Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-3522

DistributedShell uses the wrong user to put timeline data

    Details

    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      YARN-3287 breaks the timeline access control of distributed shell. In distributed shell AM:

          if (conf.getBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED,
            YarnConfiguration.DEFAULT_TIMELINE_SERVICE_ENABLED)) {
            // Creating the Timeline Client
            timelineClient = TimelineClient.createTimelineClient();
            timelineClient.init(conf);
            timelineClient.start();
          } else {
            timelineClient = null;
            LOG.warn("Timeline service is not enabled");
          }
      
            ugi.doAs(new PrivilegedExceptionAction<TimelinePutResponse>() {
              @Override
              public TimelinePutResponse run() throws Exception {
                return timelineClient.putEntities(entity);
              }
            });
      

      YARN-3287 changes the timeline client to get the right ugi at serviceInit, but DS AM still doesn't use submitter ugi to init timeline client, but use the ugi for each put entity call. It result in the wrong user of the put request.

        Attachments

        1. YARN-3522.1.patch
          11 kB
          Zhijie Shen
        2. YARN-3522.2.patch
          11 kB
          Zhijie Shen
        3. YARN-3522.3.patch
          13 kB
          Zhijie Shen

          Issue Links

            Activity

              People

              • Assignee:
                zjshen Zhijie Shen
                Reporter:
                zjshen Zhijie Shen
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: