[
https://issues.apache.org/jira/browse/YARN-2892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14524357#comment-14524357
]
Hadoop QA commented on YARN-2892:
---------------------------------
\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | pre-patch | 15m 11s | Pre-patch trunk compilation is
healthy. |
| {color:green}+1{color} | @author | 0m 0s | The patch does not contain any
@author tags. |
| {color:green}+1{color} | tests included | 0m 0s | The patch appears to
include 1 new or modified test files. |
| {color:green}+1{color} | javac | 7m 45s | There were no new javac warning
messages. |
| {color:green}+1{color} | javadoc | 9m 51s | There were no new javadoc
warning messages. |
| {color:green}+1{color} | release audit | 0m 23s | The applied patch does
not increase the total number of release audit warnings. |
| {color:green}+1{color} | checkstyle | 0m 45s | There were no new checkstyle
issues. |
| {color:green}+1{color} | whitespace | 0m 0s | The patch has no lines that
end in whitespace. |
| {color:green}+1{color} | install | 1m 34s | mvn install still works. |
| {color:green}+1{color} | eclipse:eclipse | 0m 32s | The patch built with
eclipse:eclipse. |
| {color:green}+1{color} | findbugs | 1m 15s | The patch does not introduce
any new Findbugs (version 2.0.3) warnings. |
| {color:red}-1{color} | yarn tests | 52m 6s | Tests failed in
hadoop-yarn-server-resourcemanager. |
| | | 89m 26s | |
\\
\\
|| Reason || Tests ||
| Failed unit tests |
hadoop.yarn.server.resourcemanager.webapp.TestRMWebServicesFairScheduler |
| | hadoop.yarn.server.resourcemanager.TestAppManager |
| |
hadoop.yarn.server.resourcemanager.scheduler.fair.TestAllocationFileLoaderService
|
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL |
http://issues.apache.org/jira/secure/attachment/12684732/YARN-2892.patch |
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / d3d019c |
| hadoop-yarn-server-resourcemanager test log |
https://builds.apache.org/job/PreCommit-YARN-Build/7584/artifact/patchprocess/testrun_hadoop-yarn-server-resourcemanager.txt
|
| Test Results |
https://builds.apache.org/job/PreCommit-YARN-Build/7584/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf903.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP
PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output |
https://builds.apache.org/job/PreCommit-YARN-Build/7584/console |
This message was automatically generated.
> Unable to get AMRMToken in unmanaged AM when using a secure cluster
> -------------------------------------------------------------------
>
> Key: YARN-2892
> URL: https://issues.apache.org/jira/browse/YARN-2892
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Reporter: Sevada Abraamyan
> Assignee: Sevada Abraamyan
> Attachments: YARN-2892.patch, YARN-2892.patch, YARN-2892.patch
>
>
> An AMRMToken is retrieved from the ApplicationReport by the YarnClient.
> When the RM creates the ApplicationReport and sends it back to the client it
> makes a simple security check whether it should include the AMRMToken in the
> report (See createAndGetApplicationReport in RMAppImpl).This security check
> verifies that the user who submitted the original application is the same
> user who is requesting the ApplicationReport. If they are indeed the same
> user then it includes the AMRMToken, otherwise it does not include it.
> The problem arises from the fact that when an application is submitted, the
> RM saves the short username of the user who created the application (See
> submitApplication in ClientRmService). Afterwards when the ApplicationReport
> is requested, the system tries to match the full username of the requester
> against the previously stored short username.
> In a secure cluster using Kerberos this check fails because the principle is
> stripped from the username when we request a short username. So for example
> the short username might be "Foo" whereas the full username is
> "f...@company.com"
> Note: A very similar problem has been previously reported
> ([Yarn-2232|https://issues.apache.org/jira/browse/YARN-2232])
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
