[ https://issues.apache.org/jira/browse/YARN-1915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Lowe updated YARN-1915: ----------------------------- Attachment: YARN-1915v3.patch Refreshed patch to latest trunk. [~vinodkv] could you comment? I fully agree with Hitesh that the current patch is a stop-gap at best. However there's some confusion as to how the client token master key should be sent to the RM (e.g.: via container credentials, via the current method, etc.). The original env variable approach apparently is problematic on Windows per YARN-610. If we won't have time to develop the best fix for 2.6 then I'd like to see something like this patch put in to improve things in the interim. > ClientToAMTokenMasterKey should be provided to AM at launch time > ---------------------------------------------------------------- > > Key: YARN-1915 > URL: https://issues.apache.org/jira/browse/YARN-1915 > Project: Hadoop YARN > Issue Type: Sub-task > Affects Versions: 2.2.0 > Reporter: Hitesh Shah > Assignee: Jason Lowe > Priority: Critical > Attachments: YARN-1915.patch, YARN-1915v2.patch, YARN-1915v3.patch > > > Currently, the AM receives the key as part of registration. This introduces a > race where a client can connect to the AM when the AM has not received the > key. > Current Flow: > 1) AM needs to start the client listening service in order to get host:port > and send it to the RM as part of registration > 2) RM gets the port info in register() and transitions the app to RUNNING. > Responds back with client secret to AM. > 3) User asks RM for client token. Gets it and pings the AM. AM hasn't > received client secret from RM and so RPC itself rejects the request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)