hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Omkar Vinit Joshi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-694) Start using NMTokens to authenticate all communication with NM
Date Tue, 18 Jun 2013 10:21:23 GMT

    [ https://issues.apache.org/jira/browse/YARN-694?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13686549#comment-13686549

Omkar Vinit Joshi commented on YARN-694:

Fixing about comments.
bq. TestNodeManagerReboot: Why is the verify delete code removed?
removed as it is not working on my local machine.
> Start using NMTokens to authenticate all communication with NM
> --------------------------------------------------------------
>                 Key: YARN-694
>                 URL: https://issues.apache.org/jira/browse/YARN-694
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Omkar Vinit Joshi
>            Assignee: Omkar Vinit Joshi
>         Attachments: YARN-694-20130613.patch, YARN-694-20130617.1.patch, YARN-694-20130617.2.patch,
> AM uses the NMToken to authenticate all the AM-NM communication.
> NM will validate NMToken in below manner
> * If NMToken is using current or previous master key then the NMToken is valid. In this
case it will update its cache with this key corresponding to appId.
> * If NMToken is using the master key which is present in NM's cache corresponding to
AM's appId then it will be validated based on this.
> * If NMToken is invalid then NM will reject AM calls.
> Modification for ContainerToken
> * At present RPC validates AM-NM communication based on ContainerToken. It will be replaced
with NMToken. Also now onwards AM will use NMToken per NM (replacing earlier behavior of ContainerToken
per container per NM).
> * startContainer in case of Secured environment is using ContainerToken from UGI YARN-617;
however after this it will use it from the payload (Container).
> * ContainerToken will exist and it will only be used to validate the AM's container start

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message