Jason Lowe commented on YARN-3452:

Yeah, probably nothing good.  [~gss2002] pointed out HADOOP-12413 which I think 
will also remove the bogus lookups in practice when users aren't using the 
reverse ACL feature that was added in HADOOP-10650.  I'll pull that into 2.6 
and 2.7, since I think most users won't be using that new feature.  We'll still 
need to stop using the bogus usernames for those that are using that 
reverse-ACL feature or if someone else tries to do something with the ugi 
assuming it actually was a valid user.

> Bogus token usernames cause many invalid group lookups
> ------------------------------------------------------
>                 Key: YARN-3452
>                 URL: https://issues.apache.org/jira/browse/YARN-3452
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: security
>            Reporter: Jason Lowe
> YARN uses a number of bogus usernames for tokens, like application attempt 
> IDs for NM tokens or even the hardcoded "testing" for the container localizer 
> token.  These tokens cause the RPC layer to do group lookups on these bogus 
> usernames which will never succeed but can take a long time to perform.

This message was sent by Atlassian JIRA

Reply via email to