hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-279) Generalize RM token management
Date Fri, 21 Dec 2012 16:47:14 GMT

    [ https://issues.apache.org/jira/browse/YARN-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13538199#comment-13538199
] 

Daryn Sharp commented on YARN-279:
----------------------------------

I'd have concerns that a 6 month expiration provides a huge window of vulnerability for stolen
tokens.  Initial expiration is a tangent issue from how to ensure renewer code is available.
 However, I've actually got a patch up on YARN-280 for job submission to fail if submitted
tokens are invalid.

Another problem with 6 expiration is that token issuers often hold tokens in memory, plus
token requesters often do a poor job (as in never) of canceling tokens.  That would cause
some serious memory bloat...
                
> Generalize RM token management
> ------------------------------
>
>                 Key: YARN-279
>                 URL: https://issues.apache.org/jira/browse/YARN-279
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: resourcemanager
>    Affects Versions: 3.0.0, 2.0.0-alpha, 0.23.5
>            Reporter: Daryn Sharp
>
> Token renewal/cancelation in the RM presents challenges to support arbitrary tokens.
 The RM's CLASSPATH is currently required to have token renewer classes and all associated
classes for the project's client.  The logistics of having installs on the RM of all hadoop
projects that submit jobs - just to support client connections to renew/cancel tokens - are
untenable.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message