You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Vinod Kumar Vavilapalli (JIRA)" <ji...@apache.org> on 2016/03/18 09:06:33 UTC
[jira] [Commented] (YARN-4576) Enhancement for tracking Blacklist
in AM Launching
[ https://issues.apache.org/jira/browse/YARN-4576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15201139#comment-15201139 ]
Vinod Kumar Vavilapalli commented on YARN-4576:
-----------------------------------------------
Please read my comments on YARN-4837, this whole "AM blacklisting" feature is unnecessarily blown way out of proportion - we just don't need this amount of complexity. Adding more functionality like global lists (YARN-4635), per-user lists (YARN-4790), pluggable blacklisting ((!)) (YARN-4636) etc will makes things far worse.
Containers are marked DISKS_FAILED only if all the disks have become bad, in which case the node itself becomes unhealthy. So there is no need for blacklisting per app at all !!
If an AM is killed due to memory over-flow, blacklisting the node will not help at all!
Overall, like I commented on [the JIRA YARN-4790|https://issues.apache.org/jira/browse/YARN-4790?focusedCommentId=15191217&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15191217], what we need is to not penalize applications for system related issues. When YARN finds a node with configuration / permission issues, it should itself take an action to (a) avoid scheduling on that node, (b) alert administrators etc. Implementing heuristics for app / user level blacklisting to work-around platform problems should be a last-ditch effort. We did that in Hadoop 1 MapReduce as we didn't have clear demarcation between app vs system failures. But that isn't the case with YARN - part of the reason why we never implemented heuristics based per-app blacklisting in YARN - we left that completely up to applications.
> Enhancement for tracking Blacklist in AM Launching
> --------------------------------------------------
>
> Key: YARN-4576
> URL: https://issues.apache.org/jira/browse/YARN-4576
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: resourcemanager
> Reporter: Junping Du
> Assignee: Junping Du
> Priority: Critical
> Attachments: EnhancementAMLaunchingBlacklist.pdf
>
>
> Before YARN-2005, YARN blacklist mechanism is to track the bad nodes by AM: If AM tried to launch containers on a specific node get failed for several times, AM will blacklist this node in future resource asking. This mechanism works fine for normal containers. However, from our observation on behaviors of several clusters: if this problematic node launch AM failed, then RM could pickup this problematic node to launch next AM attempts again and again that cause application failure in case other functional nodes are busy. In normal case, the customized healthy checker script cannot be so sensitive to mark node as unhealthy when one or two containers get launched failed.
> After YARN-2005, we can have a BlacklistManager in each RMapp, so those nodes who launching AM attempts failed for specific application before will get blacklisted. To get rid of potential risks that all nodes being blacklisted by BlacklistManager, a disable-failure-threshold is involved to stop adding more nodes into blacklist if hit certain ratio already.
> There are already some enhancements for this AM blacklist mechanism: YARN-4284 is to address the more wider case for AM container get launched failure and YARN-4389 tries to make configuration settings available for change by App to meet app specific requirement. However, there are still several gaps to address more scenarios:
> 1. We may need a global blacklist instead of each app maintain a separated one. The reason is: AM could get more chance to fail if other AM get failed before. A quick example is: in a busy cluster, all nodes are busy except two problematic nodes: node a and node b, app1 already submit and get failed in two AM attempts on a and b. app2 and other apps should wait for other busy nodes rather than waste attempts on these two problematic nodes.
> 2. If AM container failure is recognized as global event instead app own issue, we should consider the blacklist is not a permanent thing but with a specific time window.
> 3. We could have user defined black list polices to address more possible cases and scenarios, so it reasonable to make blacklist policy pluggable.
> 4. For some test scenario, we could have whitelist mechanism for AM launching.
> 5. Some minor issues: it sounds like NM reconnect won't refresh blacklist so far.
> Will try to address all issues here.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)