nm-local-dir/usercache# chmod g+w auser/
> nm1:/yarn-root/nm-local-dir/usercache# ls -lah
> total 0
> drwxr-sr-x 1 yarn hadoop 10 Jan 12 20:38 .
> drwxr-xr-x 1 yarn hadoop 54 Jan 12 19:32 ..
> drwxrws--- 1 auser hadoop 0 Jan 12 20:38 auser
> nm1:/yarn-root/nm-local-dir/usercache# ls -lah
> total 0
> drwxr-sr-x 1 yarn hadoop 10 Jan 12 20:38 .
> drwxr-xr-x 1 yarn hadoop 54 Jan 12 19:32 ..
> drwxr-s--- 1 auser hadoop 0 Jan 12 20:38 auser
> {quote}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
