Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
In YARN-7540, all client entry points for API service is centralized to use REST API instead of having direct file system and resource manager rpc calls. This change helped to centralize yarn metadata to be owned by yarn user instead of crawling through every user's home directory to find metadata. The next step is to make sure "doAs" calls work properly for API Service. The metadata is stored by YARN user, but the actual workload still need to be performed as end users, hence API service must authenticate end user kerberos credential, and perform doAs call when requesting containers via ServiceClient.