Hadoop YARN
  1. Hadoop YARN
  2. YARN-47 Security issues in YARN
  3. YARN-39

RM-NM secret-keys should be randomly generated and rolled every so often

        Details

        • Type: Sub-task Sub-task
        • Status: Closed
        • Priority: Critical Critical
        • Resolution: Fixed
        • Affects Version/s: None
        • Fix Version/s: 2.0.2-alpha, 0.23.3
        • Component/s: None
        • Labels:
          None

          Description

          • RM should generate the master-key randomly
          • The master-key should roll every so often
          • NM should remember old expired keys so that already doled out container-requests can be satisfied.
          1. Text File
            YARN39_branch23.txt
            182 kB
            Siddharth Seth
          2. Text File
            YARN39.txt
            194 kB
            Siddharth Seth
          3. Text File
            YARN-39-20120824.txt
            193 kB
            Vinod Kumar Vavilapalli
          4. Text File
            YARN-39-20120823.1.txt
            194 kB
            Vinod Kumar Vavilapalli
          5. Text File
            YARN-39-20120823.1.txt
            252 kB
            Vinod Kumar Vavilapalli
          6. Text File
            YARN-39-20120823.txt
            248 kB
            Vinod Kumar Vavilapalli
          7. Text File
            MR3943_trunk.txt
            140 kB
            Siddharth Seth
          8. Text File
            MR3943_branch-23.txt
            134 kB
            Siddharth Seth
          9. Text File
            MR3943_trunk.txt
            140 kB
            Siddharth Seth
          10. Text File
            MR3943_branch-23.txt
            134 kB
            Siddharth Seth
          11. Text File
            MR3943.txt
            136 kB
            Siddharth Seth
          12. Text File
            MR3943.txt
            124 kB
            Siddharth Seth
          13. Text File
            MAPREDUCE-3943-20120416.txt
            99 kB
            Vinod Kumar Vavilapalli

            Issue Links

            breaks

            Sub-task - The sub-task of the issue YARN-60 NMs rejects all container tokens after secret key rolls

            • Blocker - Blocks development and/or testing work, production could not run
            • Closed
            duplicates

            Sub-task - The sub-task of the issue MAPREDUCE-2742 [MR-279] [Security] All tokens in YARN + MR should have an expiry interval

            • Critical - Crashes, loss of data, severe memory leak.
            • Resolved

            Sub-task - The sub-task of the issue MAPREDUCE-3105 NM<->RM shared secrets should be rolled every so often.

            • Major - Major loss of function.
            • Resolved
            is blocked by

            Sub-task - The sub-task of the issue MAPREDUCE-3940 ContainerTokens should have an expiry interval

            • Major - Major loss of function.
            • Closed

            Sub-task - The sub-task of the issue MAPREDUCE-3942 Randomize master key generation for ApplicationTokenSecretManager and roll it every so often

            • Major - Major loss of function.
            • Closed
            relates to

            Sub-task - The sub-task of the issue YARN-35 Move to per-node RM-NM secrets

            • Major - Major loss of function.
            • Open

              Activity

                People

                • Assignee:
                  Vinod Kumar Vavilapalli
                  Reporter:
                  Vinod Kumar Vavilapalli
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  14 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Development