Harsh J commented on YARN-3021:

Overall the patch looks fine to me, but please do hold up for [~vinodkv] or 
another YARN active committer to take a look.

Could you conceive a test case for this as well, to catch regressions in 
behaviour in future? For example it could be done by adding an invalid token 
with the app, but with this option turned on. With the option turned off, such 
a thing will always fail and app gets rejected, but with the fix in proper 
behaviour it will pass through the submit procedure at least. Checkout the 
test-case modified in the earlier patch for a reusable reference.

Also, could you document the added MR config in mapred-default.xml, describing 
its use and marking it also as advanced, as it disables some features of a 
regular resilient application such as token reuse and renewals.

> YARN's delegation-token handling disallows certain trust setups to operate 
> properly
> -----------------------------------------------------------------------------------
>                 Key: YARN-3021
>                 URL: https://issues.apache.org/jira/browse/YARN-3021
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.3.0
>            Reporter: Harsh J
>         Attachments: YARN-3021.001.patch, YARN-3021.patch
> Consider this scenario of 3 realms: A, B and COMMON, where A trusts COMMON, 
> and B trusts COMMON (one way trusts both), and both A and B run HDFS + YARN 
> clusters.
> Now if one logs in with a COMMON credential, and runs a job on A's YARN that 
> needs to access B's HDFS (such as a DistCp), the operation fails in the RM, 
> as it attempts a renewDelegationToken(…) synchronously during application 
> submission (to validate the managed token before it adds it to a scheduler 
> for automatic renewal). The call obviously fails cause B realm will not trust 
> A's credentials (here, the RM's principal is the renewer).
> In the 1.x JobTracker the same call is present, but it is done asynchronously 
> and once the renewal attempt failed we simply ceased to schedule any further 
> attempts of renewals, rather than fail the job immediately.
> We should change the logic such that we attempt the renewal but go easy on 
> the failure and skip the scheduling alone, rather than bubble back an error 
> to the client, failing the app submission. This way the old behaviour is 
> retained.

This message was sent by Atlassian JIRA

Reply via email to