Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 2.7.0, 2.6.2
-
Fix Version/s: 2.8.0, 2.7.2, 2.6.4, 3.0.0-alpha1
-
Component/s: resourcemanager
-
Labels:
-
Target Version/s:
-
Hadoop Flags:Reviewed
Description
We register the ClientTokenMasterKey to avoid client may hold an invalid ClientToken after RM restarts. In SIMPLE mode, we register Pair<ApplicationAttemptId, null> , But we never remove it from HashMap, as unregister only runing while in Security mode, so memory leak coming.
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Hi mujunchao, thanks for reporting and working on this issue.
It is a nice catch. I see why this is a critical issue. For non-secure cluster, the more completed jobs, the more entries with null value will be left in ClientToAMTokenSecretManagerInRM#masterKeys. You patch makes sense to me, since we only call unRegisterApplication in secure mode, we should also call registerApplication in secure mode to match unRegisterApplication.
Could you add a test case in your patch? You can do something similar as TestRMAppAttemptTransitions#testGetClientToken for non-secure mode.
Nice Catch!!
Thanks for your reviewing, I will give the test case.
Ok, got, thanks Devaraj for reviewing.
thanks for the updated patch mujunchao!
The patch looks most good to me, some nits:
- Add @VisibleForTesting before function hasMasterKey to mark this function used for test only. So you can remove the comment // Only for test
- It looks like the code in testNoSecureNoRegistClientToken are similar as testRegistClientTokenInSecure. Can we merge testNoSecureNoRegistClientToken with testRegistClientTokenInSecure to one test? We can rename the test as testApplicationAttemptMasterKey. You can check isMasterKeyExisted based on isSecurityEnabled. You can change your comments can not get ClientToken/can get ClientToken to can not get MasterKey/can get MasterKey
update test case, thanks for xuzhihai's reviewing.
thanks for your reviewing, have updated the test case, thanks!
thanks for your reviewing, have updated the test case, thanks!
thanks for updating the patch quickly.
The new patch looks good in general. It'd be nice to address a few small nits, mostly regarding the comment and style.
- Change // this is to test master key is saved in the state store to // this is to test master key is saved in the secret manager
- Remove comment //assumeTrue(!isSecurityEnabled);
- Change if(isSecurityEnabled) to if (isSecurityEnabled)
- Could you fix the indentation? It should be indented by 2(new paragraph) or 4 bytes.
+1 non-binding once these are addressed. Thanks again for working on this.
Thanks mujunchao for updated patch with test.
Please take care of these comments also along with the zhihai xu comments fix.
1.I don't think adding this new method is required. Can we just use the ClientToAMTokenSecretManagerInRM#getMasterKey() to know whether the master key present or not?
+
+ @VisibleForTesting
+ public synchronized boolean hasMasterKey(
+ ApplicationAttemptId applicationAttemptID) {
+ return this.masterKeys.containsKey(applicationAttemptID);
+ }
2. I see there are some format issues in the patch w.r.t braces and indentation with spaces. Please go through the 'Making Changes' section in https://wiki.apache.org/hadoop/HowToContribute and configure your IDE according. It will be one time job and you don't have to worry next time for creating patches.
+ if(isSecurityEnabled)
