Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-47 [Umbrella] Security issues in YARN
  3. YARN-1915

ClientToAMTokenMasterKey should be provided to AM at launch time

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 2.2.0
    • 2.6.0
    • None
    • None
    • Reviewed

    Description

      Currently, the AM receives the key as part of registration. This introduces a race where a client can connect to the AM when the AM has not received the key.

      Current Flow:
      1) AM needs to start the client listening service in order to get host:port and send it to the RM as part of registration
      2) RM gets the port info in register() and transitions the app to RUNNING. Responds back with client secret to AM.
      3) User asks RM for client token. Gets it and pings the AM. AM hasn't received client secret from RM and so RPC itself rejects the request.

      Attachments

        1. YARN-1915v3.patch
          8 kB
          Jason Darrell Lowe
        2. YARN-1915v2.patch
          9 kB
          Jason Darrell Lowe
        3. YARN-1915.patch
          9 kB
          Jason Darrell Lowe

        Issue Links

          Activity

            People

              jlowe Jason Darrell Lowe
              hitesh Hitesh Shah
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: