You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Vinod Kumar Vavilapalli (JIRA)" <ji...@apache.org> on 2012/08/30 03:59:07 UTC

[jira] [Created] (YARN-62) AM should not be able to abuse container tokens for repetitive container launches

Vinod Kumar Vavilapalli created YARN-62:
-------------------------------------------

             Summary: AM should not be able to abuse container tokens for repetitive container launches
                 Key: YARN-62
                 URL: https://issues.apache.org/jira/browse/YARN-62
             Project: Hadoop YARN
          Issue Type: Sub-task
    Affects Versions: 2.1.0-alpha, 0.23.3
            Reporter: Vinod Kumar Vavilapalli


Clone of YARN-51.

ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, for a duration of 1d+10mins, we need to fix this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Assigned] (YARN-62) AM should not be able to abuse container tokens for repetitive container launches

Posted by "Vinod Kumar Vavilapalli (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/YARN-62?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vinod Kumar Vavilapalli reassigned YARN-62:
-------------------------------------------

    Assignee: Vinod Kumar Vavilapalli

For legally generated containers, such requests are possible only for a period of container-expiry interval (10 mins by default). Assuming synced clocks between NM and AM, NM only needs to remember container-ids of containers that came in during the last 10 mins.

If container-ids don't match the sent token, RPC layer itself will reject the request.

Thoughts?
                
> AM should not be able to abuse container tokens for repetitive container launches
> ---------------------------------------------------------------------------------
>
>                 Key: YARN-62
>                 URL: https://issues.apache.org/jira/browse/YARN-62
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>    Affects Versions: 2.1.0-alpha, 0.23.3
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>
> Clone of YARN-51.
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, for a duration of 1d+10mins, we need to fix this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira