hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Maron (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-4757) [Umbrella] Simplified discovery of services via DNS mechanisms
Date Mon, 14 Mar 2016 20:11:33 GMT

    [ https://issues.apache.org/jira/browse/YARN-4757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15194047#comment-15194047
] 

Jonathan Maron commented on YARN-4757:
--------------------------------------

I'm trying to address all of these issues/concerns in the document I reference above - it'll
probably be a good way to structure the discussion.  I hope to have it posted to this JIRA
this week.  Some quick points:

- I'm trying to address security by leveraging the existing DNS security extensions (DNSSEC).
 The exposed DNS facility will have to accommodate both Java and non-Java clients, and as
such should probably not provide proprietary or non-compliant security mechanisms.  In addition,
for the DNS facility will more than likely need to interoperate with existing DNS resources
(e.g. a corporate BIND server).  DNS security is structured more around the idea of validating
the authenticity of returned information rather than authenticating identities.  In addition,
I believe the approach I'm proposing will address the authentication concerns.

- As Allen mentioned - there are existing approaches for interacting with DNS name servers.
 I have been utilizing dnsjava to prototype some approaches.

> [Umbrella] Simplified discovery of services via DNS mechanisms
> --------------------------------------------------------------
>
>                 Key: YARN-4757
>                 URL: https://issues.apache.org/jira/browse/YARN-4757
>             Project: Hadoop YARN
>          Issue Type: New Feature
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Jonathan Maron
>
> [See overview doc at YARN-4692, copying the sub-section (3.2.10.2) to track all related
efforts.]
> In addition to completing the present story of service­-registry (YARN-913), we also
need to simplify the access to the registry entries. The existing read mechanisms of the YARN
Service Registry are currently limited to a registry specific (java) API and a REST interface.
In practice, this makes it very difficult for wiring up existing clients and services. For
e.g, dynamic configuration of dependent end­points of a service is not easy to implement
using the present registry­-read mechanisms, *without* code-changes to existing services.
> A good solution to this is to expose the registry information through a more generic
and widely used discovery mechanism: DNS. Service Discovery via DNS uses the well-­known
DNS interfaces to browse the network for services. YARN-913 in fact talked about such a DNS
based mechanism but left it as a future task. (Task) Having the registry information exposed
via DNS simplifies the life of services.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message