[YARN-3522] DistributedShell uses the wrong user to put timeline data - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.8.0, 2.7.1, 3.0.0-alpha1
Component/s: timelineserver
Labels:
None

Target Version/s:

2.7.1
Hadoop Flags:

Reviewed

Description

~~YARN-3287~~ breaks the timeline access control of distributed shell. In distributed shell AM:

    if (conf.getBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED,
      YarnConfiguration.DEFAULT_TIMELINE_SERVICE_ENABLED)) {
      // Creating the Timeline Client
      timelineClient = TimelineClient.createTimelineClient();
      timelineClient.init(conf);
      timelineClient.start();
    } else {
      timelineClient = null;
      LOG.warn("Timeline service is not enabled");
    }

      ugi.doAs(new PrivilegedExceptionAction<TimelinePutResponse>() {
        @Override
        public TimelinePutResponse run() throws Exception {
          return timelineClient.putEntities(entity);
        }
      });

~~YARN-3287~~ changes the timeline client to get the right ugi at serviceInit, but DS AM still doesn't use submitter ugi to init timeline client, but use the ugi for each put entity call. It result in the wrong user of the put request.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-3522.1.patch
22/Apr/15 17:37
11 kB
Zhijie Shen
YARN-3522.2.patch
22/Apr/15 17:48
11 kB
Zhijie Shen
YARN-3522.3.patch
22/Apr/15 20:18
13 kB
Zhijie Shen

Issue Links

is broken by

YARN-3287 TimelineClient kerberos authentication failure uses wrong login context.

Closed

Activity

People

Assignee:: Zhijie Shen

Reporter:: Zhijie Shen

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 21/Apr/15 22:22

Updated:: 05/Jan/17 22:47

Resolved:: 23/Apr/15 18:08