[jira] [Commented] (YARN-7363) ContainerLocalizer don't have a valid log4j config in case of Linux container executor

[Miklos Szegedi (JIRA)]

    [ 
https://issues.apache.org/jira/browse/YARN-7363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16261650#comment-16261650
 ] 

Miklos Szegedi commented on YARN-7363:
--------------------------------------

Thank you, [~yufeigu] for the patch.
{code}
488         // create the log dir
{code}
Optional. I think this one is not necessary.
{code}
286         // replace the "<LOG_DIR>" with the real container log directory
{code}
Optional. This one would normally go to a javadoc before the function header.
{code}
289         Path containerLogPath = new Path("/tmp");
{code}
Instead of putting the logs into the temp path, which may be insecure, I would 
rather not log, if the configured log path is not accessible. Even if you fall 
back to /tmp, it would be better to include this fact in the error message of 
the exception path.
{code}
296         for (String item : command) {
297           newCmds.add(ContainerLaunch.expandEnvironment(item, 
containerLogPath));
298         }
{code}
I think replaceWithContainerLogDir should do what it says to do and it should 
not expand the environment variables of other parameters. It might happen that 
the environment required is added after this function.
{code}
415         addLog4jSystemProperties("INFO", command);
{code}
It would probably be useful to make this configurable instead of hardcoding.


> ContainerLocalizer don't have a valid log4j config in case of Linux container 
> executor
> --------------------------------------------------------------------------------------
>
>                 Key: YARN-7363
>                 URL: https://issues.apache.org/jira/browse/YARN-7363
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 3.1.0
>            Reporter: Yufei Gu
>            Assignee: Yufei Gu
>         Attachments: YARN-7363.001.patch, YARN-7363.002.patch
>
>
> In case of Linux container executor, ContainerLocalizer run as a separated 
> process. It doesn't access a valid log4j.properties when the application user 
> is not in the "hadoop" group. The log4j.properties of node manager is in its 
> classpath, but it isn't readable by users not in hadoop group due to the 
> security concern. In that case, ContainerLocalizer doesn't have a valid log4j 
> configuration, and normally no log output.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org