spark-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Balog (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SPARK-8129) Securely pass auth secrets to executors in standalone cluster mode
Date Thu, 18 Jun 2015 11:10:01 GMT

    [ https://issues.apache.org/jira/browse/SPARK-8129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14591652#comment-14591652
] 

Doug Balog commented on SPARK-8129:
-----------------------------------

FYI, Environment variables can be seen from ps too.
On linux `ps e` will show the env variables.
On MAC `ps E`


> Securely pass auth secrets to executors in standalone cluster mode
> ------------------------------------------------------------------
>
>                 Key: SPARK-8129
>                 URL: https://issues.apache.org/jira/browse/SPARK-8129
>             Project: Spark
>          Issue Type: New Feature
>          Components: Deploy, Spark Core
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>            Priority: Minor
>             Fix For: 1.5.0
>
>
> Currently, when authentication is turned on, the standalone cluster manager passes auth
secrets to executors (also drivers in cluster mode) as java options on the command line, which
isn't secure. The passed secret can be seen by anyone running 'ps' command, e.g.,
> bq.  501 94787 94734   0  2:32PM ??         0:00.78 /Library/Java/JavaVirtualMachines/jdk1.7.0_60.jdk/Contents/Home/jre/bin/java
-cp /Users/kan/github/spark/sbin/../conf/:/Users/kan/github/spark/assembly/target/scala-2.10/spark-assembly-1.4.0-SNAPSHOT-hadoop2.3.0.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-api-jdo-3.2.6.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-core-3.2.10.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-rdbms-3.2.9.jar
-Xms512M -Xmx512M *-Dspark.authenticate.secret=090A030E0F0A05010900000A0C0E0C0B03050D05* -Dspark.driver.port=49625
-Dspark.authenticate=true -XX:MaxPermSize=128m org.apache.spark.executor.CoarseGrainedExecutorBackend
--driver-url akka.tcp://sparkDriver@192.168.1.152:49625/user/CoarseGrainedScheduler --executor-id
0 --hostname 192.168.1.152 --cores 8 --app-id app-20150605143259-0000 --worker-url akka.tcp://sparkWorker@192.168.1.152:49623/user/Worker



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org


Mime
View raw message