Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 7ED05200BC2 for ; Thu, 17 Nov 2016 19:08:01 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 7D3C5160B0B; Thu, 17 Nov 2016 18:08:01 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id BBE01160B1B for ; Thu, 17 Nov 2016 19:08:00 +0100 (CET) Received: (qmail 94506 invoked by uid 500); 17 Nov 2016 18:07:59 -0000 Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list yarn-issues@hadoop.apache.org Received: (qmail 94158 invoked by uid 99); 17 Nov 2016 18:07:59 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Nov 2016 18:07:59 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 7EF8F2C4C77 for ; Thu, 17 Nov 2016 18:07:59 +0000 (UTC) Date: Thu, 17 Nov 2016 18:07:59 +0000 (UTC) From: "Joep Rottinghuis (JIRA)" To: yarn-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (YARN-3053) [Security] Review and implement security in ATS v.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 17 Nov 2016 18:08:01 -0000 [ https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15674398#comment-15674398 ] Joep Rottinghuis commented on YARN-3053: ---------------------------------------- Two questions: - are there race conditions going to be possible at the end of the application lifecycle when the am is done, we cancel the token and then asynchronous communication from containers (through NMs?) arrives? - How we do deal with AM recovery? * What if the AM crashes and has to be re-started, are we going to restart it with the same token, or cancel the token and re-generate a new one? If the answer is a new token, how do we communicate this out to containers / NMs on other hosts? * What if the entire machine where the AM and collectors run crashes (or worse network partitions), then do we treat that the same as the previous case? > [Security] Review and implement security in ATS v.2 > --------------------------------------------------- > > Key: YARN-3053 > URL: https://issues.apache.org/jira/browse/YARN-3053 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver > Reporter: Sangjin Lee > Assignee: Varun Saxena > Labels: YARN-5355 > Attachments: ATSv2Authentication(draft).pdf > > > Per design in YARN-2928, we want to evaluate and review the system for security, and ensure proper security in the system. > This includes proper authentication, token management, access control, and any other relevant security aspects. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: yarn-issues-help@hadoop.apache.org