[jira] [Commented] (HADOOP-12951) Improve documentation on KMS ACLs and delegation tokens

Wed, 23 Mar 2016 20:56:50 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15209696#comment-15209696
 ] 

Xiao Chen commented on HADOOP-12951:
------------------------------------

Thanks for the explanation [~andrew.wang]! Sorry I didn't ask the correct 
question. :)

On KMS documentation page, it first explains KMS delegation token 
configuration, then talks about HA in another section, where it's called 
['Using Multiple Instances of KMS Behind a Load-Balancer or 
VIP'|https://hadoop.apache.org/docs/stable/hadoop-kms/index.html#Using_Multiple_Instances_of_KMS_Behind_a_Load-Balancer_or_VIP].

Since authentication is done by {{KMSAuthenticationFilter}}, which inherits 
from {{DelegationTokenAuthenticationFilter}} which inherits from 
{{AuthenticationFilter}}, I think from configuration and example point of view, 
they're the same as those given in ['HTTP Authentication 
Signature'|https://hadoop.apache.org/docs/stable/hadoop-kms/index.html#HTTP_Authentication_Signature]
 in the same KMS HA section.

I also found that the Hadoop Auth page describes about the signer in details, 
and the last example being configuring multiple ZKs 
([here|https://hadoop.apache.org/docs/stable/hadoop-auth/Configuration.html#SignerSecretProvider_Configuration]).

So I'm thinking of just add some descriptive text on the delegation tokens HA 
section, and point to the Auth page. (Auth page seems a bit out dated, will 
modify as well.) One confusion though is the xml format is different, but I 
think that can be easily explained, and better than having 2 places showing 
similar examples. Does this sound right to you? Please correct me if I 
misunderstood anything.

> Improve documentation on KMS ACLs and delegation tokens
> -------------------------------------------------------
>
>                 Key: HADOOP-12951
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12951
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-12951.01.patch
>
>
> [~andrew.wang] suggested that the current KMS ACL page is not very 
> user-focused, and hard to come by without reading the code.
> I read the document (and the code), and I agree. So this jira puts more 
> documentation to explain the current implementation.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to