[ https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13721366#comment-13721366 ]
Vinod Kumar Vavilapalli commented on YARN-948: ---------------------------------------------- bq. Probably not. We should have same behavior like "ask". thoughts? Ask can definitely be not per resource-request as there are implicit dependencies between host and rack requests. For blacklist and release, there are no dependencies, so handling them individually is fine. But I'm okay doing it like you have mainly because reporting part partial successes and failures is more API changes. *sigh* bq. Other validate calls are present in SchedulerUtils. Let me know if I should move all or this? Yeah, let's move'em if they aren't really tied to any scheduler. bq. Yeah thought about it but but then sticked to it don't think we should have separate exception for this scenario. Let me know I will modify. It is clearly not InvalidResourceRequest, so let's create a new one and add documentation too. > RM should validate the release container list before actually releasing them > ---------------------------------------------------------------------------- > > Key: YARN-948 > URL: https://issues.apache.org/jira/browse/YARN-948 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Omkar Vinit Joshi > Assignee: Omkar Vinit Joshi > Attachments: YARN-948-20130724.patch > > > At present we are blinding passing the allocate request containing containers > to be released to the scheduler. This may result into one application > releasing another application's container. > {code} > @Override > @Lock(Lock.NoLock.class) > public Allocation allocate(ApplicationAttemptId applicationAttemptId, > List<ResourceRequest> ask, List<ContainerId> release, > List<String> blacklistAdditions, List<String> blacklistRemovals) { > FiCaSchedulerApp application = getApplication(applicationAttemptId); > .... > .... > // Release containers > for (ContainerId releasedContainerId : release) { > RMContainer rmContainer = getRMContainer(releasedContainerId); > if (rmContainer == null) { > RMAuditLogger.logFailure(application.getUser(), > AuditConstants.RELEASE_CONTAINER, > "Unauthorized access or invalid container", "CapacityScheduler", > "Trying to release container not owned by app or with invalid > id", > application.getApplicationId(), releasedContainerId); > } > completedContainer(rmContainer, > SchedulerUtils.createAbnormalContainerStatus( > releasedContainerId, > SchedulerUtils.RELEASED_CONTAINER), > RMContainerEventType.RELEASED); > } > {code} > Current checks are not sufficient and we should prevent this..... thoughts? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira