KAR files should be sent along with workflow to slaves
When a master sends the workflow out to the slaves, it should also send any kar files that are needed for execution of the workflow. This comes with security risks since you are allowing arbitrary code to execute on the slave. The workflow itself is arbitrary code, especially since the workflow can use the command line actor to execute system commands. This needs to be looked into and the security policies need to be adjusted accordingly.
#2 Updated by jianwu jianwu over 9 years ago
In the new KAR specification of the coming Kepler 2.0, KAR files can not include actor classes and jars. So parsing KAR files won't enable slave execute them if the actors are not in the suite of slave.
The current assumption of master-slave execution is that all actors in DistributedCompositeActor should also in the slave sides. Usually master and slave need to be in the same suite.
Using module mechanism of Kepler 2.0, published modules could be dynamically gotten by slave. Yet it is heavy requirement that the modules have to be published.
The current decision is to postpone this bug and ask master and slave nodes have the same suite (including master-slave module) before using DistributedCompositeActor.