[jira] [Commented] (OOZIE-2877) Oozie Git Action

Mon, 04 Jun 2018 11:08:39 -0700 


    [ 
https://issues.apache.org/jira/browse/OOZIE-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16500648#comment-16500648
 ] 

Robert Kanter commented on OOZIE-2877:
--------------------------------------

I haven't been able to find time to look at the patch, but I saw mention of 
"credential files" and just wanted to suggest something (I could be completely 
off base here because I haven't looked at the code, so feel free to ignore me 
if this doesn't make sense :)).  Now that Oozie's directly on YARN, we have 
access to the {{Credentials}} object in the {{ApplicationSubmissionContext}}.  
You can add arbitrary secrets into a hashmap ({{<string,byte[]>}}) in the 
{{Credentials}}.  YARN will securely provide that to the Container (IIRC you 
can retrieve it via {{Configuration}}).  That might be a better alternative to 
putting the credential file in HDFS.

> Oozie Git Action
> ----------------
>
>                 Key: OOZIE-2877
>                 URL: https://issues.apache.org/jira/browse/OOZIE-2877
>             Project: Oozie
>          Issue Type: Sub-task
>          Components: action
>            Reporter: Clay B.
>            Assignee: Clay B.
>            Priority: Major
>              Labels: action
>             Fix For: trunk
>
>         Attachments: 0001-OOZIE-2877-Oozie-Git-Action.patch, 
> 0002-OOZIE-2877-Oozie-Git-Action.patch, 
> 0003-OOZIE-2877-Oozie-Git-Action.patch, 
> 0004-OOZIE-2877-Oozie-Git-Action.patch, 
> 0005-OOZIE-2877-Oozie-Git-Action.patch, 
> 0006-OOZIE-2877-Oozie-Git-Action.patch, 
> 0007-OOZIE-2877-Oozie-Git-Action.patch, 
> 0008-OOZIE-2877-Oozie-Git-Action.patch, 
> 0009-OOZIE-2877-Oozie-Git-Action.patch, OOZIE-2877.010.patch, 
> OOZIE-2877.011.patch, OOZIE-2877.012.patch
>
>
> To aide in deploying ASCII artifacts to clusters, let's provide a tie-in for 
> a source-code management system. Git would be my preferred choice.
> Ideally, this could handle a user's key material e.g. for an ssh key to pull 
> down from a secured repository. This would free users from handling their own 
> key staging and clean-up on YARN nodes and only require them to store the key 
> secured in HDFS.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to