Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-4653

Document YARN security model from the perspective of Application Developers

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.7.2
    • Fix Version/s: 2.8.0, 2.7.3, 3.0.0-alpha1
    • Component/s: site
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      What YARN apps need to do for security today is generally copied direct from distributed shell, with a bit of ill-informed superstition being the sole prose.

      We need a normative document in the YARN site covering

      1. the needs for YARN security
      2. token creation for AM launch
      3. how the RM gets involved
      4. token propagation on container launch
      5. token renewal strategies
      6. How to get tokens for other apps like HBase and Hive.
      7. how to work under OOzie

      Perhaps the WritingYarnApplications.md doc is updated, otherwise why not just link to the relevant bit of the distributed shell client on github for a guarantee of staying up to date?

        Attachments

        1. YARN-4653-001.patch
          20 kB
          Steve Loughran
        2. YARN-4653-002.patch
          24 kB
          Steve Loughran
        3. YARN-4653-003.patch
          24 kB
          Steve Loughran
        4. YARN-4653-004.patch
          25 kB
          Steve Loughran

          Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-12649 Improve Kerberos diagnostics and failure handling

          • Major - Major loss of function.
          • Open

          Task - A task that needs to be done. HADOOP-9621 Document/analyze current Hadoop security model

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          relates to

          Sub-task - The sub-task of the issue HADOOP-12752 Improve diagnostics/use of envvar/sysprop credential propagation

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          New Feature - A new feature of the product, which has yet to be developed. SAMZA-727 Support for Kerberos

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. SLIDER-1077 Improve slider credental setup under Oozie

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Assignee:
                stevel@apache.org Steve Loughran
                Reporter:
                stevel@apache.org Steve Loughran
              • Votes:
                0 Vote for this issue
                Watchers:
                16 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2h
                  2h
                  Remaining:
                  Remaining Estimate - 2h
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified