Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-4653

Document YARN security model from the perspective of Application Developers

          Details

          • Type: Task
          • Status: Closed
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 2.7.2
          • Fix Version/s: 2.8.0, 2.7.3, 3.0.0-alpha1
          • Component/s: site
          • Labels:
            None
          • Target Version/s:
          • Hadoop Flags:
            Reviewed

            Description

            What YARN apps need to do for security today is generally copied direct from distributed shell, with a bit of ill-informed superstition being the sole prose.

            We need a normative document in the YARN site covering

            1. the needs for YARN security
            2. token creation for AM launch
            3. how the RM gets involved
            4. token propagation on container launch
            5. token renewal strategies
            6. How to get tokens for other apps like HBase and Hive.
            7. how to work under OOzie

            Perhaps the WritingYarnApplications.md doc is updated, otherwise why not just link to the relevant bit of the distributed shell client on github for a guarantee of staying up to date?

              Attachments

              1. YARN-4653-001.patch
                20 kB
                Steve Loughran
              2. YARN-4653-002.patch
                24 kB
                Steve Loughran
              3. YARN-4653-003.patch
                24 kB
                Steve Loughran
              4. YARN-4653-004.patch
                25 kB
                Steve Loughran

                Issue Links

                is related to

                Improvement - An improvement or enhancement to an existing feature or task. HADOOP-12649 Improve Kerberos diagnostics and failure handling

                • Major - Major loss of function.
                • Open

                Task - A task that needs to be done. HADOOP-9621 Document/analyze current Hadoop security model

                • Minor - Minor loss of function, or other problem where easy workaround is present.
                • Open
                relates to

                Sub-task - The sub-task of the issue HADOOP-12752 Improve diagnostics/use of envvar/sysprop credential propagation

                • Minor - Minor loss of function, or other problem where easy workaround is present.
                • Resolved

                New Feature - A new feature of the product, which has yet to be developed. SAMZA-727 Support for Kerberos

                • Major - Major loss of function.
                • Resolved

                Improvement - An improvement or enhancement to an existing feature or task. SLIDER-1077 Improve slider credental setup under Oozie

                • Major - Major loss of function.
                • Resolved

                  Activity

                    People

                    • Assignee:
                      stevel@apache.org Steve Loughran
                      Reporter:
                      stevel@apache.org Steve Loughran
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      16 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved:

                        Time Tracking

                        Estimated:
                        Original Estimate - 2h
                        2h
                        Remaining:
                        Remaining Estimate - 2h
                        2h
                        Logged:
                        Time Spent - Not Specified
                        Not Specified