+ {
+ }
+ else
+ {
4. Remove unused imports in RMAppAttemptImpl.java.
 -1 overall |
| Vote | Subsystem | Runtime | Comment |
|---|---|---|---|
| 0 | pre-patch | 16m 9s | Pre-patch trunk compilation is healthy. |
| +1 | @author | 0m 0s | The patch does not contain any @author tags. |
| +1 | tests included | 0m 0s | The patch appears to include 1 new or modified test files. |
| +1 | javac | 7m 41s | There were no new javac warning messages. |
| +1 | javadoc | 9m 38s | There were no new javadoc warning messages. |
| +1 | release audit | 0m 23s | The applied patch does not increase the total number of release audit warnings. |
| -1 | checkstyle | 0m 48s | The applied patch generated 7 new checkstyle issues (total was 125, now 129). |
| -1 | whitespace | 0m 0s | The patch has 6 line(s) that end in whitespace. Use git apply --whitespace=fix. |
| +1 | install | 1m 21s | mvn install still works. |
| +1 | eclipse:eclipse | 0m 34s | The patch built with eclipse:eclipse. |
| +1 | findbugs | 1m 25s | The patch does not introduce any new Findbugs (version 3.0.0) warnings. |
| -1 | yarn tests | 51m 1s | Tests failed in hadoop-yarn-server-resourcemanager. |
| 89m 3s |
| Reason | Tests |
|---|---|
| Failed unit tests | hadoop.yarn.server.resourcemanager.applicationsmanager.TestAMRMRPCNodeUpdates |
| hadoop.yarn.server.resourcemanager.TestResourceTrackerService | |
| hadoop.yarn.server.resourcemanager.rmapp.TestRMAppTransitions |
| Subsystem | Report/Notes |
|---|---|
| Patch URL | http://issues.apache.org/jira/secure/attachment/12744651/YARN-3857-2.patch |
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / d66302e |
| checkstyle | https://builds.apache.org/job/PreCommit-YARN-Build/8492/artifact/patchprocess/diffcheckstylehadoop-yarn-server-resourcemanager.txt |
| whitespace | https://builds.apache.org/job/PreCommit-YARN-Build/8492/artifact/patchprocess/whitespace.txt |
| hadoop-yarn-server-resourcemanager test log | https://builds.apache.org/job/PreCommit-YARN-Build/8492/artifact/patchprocess/testrun_hadoop-yarn-server-resourcemanager.txt |
| Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/8492/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf902.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output | https://builds.apache.org/job/PreCommit-YARN-Build/8492/console |
This message was automatically generated.
Cancelling patch to address the above comments.
fix the comments and format the code.
thanks for your reviewing, have fixed the comments and the indentation.
Thanks Devar for reviewing,
1. I think ClientToAMTokenSecretManagerInRM#hasMasterKey() is necessary, in this case the value is null, so i new function to recognize it.
2. have fixed.
3. As i use annotation @VisibleForTesting,in my ide, need to import com.google.common.annotations.VisibleForTesting.
| -1 overall |
| Vote | Subsystem | Runtime | Comment |
|---|---|---|---|
| 0 | pre-patch | 16m 24s | Pre-patch trunk compilation is healthy. |
| +1 | @author | 0m 0s | The patch does not contain any @author tags. |
| +1 | tests included | 0m 0s | The patch appears to include 1 new or modified test files. |
| +1 | javac | 7m 52s | There were no new javac warning messages. |
| +1 | javadoc | 9m 54s | There were no new javadoc warning messages. |
| +1 | release audit | 0m 24s | The applied patch does not increase the total number of release audit warnings. |
| +1 | checkstyle | 0m 50s | There were no new checkstyle issues. |
| -1 | whitespace | 0m 0s | The patch has 5 line(s) that end in whitespace. Use git apply --whitespace=fix. |
| +1 | install | 1m 23s | mvn install still works. |
| +1 | eclipse:eclipse | 0m 34s | The patch built with eclipse:eclipse. |
| +1 | findbugs | 1m 28s | The patch does not introduce any new Findbugs (version 3.0.0) warnings. |
| +1 | yarn tests | 53m 37s | Tests passed in hadoop-yarn-server-resourcemanager. |
| 92m 29s |
| Subsystem | Report/Notes |
|---|---|
| Patch URL | http://issues.apache.org/jira/secure/attachment/12747980/YARN-3857-3.patch |
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / 90b5104 |
| whitespace | https://builds.apache.org/job/PreCommit-YARN-Build/8751/artifact/patchprocess/whitespace.txt |
| hadoop-yarn-server-resourcemanager test log | https://builds.apache.org/job/PreCommit-YARN-Build/8751/artifact/patchprocess/testrun_hadoop-yarn-server-resourcemanager.txt |
| Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/8751/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf905.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output | https://builds.apache.org/job/PreCommit-YARN-Build/8751/console |
This message was automatically generated.
remove the whitespace.
remove the whitespace.
