[ https://issues.apache.org/jira/browse/YARN-3522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14507685#comment-14507685 ]
Jian He commented on YARN-3522: ------------------------------- - I think YARN-3287 in some sense is incompatible, since it forces user to use doAs to create the timeLineClient which is not required before. Is this ok ? I suggest adding a code comment in TimeLineClient#createTimelineClient to say caller must use doAs to create the timeLineClient - start and end event occurred in the same run() method ? {code} if(timelineClient != null) { publishApplicationAttemptEvent(timelineClient, appAttemptID.toString(), DSEvent.DS_APP_ATTEMPT_START, domainId, appSubmitterUgi); } {code} > DistributedShell uses the wrong user to put timeline data > --------------------------------------------------------- > > Key: YARN-3522 > URL: https://issues.apache.org/jira/browse/YARN-3522 > Project: Hadoop YARN > Issue Type: Bug > Components: timelineserver > Reporter: Zhijie Shen > Assignee: Zhijie Shen > Priority: Blocker > Attachments: YARN-3522.1.patch, YARN-3522.2.patch > > > YARN-3287 breaks the timeline access control of distributed shell. In > distributed shell AM: > {code} > if (conf.getBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED, > YarnConfiguration.DEFAULT_TIMELINE_SERVICE_ENABLED)) { > // Creating the Timeline Client > timelineClient = TimelineClient.createTimelineClient(); > timelineClient.init(conf); > timelineClient.start(); > } else { > timelineClient = null; > LOG.warn("Timeline service is not enabled"); > } > {code} > {code} > ugi.doAs(new PrivilegedExceptionAction<TimelinePutResponse>() { > @Override > public TimelinePutResponse run() throws Exception { > return timelineClient.putEntities(entity); > } > }); > {code} > YARN-3287 changes the timeline client to get the right ugi at serviceInit, > but DS AM still doesn't use submitter ugi to init timeline client, but use > the ugi for each put entity call. It result in the wrong user of the put > request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)