[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13718782#comment-13718782 ] Bikas Saha commented on YARN-948: - Changing title to reflect that this is not scheduler specific. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > > At present we are blinding passing the allocate request containing containers > to be released to CapacityScheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13718905#comment-13718905 ] Omkar Vinit Joshi commented on YARN-948: Fixed... Added check to validate container release list. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13718933#comment-13718933 ] Hadoop QA commented on YARN-948: {color:green}+1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12594042/YARN-948-20130724.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 2 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager. {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-YARN-Build/1577//testReport/ Console output: https://builds.apache.org/job/PreCommit-YARN-Build/1577//console This message is automatically generated. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13721345#comment-13721345 ] Omkar Vinit Joshi commented on YARN-948: bq. If some of the release requests are valid and some are invalid, we should accept the valid requests? bq. If so, please modify the test to validate these multiple success/failure cases. Probably not. We should have same behavior like "ask". thoughts? bq. To indicate its non-scheduler-specificity, validateContainerReleaseRequest() could be in RMServerUtils? Other validate calls are present in SchedulerUtils. Let me know if I should move all or this? bq. Shouldn't be using InvalidResourceRequestException for invalid release-requests. Don't know if we are over-killing it, but a new exception? Yeah thought about it but but then sticked to it don't think we should have separate exception for this scenario. Let me know I will modify. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13721366#comment-13721366 ] Vinod Kumar Vavilapalli commented on YARN-948: -- bq. Probably not. We should have same behavior like "ask". thoughts? Ask can definitely be not per resource-request as there are implicit dependencies between host and rack requests. For blacklist and release, there are no dependencies, so handling them individually is fine. But I'm okay doing it like you have mainly because reporting part partial successes and failures is more API changes. *sigh* bq. Other validate calls are present in SchedulerUtils. Let me know if I should move all or this? Yeah, let's move'em if they aren't really tied to any scheduler. bq. Yeah thought about it but but then sticked to it don't think we should have separate exception for this scenario. Let me know I will modify. It is clearly not InvalidResourceRequest, so let's create a new one and add documentation too. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13721450#comment-13721450 ] Omkar Vinit Joshi commented on YARN-948: Thanks [~vinodkv].. bq. Ask can definitely be not per resource-request as there are implicit dependencies between host and rack requests. For blacklist and release, there are no dependencies, so handling them individually is fine. But I'm okay doing it like you have mainly because reporting part partial successes and failures is more API changes. sigh yeah... :D bq. Yeah, let's move'em if they aren't really tied to any scheduler. moved all three to RMServerUtils bq. It is clearly not InvalidResourceRequest, so let's create a new one and add documentation too. yeah ...created one.. is InvalidContainerReleaseRequestException good? > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13721461#comment-13721461 ] Bikas Saha commented on YARN-948: - Where is appAttemptId coming from? The token? If its coming from the client request object itself then can client send different app's attempt id and matching container ids? InvalidContainerReleaseException sounds better to me. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13721466#comment-13721466 ] Omkar Vinit Joshi commented on YARN-948: bq. Where is appAttemptId coming from? The token? If its coming from the client request object itself then can client send different app's attempt id and matching container ids? No ...we have removed appAttemptId now from request... it is from AMRMToken (auth method retrieves and returns it). > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13721471#comment-13721471 ] Hadoop QA commented on YARN-948: {color:green}+1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12594493/YARN-948-20130726.1.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 2 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager. {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-YARN-Build/1595//testReport/ Console output: https://builds.apache.org/job/PreCommit-YARN-Build/1595//console This message is automatically generated. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13721486#comment-13721486 ] Sandy Ryza commented on YARN-948: - +1 to InvalidContainerReleaseException > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13722906#comment-13722906 ] Omkar Vinit Joshi commented on YARN-948: Thanks [~sandyr] ..made that change...Updating the patch. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch, > YARN-948-20130729.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13722939#comment-13722939 ] Hadoop QA commented on YARN-948: {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12594776/YARN-948-20130729.1.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 2 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager: org.apache.hadoop.yarn.server.resourcemanager.TestAMAuthorization {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-YARN-Build/1605//testReport/ Console output: https://builds.apache.org/job/PreCommit-YARN-Build/1605//console This message is automatically generated. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch, > YARN-948-20130729.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13723179#comment-13723179 ] Hadoop QA commented on YARN-948: {color:green}+1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12594776/YARN-948-20130729.1.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 2 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager. {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-YARN-Build/1612//testReport/ Console output: https://builds.apache.org/job/PreCommit-YARN-Build/1612//console This message is automatically generated. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch, > YARN-948-20130729.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13724357#comment-13724357 ] Vinod Kumar Vavilapalli commented on YARN-948: -- +1, looks good. Checking this in. > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch, > YARN-948-20130729.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13724394#comment-13724394 ] Hudson commented on YARN-948: - SUCCESS: Integrated in Hadoop-trunk-Commit #4189 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/4189/]) YARN-948. Changed ResourceManager to validate the release container list before actually releasing them. Contributed by Omkar Vinit Joshi. (vinodkv: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1508609) * /hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/exceptions/InvalidContainerReleaseException.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ApplicationMasterService.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMServerUtils.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/SchedulerUtils.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockAM.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationmasterservice/TestApplicationMasterService.java > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Fix For: 2.1.1-beta > > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch, > YARN-948-20130729.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13725103#comment-13725103 ] Hudson commented on YARN-948: - SUCCESS: Integrated in Hadoop-Yarn-trunk #287 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/287/]) YARN-948. Changed ResourceManager to validate the release container list before actually releasing them. Contributed by Omkar Vinit Joshi. (vinodkv: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1508609) * /hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/exceptions/InvalidContainerReleaseException.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ApplicationMasterService.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMServerUtils.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/SchedulerUtils.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockAM.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationmasterservice/TestApplicationMasterService.java > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Fix For: 2.1.1-beta > > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch, > YARN-948-20130729.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13725215#comment-13725215 ] Hudson commented on YARN-948: - FAILURE: Integrated in Hadoop-Hdfs-trunk #1477 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1477/]) YARN-948. Changed ResourceManager to validate the release container list before actually releasing them. Contributed by Omkar Vinit Joshi. (vinodkv: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1508609) * /hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/exceptions/InvalidContainerReleaseException.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ApplicationMasterService.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMServerUtils.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/SchedulerUtils.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockAM.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationmasterservice/TestApplicationMasterService.java > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Fix For: 2.1.1-beta > > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch, > YARN-948-20130729.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (YARN-948) RM should validate the release container list before actually releasing them
[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13725278#comment-13725278 ] Hudson commented on YARN-948: - SUCCESS: Integrated in Hadoop-Mapreduce-trunk #1504 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1504/]) YARN-948. Changed ResourceManager to validate the release container list before actually releasing them. Contributed by Omkar Vinit Joshi. (vinodkv: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1508609) * /hadoop/common/trunk/hadoop-yarn-project/CHANGES.txt * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/exceptions/InvalidContainerReleaseException.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ApplicationMasterService.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMServerUtils.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/scheduler/SchedulerUtils.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/MockAM.java * /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/applicationmasterservice/TestApplicationMasterService.java > RM should validate the release container list before actually releasing them > > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Omkar Vinit Joshi >Assignee: Omkar Vinit Joshi > Fix For: 2.1.1-beta > > Attachments: YARN-948-20130724.patch, YARN-948-20130726.1.patch, > YARN-948-20130729.1.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List ask, List release, > List blacklistAdditions, List blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > > > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this. thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira