[
https://issues.apache.org/jira/browse/YARN-7540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16300951#comment-16300951
]
Gour Saha commented on YARN-7540:
---------------------------------
This patch breaks the most basic functionality that existed in Yarn Services
untill it was committed (and in Slider forever) -
In an unsecure cluster, a non-yarn user (say hive) uploads a tarball to HDFS
and submits a service create request (say LLAP). The service create request
fails with the below exception because it tries to create it as user yarn and
looks for the tarball under yarn's HDFS home directory as well.
{code}
17/12/21 10:04:25 ERROR client.ApiServiceClient: Artifact tarball does not
exist /user/yarn/.yarn/package/LLAP/llap-21Dec2017.tar.gz
{code}
It also breaks the functionality where different users can create services of
the same name because the namespace was separated by user dir. With this patch,
you cannot anymore, since you are always in the yarn namespace.
The patch in YARN-7605 tries to solve the problem by implementing doAs which is
the right approach. However, it is not implemented correctly and breaks the
functionality even further. With that patch the service gets submitted as user
dr.who.
This patch is a blocker for all basic Yarn Services functionality and needs to
be reverted until we can make this patch and YARN-7605 work together.
> Convert yarn app cli to call yarn api services
> ----------------------------------------------
>
> Key: YARN-7540
> URL: https://issues.apache.org/jira/browse/YARN-7540
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Eric Yang
> Assignee: Eric Yang
> Fix For: yarn-native-services
>
> Attachments: YARN-7540.001.patch, YARN-7540.002.patch,
> YARN-7540.003.patch, YARN-7540.004.patch, YARN-7540.005.patch,
> YARN-7540.006.patch
>
>
> For YARN docker application to launch through CLI, it works differently from
> launching through REST API. All application launched through REST API is
> currently stored in yarn user HDFS home directory. Application managed
> through CLI are stored into individual user's HDFS home directory. For
> consistency, we want to have yarn app cli to interact with API service to
> manage applications. For performance reason, it is easier to implement list
> all applications from one user's home directory instead of crawling all
> user's home directories. For security reason, it is safer to access only one
> user home directory instead of all users. Given the reasons above, the
> proposal is to change how {{yarn app -launch}}, {{yarn app -list}} and {{yarn
> app -destroy}} work. Instead of calling HDFS API and RM API to launch
> containers, CLI will be converted to call API service REST API resides in RM.
> RM perform the persist and operations to launch the actual application.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
