hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lowe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-1915) ClientToAMTokenMasterKey should be provided to AM at launch time
Date Wed, 13 Aug 2014 17:18:12 GMT

    [ https://issues.apache.org/jira/browse/YARN-1915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14095735#comment-14095735
] 

Jason Lowe commented on YARN-1915:
----------------------------------

Good question, Hitesh.  I don't know exactly why that was changed, as it was sending it either
via the env or via the credentials for the container in 0.23.  I assumed there was a reason
that wasn't OK given that it was explicitly changed to not do that, but that may be a bad
assumption.

Digging a bit, found this was changed in YARN-610.  Apparently on Windows the env isn't secure
and secrets can be gleaned from it.  The JIRA also claims the key can't go in the container
credentials, but it doesn't elaborate.  If a container's credentials also aren't secure then
it seems to me we have bigger problems than just this key.

> ClientToAMTokenMasterKey should be provided to AM at launch time
> ----------------------------------------------------------------
>
>                 Key: YARN-1915
>                 URL: https://issues.apache.org/jira/browse/YARN-1915
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>    Affects Versions: 2.2.0
>            Reporter: Hitesh Shah
>            Assignee: Jason Lowe
>            Priority: Critical
>         Attachments: YARN-1915.patch, YARN-1915v2.patch
>
>
> Currently, the AM receives the key as part of registration. This introduces a race where
a client can connect to the AM when the AM has not received the key. 
> Current Flow:
> 1) AM needs to start the client listening service in order to get host:port and send
it to the RM as part of registration
> 2) RM gets the port info in register() and transitions the app to RUNNING. Responds back
with client secret to AM.
> 3) User asks RM for client token. Gets it and pings the AM. AM hasn't received client
secret from RM and so RPC itself rejects the request.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message