[jira] [Commented] (HDFS-13532) RBF: Adding security

Tue, 05 Mar 2019 10:07:14 -0800 


    [ 
https://issues.apache.org/jira/browse/HDFS-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16784726#comment-16784726
 ] 

He Xiaoqiao commented on HDFS-13532:
------------------------------------

Thanks [~brahmareddy] and [~elgoiri] for your detailed comments.
To [~elgoiri],
{quote}If the job is submitted against the Router, then the job can only access 
data through RBF.
However, I think this is OK; as I mentioned before you could still have jobs 
that query the NameNodes directly.{quote}
IIUC, client/jobsubmitter and executors have to switch to RBF in the same time, 
otherwise, delegation token check will not pass since they are not matching 
distributed from namenode and router.
on another side, majority compute engine run on yarn rely on RM to renew token, 
So In on word, it looks that there are no graceful solution to support rolling 
upgrade, for instance rolling upgrade client to RBF, then YARN(RM/NM)?
{quote}For the RM itself, you can transition it from using RBF or not whenever 
you want.
{quote}
As mentioned above, I am confused about RM using RBF or not. your more explains 
is greatly appreciated.

To [~brahmareddy]
{quote}Did you try it..? do you've failed logs..?{quote}
I am sorry that no time to test this case now, I will offer more info in time 
when cover this scenario.

Thanks again.

> RBF: Adding security
> --------------------
>
>                 Key: HDFS-13532
>                 URL: https://issues.apache.org/jira/browse/HDFS-13532
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>            Reporter: Íñigo Goiri
>            Assignee: CR Hota
>            Priority: Major
>         Attachments: RBF _ Security delegation token thoughts.pdf, RBF _ 
> Security delegation token thoughts_updated.pdf, RBF _ Security delegation 
> token thoughts_updated_2.pdf, RBF-DelegationToken-Approach1b.pdf, RBF_ 
> Security delegation token thoughts_updated_3.pdf, Security_for_Router-based 
> Federation_design_doc.pdf
>
>
> HDFS Router based federation should support security. This includes 
> authentication and delegation tokens.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to