hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Omkar Vinit Joshi (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-694) AM uses the AMNMToken to authenticate all communication with NM. NM remembers and updates token across RM restart
Date Thu, 16 May 2013 23:35:16 GMT
Omkar Vinit Joshi created YARN-694:
--------------------------------------

             Summary: AM uses the AMNMToken to authenticate all communication with NM. NM
remembers and updates token across RM restart
                 Key: YARN-694
                 URL: https://issues.apache.org/jira/browse/YARN-694
             Project: Hadoop YARN
          Issue Type: Bug
            Reporter: Omkar Vinit Joshi
            Assignee: Omkar Vinit Joshi


AM uses the AMNMToken to authenticate all the AM-NM communication.
NM will validate AMNMToken in below manner
* If AMNMToken is using current or previous master key then the AMNMToken is valid. In this
case it will update its cache with this key corresponding to appId.
* If AMNMToken is using the master key which is present in NM's cache corresponding to AM's
appId then it will be validated based on this.
* If AMNMToken is invalid then NM will reject AM calls.
Modification for ContainerToken
* At present RPC validates AM-NM communication based on ContainerToken. It will be replaced
with AMNMToken. Also now onwards AM will use AMNMToken per NM (replacing earlier behavior
of ContainerToken per container per NM).
* startContainer in case of Secured environment is using ContainerToken from UGI YARN-617;
however after this it will use it from the payload (Container).
* ContainerToken will exist and it will only be used to validate the AM's container start
request.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message