[jira] [Commented] (YARN-617) In unsercure mode, AM can fake resource requirements

Tue, 07 May 2013 11:03:18 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13651122#comment-13651122
 ] 

Omkar Vinit Joshi commented on YARN-617:
----------------------------------------

Thanks vinod..

bq. "Creating ContainerTokenSecretManager" log can be removed, not useful.
Fixed.

bq. The log message in setMasterKey is useful, it marks when there is a 
roll-over. Let's retain it at INFO.
Fixed.
Also Fixed startContainerSuccessful

bq. The "Security is Enabled." log message is useless as you already have on in 
NodeManager.java
bq. Similarly the log message "updating secret keys now" is useless as 
NMContainerTokenSecretManager.setMasterKey already does that.

Fixed.

bq. The exception in selectContainerTokenIdentifier should bubble up as a 
remote-exception.
Wrapping exception into YarnRemoteException

bq. Surprised other schedulers don't need any changes, can you cross-check?
Yes fixed other schedulers.


bq. We'll need to run TestContainerManagerSecurity with and without Security on
Now we are running test (which includes starting MiniYarnCluster twice) for 
secured and unsecured case.

bq. I searched for "UserGroupInformation.isSecurityEnabled()" in all of yarn 
project, and I found that there are other places that needs fixes like 
NodeManager's ApplicationImpl.java. And once you find them, try to write tests, 
clearly the current tests didn't catch those bugs.

Added test for ApplicationImpl....TestApplication. Also added one containerKey 
method in applicationImpl to be used only for testing marking it @Private and 
@VisibleForTesting. 

                
> In unsercure mode, AM can fake resource requirements 
> -----------------------------------------------------
>
>                 Key: YARN-617
>                 URL: https://issues.apache.org/jira/browse/YARN-617
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Omkar Vinit Joshi
>            Priority: Minor
>         Attachments: YARN-617.20130501.1.patch, YARN-617.20130501.patch, 
> YARN-617.20130502.patch
>
>
> Without security, it is impossible to completely avoid AMs faking resources. 
> We can at the least make it as difficult as possible by using the same 
> container tokens and the RM-NM shared key mechanism over unauthenticated 
> RM-NM channel.
> In the minimum, this will avoid accidental bugs in AMs in unsecure mode.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to