Home Forums YARN Kill malicious application master

This topic contains 2 replies, has 2 voices, and was last updated by  Feng Meng 8 months, 1 week ago.

  • Creator
    Topic
  • #48336

    Feng Meng
    Participant

    It is possible that some malicious application master requires way more resource than cluster can offer. Based my observation, it will starve the whole cluster since the malicious application reserves all resource but still waiting for more. It seems YARN eventually times out that app master. There is property yarn.am.liveness-monitor.expiry-interval-ms seems to be relevant, but I don’t want legitimateā€Ž long running am times out prematurely.

    Similarly, I can submit thousands of application at same time to Yarn cluster and each will launch an AM, which could produce deadlock situation.

    What’s the best way to handle this type of malicious application?

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

  • Author
    Replies
  • #49072

    Feng Meng
    Participant

    Thanks for your reply. Do we have similar setting for fair scheduler? We cannot use capacity scheduler since it does not have preemption support.

    Collapse
    #48629

    Hi,

    Yes this can happen.

    To avoid such situations, Capacity Scheduler in YARN has two configurations: (1) yarn.scheduler.capacity.maximum-applications which limits the maximum number of applications that can be pending and running in the cluster and (2) yarn.scheduler.capacity.maximum-am-resource-percent which determines the maximum percent of resources in the cluster which can be used to run application masters; it thus controls number of concurrent running applications in the cluster at any point of time.

    The later is set to 0.1 by default which means that not more than 10% of cluster resources are used for running ApplicationMasters.

    Collapse
Viewing 2 replies - 1 through 2 (of 2 total)