hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Varun Saxena (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-6130) [ATSv2 Security] Generate a delegation token for AM when app collector is created and pass it to AM via NM and RM
Date Thu, 27 Jul 2017 07:29:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-6130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16102844#comment-16102844
] 

Varun Saxena commented on YARN-6130:
------------------------------------

bq. token renewer is set to application owner. Is it intended? Since AppCollector runs as
part of NM axillary service, renewer should be NM user right?
Actually I was initially thinking of providing an ability to renew token from Timeline client
too. For tokens for offline collectors for instance. And if we allow for them, the API has
to be generic enough to allow renewal for app tokens as well with the facility of automatic
renewal. That is why I had kept it as application owner at that time. As we will renew locally
i.e. from NM and will have the token cached in collector, it wont matter. However, security
design for offline collectors isn't yet finalized.

So technically right now, the renewer will always be NM. Will change it in next patch.

> [ATSv2 Security] Generate a delegation token for AM when app collector is created and
pass it to AM via NM and RM
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-6130
>                 URL: https://issues.apache.org/jira/browse/YARN-6130
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Varun Saxena
>            Assignee: Varun Saxena
>              Labels: yarn-5355-merge-blocker
>         Attachments: YARN-6130-YARN-5355.01.patch, YARN-6130-YARN-5355.02.patch, YARN-6130-YARN-5355.03.patch,
YARN-6130-YARN-5355.04.patch, YARN-6130-YARN-5355.05.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message