 +1 overall |
| Vote | Subsystem | Runtime | Comment |
|---|---|---|---|
| 0 | pre-patch | 16m 8s | Pre-patch trunk compilation is healthy. |
| +1 | @author | 0m 0s | The patch does not contain any @author tags. |
| +1 | tests included | 0m 0s | The patch appears to include 1 new or modified test files. |
| +1 | javac | 7m 41s | There were no new javac warning messages. |
| +1 | javadoc | 9m 38s | There were no new javadoc warning messages. |
| +1 | release audit | 0m 22s | The applied patch does not increase the total number of release audit warnings. |
| +1 | checkstyle | 0m 47s | There were no new checkstyle issues. |
| +1 | whitespace | 0m 0s | The patch has no lines that end in whitespace. |
| +1 | install | 1m 23s | mvn install still works. |
| +1 | eclipse:eclipse | 0m 35s | The patch built with eclipse:eclipse. |
| +1 | findbugs | 1m 27s | The patch does not introduce any new Findbugs (version 3.0.0) warnings. |
| +1 | yarn tests | 52m 42s | Tests passed in hadoop-yarn-server-resourcemanager. |
| 90m 47s |
| Subsystem | Report/Notes |
|---|---|
| Patch URL | http://issues.apache.org/jira/secure/attachment/12748411/YARN-3857-4.patch |
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / 90b5104 |
| hadoop-yarn-server-resourcemanager test log | https://builds.apache.org/job/PreCommit-YARN-Build/8752/artifact/patchprocess/testrun_hadoop-yarn-server-resourcemanager.txt |
| Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/8752/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf906.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output | https://builds.apache.org/job/PreCommit-YARN-Build/8752/console |
This message was automatically generated.
+1 for the latest patch, If no objection, I will commit it tomorrow.
FAILURE: Integrated in Hadoop-trunk-Commit #8317 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8317/)
YARN-3857: Memory leak in ResourceManager with SIMPLE mode. Contributed by mujunchao. (zxu: rev 3a76a010b85176f2bcb85ed6f74c25dcb8acfe4d)
- hadoop-yarn-project/CHANGES.txt
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java
Thanks to mujunchao for the contribution and to Devaraj for additional review! I committed this to trunk, branch-2 and branch-2.7.
FAILURE: Integrated in Hadoop-Yarn-trunk #1022 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/1022/)
YARN-3857: Memory leak in ResourceManager with SIMPLE mode. Contributed by mujunchao. (zxu: rev 3a76a010b85176f2bcb85ed6f74c25dcb8acfe4d)
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java
- hadoop-yarn-project/CHANGES.txt
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java
FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #292 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/292/)
YARN-3857: Memory leak in ResourceManager with SIMPLE mode. Contributed by mujunchao. (zxu: rev 3a76a010b85176f2bcb85ed6f74c25dcb8acfe4d)
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java
- hadoop-yarn-project/CHANGES.txt
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java
FAILURE: Integrated in Hadoop-Hdfs-trunk #2219 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2219/)
YARN-3857: Memory leak in ResourceManager with SIMPLE mode. Contributed by mujunchao. (zxu: rev 3a76a010b85176f2bcb85ed6f74c25dcb8acfe4d)
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java
- hadoop-yarn-project/CHANGES.txt
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java
FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #281 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/281/)
YARN-3857: Memory leak in ResourceManager with SIMPLE mode. Contributed by mujunchao. (zxu: rev 3a76a010b85176f2bcb85ed6f74c25dcb8acfe4d)
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java
- hadoop-yarn-project/CHANGES.txt
FAILURE: Integrated in Hadoop-Mapreduce-trunk #2238 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2238/)
YARN-3857: Memory leak in ResourceManager with SIMPLE mode. Contributed by mujunchao. (zxu: rev 3a76a010b85176f2bcb85ed6f74c25dcb8acfe4d)
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java
- hadoop-yarn-project/CHANGES.txt
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java
FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #289 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/289/)
YARN-3857: Memory leak in ResourceManager with SIMPLE mode. Contributed by mujunchao. (zxu: rev 3a76a010b85176f2bcb85ed6f74c25dcb8acfe4d)
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/TestRMAppAttemptTransitions.java
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/rmapp/attempt/RMAppAttemptImpl.java
- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/ClientToAMTokenSecretManagerInRM.java
- hadoop-yarn-project/CHANGES.txt
Does this issue exist in 2.6.x? Should this be backported to branch-2.6?
Yes, this issue exists in 2.6.x, I just committed this patch to branch-2.6.
FAILURE: Integrated in Hadoop-trunk-Commit #8969 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8969/)
Update CHANGES.txt to add YARN-3857 and YARN-3535 to branch-2.6 (zxu: rev 0c3a53e5a978140e56b9ebbc82c8d04fc978e640)
- hadoop-yarn-project/CHANGES.txt
SUCCESS: Integrated in Hadoop-Hdfs-trunk-Java8 #694 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/694/)
Update CHANGES.txt to add YARN-3857 and YARN-3535 to branch-2.6 (zxu: rev 0c3a53e5a978140e56b9ebbc82c8d04fc978e640)
- hadoop-yarn-project/CHANGES.txt
never register org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM.masterKeys while SecretKey is null.