[ https://issues.apache.org/jira/browse/YARN-913?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14148951#comment-14148951 ]
Steve Loughran commented on YARN-913: ------------------------------------- Distributed shell test *appears* to be YARN-2607, i.e. independent of this patch; HADOOP-10668 covers TestZKFailoverControllerStress intermittent failure. {{TestSecureRMRegistryOperations}} is a failure in the setup phase, the setup of the registry path in a {{"zookee...@example.com".doAs()}} clause is failing with permissions, as if the first test case has set up the path without write access. More diagnostics needed here, such as identity of user making the call, maybe start test with some diagnostics of the path {code} TestAnonReadAccess(org.apache.hadoop.yarn.registry.secure.TestSecureRMRegistryOperations) Time elapsed: 0.099 sec <<< ERROR! org.apache.hadoop.service.ServiceStateException: org.apache.hadoop.fs.PathAccessDeniedException: `/registry/users / [ 1, 'world,'anyone 31, 'sasl,'zookee...@example.com 31, 'sasl,'zookee...@example.com 31, 'sasl,'zookee...@example.com ]': Permission denied: KeeperErrorCode = NoAuth for /registry/users at org.apache.zookeeper.KeeperException.create(KeeperException.java:113) at org.apache.zookeeper.KeeperException.create(KeeperException.java:51) at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:783) at org.apache.curator.framework.imps.CreateBuilderImpl$11.call(CreateBuilderImpl.java:688) at org.apache.curator.framework.imps.CreateBuilderImpl$11.call(CreateBuilderImpl.java:672) at org.apache.curator.RetryLoop.callWithRetry(RetryLoop.java:107) at org.apache.curator.framework.imps.CreateBuilderImpl.pathInForeground(CreateBuilderImpl.java:668) at org.apache.curator.framework.imps.CreateBuilderImpl.protectedPathInForeground(CreateBuilderImpl.java:453) at org.apache.curator.framework.imps.CreateBuilderImpl.forPath(CreateBuilderImpl.java:443) at org.apache.curator.framework.imps.CreateBuilderImpl.forPath(CreateBuilderImpl.java:423) at org.apache.curator.framework.imps.CreateBuilderImpl.forPath(CreateBuilderImpl.java:44) at org.apache.hadoop.yarn.registry.client.services.zk.CuratorService.zkMkPath(CuratorService.java:539) at org.apache.hadoop.yarn.registry.client.services.zk.CuratorService.maybeCreate(CuratorService.java:426) at org.apache.hadoop.yarn.registry.server.services.RegistryAdminService.createRootRegistryPaths(RegistryAdminService.java:201) at org.apache.hadoop.yarn.registry.server.services.RegistryAdminService.serviceStart(RegistryAdminService.java:187) at org.apache.hadoop.service.AbstractService.start(AbstractService.java:193) at org.apache.hadoop.yarn.registry.secure.TestSecureRMRegistryOperations$1.run(TestSecureRMRegistryOperations.java:106) at org.apache.hadoop.yarn.registry.secure.TestSecureRMRegistryOperations$1.run(TestSecureRMRegistryOperations.java:98) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:396) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1640) at org.apache.hadoop.yarn.registry.secure.TestSecureRMRegistryOperations.startRMRegistryOperations(TestSecureRMRegistryOperations.java:97) at org.apache.hadoop.yarn.registry.secure.TestSecureRMRegistryOperations.testAnonReadAccess(TestSecureRMRegistryOperations.java:130) {code} > Add a way to register long-lived services in a YARN cluster > ----------------------------------------------------------- > > Key: YARN-913 > URL: https://issues.apache.org/jira/browse/YARN-913 > Project: Hadoop YARN > Issue Type: New Feature > Components: api, resourcemanager > Affects Versions: 2.5.0, 2.4.1 > Reporter: Steve Loughran > Assignee: Steve Loughran > Attachments: 2014-09-03_Proposed_YARN_Service_Registry.pdf, > 2014-09-08_YARN_Service_Registry.pdf, RegistrationServiceDetails.txt, > YARN-913-001.patch, YARN-913-002.patch, YARN-913-003.patch, > YARN-913-003.patch, YARN-913-004.patch, YARN-913-006.patch, > YARN-913-007.patch, YARN-913-008.patch, YARN-913-009.patch, > YARN-913-010.patch, yarnregistry.pdf, yarnregistry.tla > > > In a YARN cluster you can't predict where services will come up -or on what > ports. The services need to work those things out as they come up and then > publish them somewhere. > Applications need to be able to find the service instance they are to bond to > -and not any others in the cluster. > Some kind of service registry -in the RM, in ZK, could do this. If the RM > held the write access to the ZK nodes, it would be more secure than having > apps register with ZK themselves. -- This message was sent by Atlassian JIRA (v6.3.4#6332)