Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-47 [Umbrella] Security issues in YARN
  3. YARN-1915

ClientToAMTokenMasterKey should be provided to AM at launch time

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.6.0
    • Component/s: None
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      Currently, the AM receives the key as part of registration. This introduces a race where a client can connect to the AM when the AM has not received the key.

      Current Flow:
      1) AM needs to start the client listening service in order to get host:port and send it to the RM as part of registration
      2) RM gets the port info in register() and transitions the app to RUNNING. Responds back with client secret to AM.
      3) User asks RM for client token. Gets it and pings the AM. AM hasn't received client secret from RM and so RPC itself rejects the request.

        Attachments

        1. YARN-1915.patch
          9 kB
          Jason Darrell Lowe
        2. YARN-1915v2.patch
          9 kB
          Jason Darrell Lowe
        3. YARN-1915v3.patch
          8 kB
          Jason Darrell Lowe

          Issue Links

            Activity

              People

              • Assignee:
                jlowe Jason Darrell Lowe
                Reporter:
                hitesh Hitesh Shah
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: