[YARN-4653] Document YARN security model from the perspective of Application Developers - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.7.2
Fix Version/s: 2.8.0, 2.7.3, 3.0.0-alpha1
Component/s: site
Labels:
None

Target Version/s:

2.8.0
Hadoop Flags:

Reviewed

Description

What YARN apps need to do for security today is generally copied direct from distributed shell, with a bit of ill-informed superstition being the sole prose.

We need a normative document in the YARN site covering

the needs for YARN security
token creation for AM launch
how the RM gets involved
token propagation on container launch
token renewal strategies
How to get tokens for other apps like HBase and Hive.
how to work under OOzie

Perhaps the WritingYarnApplications.md doc is updated, otherwise why not just link to the relevant bit of the distributed shell client on github for a guarantee of staying up to date?

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-4653-004.patch
10/Feb/16 13:56
25 kB
Steve Loughran
YARN-4653-003.patch
05/Feb/16 17:20
24 kB
Steve Loughran
YARN-4653-002.patch
04/Feb/16 19:55
24 kB
Steve Loughran
YARN-4653-001.patch
01/Feb/16 15:26
20 kB
Steve Loughran

Issue Links

is related to

HADOOP-12649 Improve Kerberos diagnostics and failure handling

Open

HADOOP-9621 Document/analyze current Hadoop security model

Open

relates to

HADOOP-12752 Improve diagnostics/use of envvar/sysprop credential propagation

Resolved

SAMZA-727 Support for Kerberos

Resolved

SLIDER-1077 Improve slider credental setup under Oozie

Resolved

Activity

People

Assignee:: Steve Loughran

Reporter:: Steve Loughran

Votes:: 0 Vote for this issue

Watchers:: 16 Start watching this issue

Dates

Created:: 28/Jan/16 12:01

Updated:: 06/Jan/17 01:47

Resolved:: 14/Feb/16 09:26

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified