Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-4653

Document YARN security model from the perspective of Application Developers

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.7.2
    • 2.8.0, 2.7.3, 3.0.0-alpha1
    • site
    • None
    • Reviewed

    Description

      What YARN apps need to do for security today is generally copied direct from distributed shell, with a bit of ill-informed superstition being the sole prose.

      We need a normative document in the YARN site covering

      1. the needs for YARN security
      2. token creation for AM launch
      3. how the RM gets involved
      4. token propagation on container launch
      5. token renewal strategies
      6. How to get tokens for other apps like HBase and Hive.
      7. how to work under OOzie

      Perhaps the WritingYarnApplications.md doc is updated, otherwise why not just link to the relevant bit of the distributed shell client on github for a guarantee of staying up to date?

      Attachments

        1. YARN-4653-001.patch
          20 kB
          Steve Loughran
        2. YARN-4653-002.patch
          24 kB
          Steve Loughran
        3. YARN-4653-003.patch
          24 kB
          Steve Loughran
        4. YARN-4653-004.patch
          25 kB
          Steve Loughran

        Issue Links

          Activity

            People

              stevel@apache.org Steve Loughran
              stevel@apache.org Steve Loughran
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 2h
                  2h
                  Remaining:
                  Remaining Estimate - 2h
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified