Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-948

RM should validate the release container list before actually releasing them

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.1.1-beta
    • None
    • None
    • Reviewed

    Description

      At present we are blinding passing the allocate request containing containers to be released to the scheduler. This may result into one application releasing another application's container.

        @Override
        @Lock(Lock.NoLock.class)
        public Allocation allocate(ApplicationAttemptId applicationAttemptId,
            List<ResourceRequest> ask, List<ContainerId> release, 
            List<String> blacklistAdditions, List<String> blacklistRemovals) {
      
          FiCaSchedulerApp application = getApplication(applicationAttemptId);
      ....
      ....
          // Release containers
          for (ContainerId releasedContainerId : release) {
            RMContainer rmContainer = getRMContainer(releasedContainerId);
            if (rmContainer == null) {
               RMAuditLogger.logFailure(application.getUser(),
                   AuditConstants.RELEASE_CONTAINER, 
                   "Unauthorized access or invalid container", "CapacityScheduler",
                   "Trying to release container not owned by app or with invalid id",
                   application.getApplicationId(), releasedContainerId);
            }
            completedContainer(rmContainer,
                SchedulerUtils.createAbnormalContainerStatus(
                    releasedContainerId, 
                    SchedulerUtils.RELEASED_CONTAINER),
                RMContainerEventType.RELEASED);
          }
      

      Current checks are not sufficient and we should prevent this..... thoughts?

      Attachments

        1. YARN-948-20130724.patch
          8 kB
          Omkar Vinit Joshi
        2. YARN-948-20130726.1.patch
          15 kB
          Omkar Vinit Joshi
        3. YARN-948-20130729.1.patch
          15 kB
          Omkar Vinit Joshi

        Issue Links

          Activity

            People

              ojoshi Omkar Vinit Joshi
              ojoshi Omkar Vinit Joshi
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: