-
Type:
Task
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 2.7.2
-
Fix Version/s: 2.8.0, 2.7.3, 3.0.0-alpha1
-
Component/s: site
-
Labels:None
-
Target Version/s:
-
Hadoop Flags:Reviewed
What YARN apps need to do for security today is generally copied direct from distributed shell, with a bit of ill-informed superstition being the sole prose.
We need a normative document in the YARN site covering
- the needs for YARN security
- token creation for AM launch
- how the RM gets involved
- token propagation on container launch
- token renewal strategies
- How to get tokens for other apps like HBase and Hive.
- how to work under OOzie
Perhaps the WritingYarnApplications.md doc is updated, otherwise why not just link to the relevant bit of the distributed shell client on github for a guarantee of staying up to date?
- is related to
-
HADOOP-12649 Improve Kerberos diagnostics and failure handling
-
- Open
-
-
HADOOP-9621 Document/analyze current Hadoop security model
-
- Open
-
- relates to
-
HADOOP-12752 Improve diagnostics/use of envvar/sysprop credential propagation
-
- Resolved
-
-
SAMZA-727 Support for Kerberos
-
- Resolved
-
-
SLIDER-1077 Improve slider credental setup under Oozie
-
- Resolved
-