hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lowe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-3053) [Security] Review and implement authentication in ATS v.2
Date Wed, 03 May 2017 21:12:04 GMT

    [ https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15995692#comment-15995692

Jason Lowe commented on YARN-3053:

Thanks for updating the document, Varun!  I think the approach is reasonable, since it piggybacks
on the discovery problem which already needed to be solved.  Also I think it makes sense that
we don't need to persist the tokens in any way, since the collector needs to be re-discovered
if restarted and new tokens can be handed out at that point.

Not really a security concern, but I'm assuming the ATSv2 client is going to have to buffer/spool
events until the collector has been discovered or there's some kind of flow control mitigation
there.  By default the AM is being started with no way to write events until the collector
is discovered (which could take some number of heartbeats given the circuitous route the information
takes) and there's also the case where the collector becomes unavailable temporarily (e.g.:
collector restarts/crashes/etc.).

> [Security] Review and implement authentication in ATS v.2
> ---------------------------------------------------------
>                 Key: YARN-3053
>                 URL: https://issues.apache.org/jira/browse/YARN-3053
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Sangjin Lee
>            Assignee: Varun Saxena
>              Labels: YARN-5355, yarn-5355-merge-blocker
>         Attachments: ATSv2Authentication(draft).pdf, ATSv2Authentication.v01.pdf
> Per design in YARN-2928, we want to evaluate and review the system for security, and
ensure proper security in the system.
> This includes proper authentication, token management, access control, and any other
relevant security aspects.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message