hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinod Kumar Vavilapalli (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-2049) Delegation token stuff for the timeline sever
Date Thu, 22 May 2014 20:49:03 GMT

    [ https://issues.apache.org/jira/browse/YARN-2049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14006453#comment-14006453
] 

Vinod Kumar Vavilapalli commented on YARN-2049:
-----------------------------------------------

Thanks for working on this, Zhijie!

Some comments on the patch

TimelineKerberosAuthenticator
 - Not clear what TimelineDelegationTokenResponse validateAndParseResponse() is doing with
class loading, construction etc. Can you explain and may be also add code comments?

TimelineAuthenticationFilter
 - Explain what getConfiguration() overrides and add a code comment?

TimelineKerberosAuthenticationHandler
 - This borrows a lot of code from HttpFSKerberosAuthenticationHandler.java. We should refactor
either here or in a separate JIRA.

Nits
 - TestDistributedShell change is unnecessary
 - TimelineDelegationTokenSelector: Wrap the debug logging in debugEnabled checks.
 - ApplicationHistoryServer.java
    -- Forced config setting of the filter: What happens if  the cluster has another authentication
filter? Is the guideline to override it (which is what the patch is doing)?

h4. Source code refactor

TimelineKerberosAuthenticationHandler
 - Rename to TimelineClientAuthenticationService?

TimelineKerberosAuthenticator
 - It seems like TimelineKerberosAuthenticator is completely client side code and so should
be moved to the client module
 - To do that we will extract some of the constants and the DelegationTokenOperation enum
as top level entities into the common module.

TimelineAuthenticationFilterInitializer
 - This is almost the same as the common AuthenticationFilterInitializer.java. Let's just
refactor AuthenticationFilterInitializer.java and extend it to only change class names. Similarly
to how TimelineAuthenticationFilter extends AuthenticationFilter.

TimelineDelegationTokenSecretManagerService:
 - We are sharing the configs for update/renewal etc with the ResourceManager. That seems
fine for now - logically you want both the tokens to follow similar expiry and life-cycle
 - This also shares a bunch of code with org/apache/hadoop/lib/service/security/DelegationTokenManagerService.
We may or may not want to reuse some code - just throwing it out.

> Delegation token stuff for the timeline sever
> ---------------------------------------------
>
>                 Key: YARN-2049
>                 URL: https://issues.apache.org/jira/browse/YARN-2049
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2049.1.patch, YARN-2049.2.patch, YARN-2049.3.patch, YARN-2049.4.patch,
YARN-2049.5.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message