Jason Lowe updated YARN-1915:
    Attachment: YARN-1915v3.patch

Refreshed patch to latest trunk.

[~vinodkv] could you comment?  I fully agree with Hitesh that the current patch 
is a stop-gap at best.  However there's some confusion as to how  the client 
token master key should be sent to the RM (e.g.: via container credentials, via 
the current method, etc.).  The original env variable approach apparently is 
problematic on Windows per YARN-610.

If we won't have time to develop the best fix for 2.6 then I'd like to see 
something like this patch put in to improve things in the interim.

> ClientToAMTokenMasterKey should be provided to AM at launch time
> ----------------------------------------------------------------
>                 Key: YARN-1915
>                 URL: https://issues.apache.org/jira/browse/YARN-1915
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>    Affects Versions: 2.2.0
>            Reporter: Hitesh Shah
>            Assignee: Jason Lowe
>            Priority: Critical
>         Attachments: YARN-1915.patch, YARN-1915v2.patch, YARN-1915v3.patch
> Currently, the AM receives the key as part of registration. This introduces a 
> race where a client can connect to the AM when the AM has not received the 
> key. 
> Current Flow:
> 1) AM needs to start the client listening service in order to get host:port 
> and send it to the RM as part of registration
> 2) RM gets the port info in register() and transitions the app to RUNNING. 
> Responds back with client secret to AM.
> 3) User asks RM for client token. Gets it and pings the AM. AM hasn't 
> received client secret from RM and so RPC itself rejects the request.

This message was sent by Atlassian JIRA

Reply via email to