[
https://issues.apache.org/jira/browse/HDFS-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16784785#comment-16784785
]
Íñigo Goiri commented on HDFS-13532:
------------------------------------
{quote}
IIUC, client/jobsubmitter and executors have to switch to RBF in the same time,
otherwise, delegation token check will not pass since they are not matching
distributed from namenode and router.
on another side, majority compute engine run on yarn rely on RM to renew token,
So In on word, it looks that there are no graceful solution to support rolling
upgrade, for instance rolling upgrade client to RBF, then YARN(RM/NM)?
{quote}
As far as I can tell you can have jobs with one defaultFS and NM/RM with a
different one.
You can run jobs against RBF while the NM and the RM use the Namenodes directly.
For moving NM/RM from using the Namenodes to RBF, I'm not sure what the process
would be there.
I think you might be able to transition the RMs first and then the NMs.
I'm not sure if there is an issue here or not.
> RBF: Adding security
> --------------------
>
> Key: HDFS-13532
> URL: https://issues.apache.org/jira/browse/HDFS-13532
> Project: Hadoop HDFS
> Issue Type: New Feature
> Reporter: Íñigo Goiri
> Assignee: CR Hota
> Priority: Major
> Attachments: RBF _ Security delegation token thoughts.pdf, RBF _
> Security delegation token thoughts_updated.pdf, RBF _ Security delegation
> token thoughts_updated_2.pdf, RBF-DelegationToken-Approach1b.pdf, RBF_
> Security delegation token thoughts_updated_3.pdf, Security_for_Router-based
> Federation_design_doc.pdf
>
>
> HDFS Router based federation should support security. This includes
> authentication and delegation tokens.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
