Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-47 [Umbrella] Security issues in YARN
  3. YARN-39

RM-NM secret-keys should be randomly generated and rolled every so often

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.2-alpha, 0.23.3
    • Component/s: None
    • Labels:
      None

      Description

      • RM should generate the master-key randomly
      • The master-key should roll every so often
      • NM should remember old expired keys so that already doled out container-requests can be satisfied.

        Attachments

        1. MAPREDUCE-3943-20120416.txt
          99 kB
          Vinod Kumar Vavilapalli
        2. MR3943_branch-23.txt
          134 kB
          Siddharth Seth
        3. MR3943_branch-23.txt
          134 kB
          Siddharth Seth
        4. MR3943_trunk.txt
          140 kB
          Siddharth Seth
        5. MR3943_trunk.txt
          140 kB
          Siddharth Seth
        6. MR3943.txt
          136 kB
          Siddharth Seth
        7. MR3943.txt
          124 kB
          Siddharth Seth
        8. YARN39_branch23.txt
          182 kB
          Siddharth Seth
        9. YARN39.txt
          194 kB
          Siddharth Seth
        10. YARN-39-20120823.1.txt
          194 kB
          Vinod Kumar Vavilapalli
        11. YARN-39-20120823.1.txt
          252 kB
          Vinod Kumar Vavilapalli
        12. YARN-39-20120823.txt
          248 kB
          Vinod Kumar Vavilapalli
        13. YARN-39-20120824.txt
          193 kB
          Vinod Kumar Vavilapalli

          Issue Links

          breaks

          Sub-task - The sub-task of the issue YARN-60 NMs rejects all container tokens after secret key rolls

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed
          duplicates

          Sub-task - The sub-task of the issue MAPREDUCE-2742 [MR-279] [Security] All tokens in YARN + MR should have an expiry interval

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Sub-task - The sub-task of the issue MAPREDUCE-3105 NM<->RM shared secrets should be rolled every so often.

          • Major - Major loss of function.
          • Resolved
          is blocked by

          Sub-task - The sub-task of the issue MAPREDUCE-3940 ContainerTokens should have an expiry interval

          • Major - Major loss of function.
          • Closed

          Sub-task - The sub-task of the issue MAPREDUCE-3942 Randomize master key generation for ApplicationTokenSecretManager and roll it every so often

          • Major - Major loss of function.
          • Closed
          relates to

          Sub-task - The sub-task of the issue YARN-35 Move to per-node RM-NM secrets

          • Major - Major loss of function.
          • Open

            Activity

              People

              • Assignee:
                vinodkv Vinod Kumar Vavilapalli
                Reporter:
                vinodkv Vinod Kumar Vavilapalli
              • Votes:
                0 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: