Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-47 [Umbrella] Security issues in YARN
  3. YARN-39

RM-NM secret-keys should be randomly generated and rolled every so often

          Details

          • Type: Sub-task
          • Status: Closed
          • Priority: Critical
          • Resolution: Fixed
          • Affects Version/s: None
          • Fix Version/s: 2.0.2-alpha, 0.23.3
          • Component/s: None
          • Labels:
            None

            Description

            • RM should generate the master-key randomly
            • The master-key should roll every so often
            • NM should remember old expired keys so that already doled out container-requests can be satisfied.

              Attachments

              1. MAPREDUCE-3943-20120416.txt
                99 kB
                Vinod Kumar Vavilapalli
              2. MR3943_branch-23.txt
                134 kB
                Siddharth Seth
              3. MR3943_branch-23.txt
                134 kB
                Siddharth Seth
              4. MR3943_trunk.txt
                140 kB
                Siddharth Seth
              5. MR3943_trunk.txt
                140 kB
                Siddharth Seth
              6. MR3943.txt
                136 kB
                Siddharth Seth
              7. MR3943.txt
                124 kB
                Siddharth Seth
              8. YARN39_branch23.txt
                182 kB
                Siddharth Seth
              9. YARN39.txt
                194 kB
                Siddharth Seth
              10. YARN-39-20120823.1.txt
                194 kB
                Vinod Kumar Vavilapalli
              11. YARN-39-20120823.1.txt
                252 kB
                Vinod Kumar Vavilapalli
              12. YARN-39-20120823.txt
                248 kB
                Vinod Kumar Vavilapalli
              13. YARN-39-20120824.txt
                193 kB
                Vinod Kumar Vavilapalli

                Issue Links

                breaks

                Sub-task - The sub-task of the issue YARN-60 NMs rejects all container tokens after secret key rolls

                • Blocker - Blocks development and/or testing work, production could not run
                • Closed
                duplicates

                Sub-task - The sub-task of the issue MAPREDUCE-2742 [MR-279] [Security] All tokens in YARN + MR should have an expiry interval

                • Critical - Crashes, loss of data, severe memory leak.
                • Resolved

                Sub-task - The sub-task of the issue MAPREDUCE-3105 NM<->RM shared secrets should be rolled every so often.

                • Major - Major loss of function.
                • Resolved
                is blocked by

                Sub-task - The sub-task of the issue MAPREDUCE-3940 ContainerTokens should have an expiry interval

                • Major - Major loss of function.
                • Closed

                Sub-task - The sub-task of the issue MAPREDUCE-3942 Randomize master key generation for ApplicationTokenSecretManager and roll it every so often

                • Major - Major loss of function.
                • Closed
                relates to

                Sub-task - The sub-task of the issue YARN-35 Move to per-node RM-NM secrets

                • Major - Major loss of function.
                • Open

                  Activity

                    People

                    • Assignee:
                      vinodkv Vinod Kumar Vavilapalli
                      Reporter:
                      vinodkv Vinod Kumar Vavilapalli
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      14 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: