Zhijie Shen created YARN-3522:
---------------------------------
Summary: DistributedShell uses the wrong user to put timeline data
Key: YARN-3522
URL: https://issues.apache.org/jira/browse/YARN-3522
Project: Hadoop YARN
Issue Type: Bug
Components: timelineserver
Reporter: Zhijie Shen
Assignee: Zhijie Shen
Priority: Blocker
YARN-3287 breaks the timeline access control of distributed shell. In
distributed shell AM:
{code}
if (conf.getBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED,
YarnConfiguration.DEFAULT_TIMELINE_SERVICE_ENABLED)) {
// Creating the Timeline Client
timelineClient = TimelineClient.createTimelineClient();
timelineClient.init(conf);
timelineClient.start();
} else {
timelineClient = null;
LOG.warn("Timeline service is not enabled");
}
{code}
{code}
ugi.doAs(new PrivilegedExceptionAction<TimelinePutResponse>() {
@Override
public TimelinePutResponse run() throws Exception {
return timelineClient.putEntities(entity);
}
});
{code}
YARN-3287 changes the timeline client to get the right ugi at serviceInit, but
DS AM still doesn't use submitter ugi to init timeline client, but use the ugi
for each put entity call. It result in the wrong user of the put request.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
