Author: stevel
Date: Wed Nov 26 15:40:24 2014
New Revision: 1641837
URL: http://svn.apache.org/r1641837
Log:
SLIDER-193 Improve site documentation
Modified:
incubator/slider/site/trunk/content/design/architecture.md
incubator/slider/site/trunk/content/docs/configuration/index.md
incubator/slider/site/trunk/content/docs/manpage.md
Modified: incubator/slider/site/trunk/content/design/architecture.md
URL:
http://svn.apache.org/viewvc/incubator/slider/site/trunk/content/design/architecture.md?rev=1641837&r1=1641836&r2=1641837&view=diff
==============================================================================
--- incubator/slider/site/trunk/content/design/architecture.md (original)
+++ incubator/slider/site/trunk/content/design/architecture.md Wed Nov 26
15:40:24 2014
@@ -119,26 +119,6 @@ The final operation, `stopCluster()`, st
Slider's security model is described in detail in [an accompanying
document](/docs/security.html)
-A Slider application instance is expected to access data belonging to the user
creating the instance.
-
-In a secure YARN cluster, this is done by acquiring Kerberos tokens in the
client when the application instance is updated, tokens which
-are propagated to the Slider AM and thence to the deployed application
containers themselves. These
-tokens are valid for a finite time period.
-
-HBase has always required keytab files to be installed on every node in the
Hadoop for it to have secure access -this requirement
-holds for Slider-deployed HBase clusters. Slider does not itself adopt the
responsibility of preparing or distributing these files;
-this must be done via another channel.
-
-In Hadoop 2.2, the tokens for communication between the Slider AM and YARN
expire after -by default- 72 hours. The
-HDFS tokens will also expire after some time period. This places an upper
bound on the lifespan of a Slider application (or any
-other long-lived YARN application) in a secure Hadoop cluster.
-
-
-
-In an insecure Hadoopp cluster, the Slider AM and its containers are likely to
run in a different OS account from the submitting user.
-To enable access to the database files as that submitting use, the identity of
the user is provided when the AM is created; the
-AM will pass this same identity down to the created containers. This
information *identifies* the user -but does not *authenticate* them: they are
trusted to be who they claim to be.
-
### Agent to Application Master Secure Communication
By default, one-way SSL is leveraged to secure the communication between
Slider agents and the Application Master. However, two-way SSL can be enabled.
A more detailed discussion of the SSL implementation in Slider can be found
[in the SSL documentation](/design/ssl_implementation.html).
Modified: incubator/slider/site/trunk/content/docs/configuration/index.md
URL:
http://svn.apache.org/viewvc/incubator/slider/site/trunk/content/docs/configuration/index.md?rev=1641837&r1=1641836&r2=1641837&view=diff
==============================================================================
--- incubator/slider/site/trunk/content/docs/configuration/index.md (original)
+++ incubator/slider/site/trunk/content/docs/configuration/index.md Wed Nov 26
15:40:24 2014
@@ -17,7 +17,8 @@
# Apache Slider: Specification of an application instance, revision 2.0
-The specification of an applicaton, comprises
+The specification of an application comprises
+
1. The persistent description of an application's configuration
1. The persistent description of the desired topology and YARN resource
requirements.
Modified: incubator/slider/site/trunk/content/docs/manpage.md
URL:
http://svn.apache.org/viewvc/incubator/slider/site/trunk/content/docs/manpage.md?rev=1641837&r1=1641836&r2=1641837&view=diff
==============================================================================
--- incubator/slider/site/trunk/content/docs/manpage.md (original)
+++ incubator/slider/site/trunk/content/docs/manpage.md Wed Nov 26 15:40:24 2014
@@ -33,18 +33,6 @@ and existing but not running "stopped" a
1. A *Slider application instance* is a slider application configured to be
deployable on a specific YARN cluster, with a specific configuration. An
instance can be *live* -actually running- or *stopped*. When stopped all its
configuration details and instance-specific data are preserved on HDFS.
-1. An *image* is a *tar.gz* file containing binaries used to create the
application. 1. Images are kept in the HDFS filesystem and identified by their
path names; filesystem permissions can be used to share images amongst users.
-
-1. An *image configuration* is a directory that is overlaid file-by-file onto
the conf/ directory inside the HBase image.
-
-1. Users can have multiple image configurations -they too are kept in HDFS,
identified by their path names, and can be shared by setting the appropriate
permissions, along with a configuration template file.
-
-1. Only those files provided in the image configuration directory overwrite
the default values contained in the image; all other configuration files are
retained.
-
-1. Late-binding properties can also be provided at create time.
-
-1. Slider can overwrite some of the configuration properties to enable the
dynamically created components to bind correctly to each other.
-
1. An *instance directory* is a directory created in HDFS describing the
application instance; it records the configuration -both user specified,
application-default and any dynamically created by slider.
1. A user can create an application instance.
