Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-47 [Umbrella] Security issues in YARN
  3. YARN-39

RM-NM secret-keys should be randomly generated and rolled every so often

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • None
    • 2.0.2-alpha, 0.23.3
    • None
    • None

    Description

      • RM should generate the master-key randomly
      • The master-key should roll every so often
      • NM should remember old expired keys so that already doled out container-requests can be satisfied.

      Attachments

        1. MAPREDUCE-3943-20120416.txt
          99 kB
          Vinod Kumar Vavilapalli
        2. MR3943.txt
          124 kB
          Siddharth Seth
        3. MR3943.txt
          136 kB
          Siddharth Seth
        4. MR3943_branch-23.txt
          134 kB
          Siddharth Seth
        5. MR3943_trunk.txt
          140 kB
          Siddharth Seth
        6. MR3943_branch-23.txt
          134 kB
          Siddharth Seth
        7. MR3943_trunk.txt
          140 kB
          Siddharth Seth
        8. YARN-39-20120823.txt
          248 kB
          Vinod Kumar Vavilapalli
        9. YARN-39-20120823.1.txt
          252 kB
          Vinod Kumar Vavilapalli
        10. YARN-39-20120823.1.txt
          194 kB
          Vinod Kumar Vavilapalli
        11. YARN-39-20120824.txt
          193 kB
          Vinod Kumar Vavilapalli
        12. YARN39.txt
          194 kB
          Siddharth Seth
        13. YARN39_branch23.txt
          182 kB
          Siddharth Seth

        Issue Links

          breaks

          Sub-task - The sub-task of the issue YARN-60 NMs rejects all container tokens after secret key rolls

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed
          duplicates

          Sub-task - The sub-task of the issue MAPREDUCE-2742 [MR-279] [Security] All tokens in YARN + MR should have an expiry interval

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Sub-task - The sub-task of the issue MAPREDUCE-3105 NM<->RM shared secrets should be rolled every so often.

          • Major - Major loss of function.
          • Resolved
          is blocked by

          Sub-task - The sub-task of the issue MAPREDUCE-3940 ContainerTokens should have an expiry interval

          • Major - Major loss of function.
          • Closed

          Sub-task - The sub-task of the issue MAPREDUCE-3942 Randomize master key generation for ApplicationTokenSecretManager and roll it every so often

          • Major - Major loss of function.
          • Closed
          relates to

          Sub-task - The sub-task of the issue YARN-35 Move to per-node RM-NM secrets

          • Major - Major loss of function.
          • Open

          Activity

            People

              vinodkv Vinod Kumar Vavilapalli
              vinodkv Vinod Kumar Vavilapalli
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: