hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinod Kumar Vavilapalli (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-2049) Delegation token stuff for the timeline sever
Date Thu, 22 May 2014 20:49:03 GMT

    [ https://issues.apache.org/jira/browse/YARN-2049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14006453#comment-14006453

Vinod Kumar Vavilapalli commented on YARN-2049:

Thanks for working on this, Zhijie!

Some comments on the patch

 - Not clear what TimelineDelegationTokenResponse validateAndParseResponse() is doing with
class loading, construction etc. Can you explain and may be also add code comments?

 - Explain what getConfiguration() overrides and add a code comment?

 - This borrows a lot of code from HttpFSKerberosAuthenticationHandler.java. We should refactor
either here or in a separate JIRA.

 - TestDistributedShell change is unnecessary
 - TimelineDelegationTokenSelector: Wrap the debug logging in debugEnabled checks.
 - ApplicationHistoryServer.java
    -- Forced config setting of the filter: What happens if  the cluster has another authentication
filter? Is the guideline to override it (which is what the patch is doing)?

h4. Source code refactor

 - Rename to TimelineClientAuthenticationService?

 - It seems like TimelineKerberosAuthenticator is completely client side code and so should
be moved to the client module
 - To do that we will extract some of the constants and the DelegationTokenOperation enum
as top level entities into the common module.

 - This is almost the same as the common AuthenticationFilterInitializer.java. Let's just
refactor AuthenticationFilterInitializer.java and extend it to only change class names. Similarly
to how TimelineAuthenticationFilter extends AuthenticationFilter.

 - We are sharing the configs for update/renewal etc with the ResourceManager. That seems
fine for now - logically you want both the tokens to follow similar expiry and life-cycle
 - This also shares a bunch of code with org/apache/hadoop/lib/service/security/DelegationTokenManagerService.
We may or may not want to reuse some code - just throwing it out.

> Delegation token stuff for the timeline sever
> ---------------------------------------------
>                 Key: YARN-2049
>                 URL: https://issues.apache.org/jira/browse/YARN-2049
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2049.1.patch, YARN-2049.2.patch, YARN-2049.3.patch, YARN-2049.4.patch,

This message was sent by Atlassian JIRA

View raw message