Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-7054 Yarn Service Phase 2
  3. YARN-6669

Support security for YARN service framework

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • None
    • None
    • None

    Description

      Changes include:

      • Make registry client to programmatically generate the jaas conf for secure access ZK quorum
      • Create a KerberosPrincipal resource object in REST API for user to supply keberos keytab and principal
      • User has two ways to configure:
        • If keytab starts with "hdfs://", the keytab will be localized by YARN
        • If keytab starts with "file://", it is assumed that the keytab are available on the localhost.
      • AM will use the keytab to log in
      • ServiceClient is changed to ask hdfs delegation token when submitting the service
      • AM code will use the tokens when launching containers
      • Support kerberized communication between client and AM

      Attachments

        1. YARN-6669.yarn-native-services.05.patch
          59 kB
          Jian He
        2. YARN-6669.yarn-native-services.04.patch
          69 kB
          Jian He
        3. YARN-6669.yarn-native-services.03.patch
          42 kB
          Jian He
        4. YARN-6669.yarn-native-services.01.patch
          42 kB
          Jian He
        5. YARN-6669.12.patch
          135 kB
          Jian He
        6. YARN-6669.11.patch
          137 kB
          Jian He
        7. YARN-6669.10.patch
          130 kB
          Jian He
        8. YARN-6669.09.patch
          130 kB
          Jian He
        9. YARN-6669.08.patch
          131 kB
          Jian He
        10. YARN-6669.07.patch
          131 kB
          Jian He
        11. YARN-6669.06.patch
          127 kB
          Jian He
        12. YARN-6669.05.patch
          126 kB
          Jian He
        13. YARN-6669.04.patch
          107 kB
          Jian He
        14. YARN-6669.03.patch
          104 kB
          Jian He
        15. YARN-6669.02.patch
          65 kB
          Jian He
        16. YARN-6669.01.patch
          64 kB
          Jian He

        Issue Links

          incorporates

          Sub-task - The sub-task of the issue YARN-7517 RegistryDNS does not work with secure ZooKeeper

          • Major - Major loss of function.
          • Resolved
          is duplicated by

          Sub-task - The sub-task of the issue YARN-6397 Support kerberos deployment for yarn-native-service

          • Major - Major loss of function.
          • Resolved
          relates to

          Sub-task - The sub-task of the issue YARN-7606 Ensure long running service AM works in secure cluster

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              jianhe Jian He
              jianhe Jian He
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: