[
https://issues.apache.org/jira/browse/YARN-1915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jason Lowe updated YARN-1915:
-----------------------------
Attachment: YARN-1915v3.patch
Refreshed patch to latest trunk.
[~vinodkv] could you comment? I fully agree with Hitesh that the current patch
is a stop-gap at best. However there's some confusion as to how the client
token master key should be sent to the RM (e.g.: via container credentials, via
the current method, etc.). The original env variable approach apparently is
problematic on Windows per YARN-610.
If we won't have time to develop the best fix for 2.6 then I'd like to see
something like this patch put in to improve things in the interim.
> ClientToAMTokenMasterKey should be provided to AM at launch time
> ----------------------------------------------------------------
>
> Key: YARN-1915
> URL: https://issues.apache.org/jira/browse/YARN-1915
> Project: Hadoop YARN
> Issue Type: Sub-task
> Affects Versions: 2.2.0
> Reporter: Hitesh Shah
> Assignee: Jason Lowe
> Priority: Critical
> Attachments: YARN-1915.patch, YARN-1915v2.patch, YARN-1915v3.patch
>
>
> Currently, the AM receives the key as part of registration. This introduces a
> race where a client can connect to the AM when the AM has not received the
> key.
> Current Flow:
> 1) AM needs to start the client listening service in order to get host:port
> and send it to the RM as part of registration
> 2) RM gets the port info in register() and transitions the app to RUNNING.
> Responds back with client secret to AM.
> 3) User asks RM for client token. Gets it and pings the AM. AM hasn't
> received client secret from RM and so RPC itself rejects the request.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
