[jira] [Commented] (HDFS-13532) RBF: Adding security

Wed, 06 Mar 2019 22:24:31 -0800 


    [ 
https://issues.apache.org/jira/browse/HDFS-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786430#comment-16786430
 ] 

Íñigo Goiri commented on HDFS-13532:
------------------------------------

Regarding upgrade, you can do multiple approaches but this is my recommendation.
The first step would be to deploy all the Routers with security enabled and 
delegation tokens.
In this moment, you will have both approaches available:
* Your regular subclusters directly available through the NameNodes 
(hdfs://ns0, hdfs://ns1).
* The federated namespace accessible through the Routers (hdfs://ns-fed).

At this point, independently of YARN settings (NM and RM), you can submit jobs 
to access data directly (e.g., hdfs://ns0) or through RBF (e.g., hdfs://ns-fed).
Here it is important for you to use fully qualified HDFS paths 
(hdfs://ns-fed/user/user1) and not simple ones (/user/user1).
The job will get the DT from the right places.
Then, you can have some clients using RBF and others directly going to the 
Namenode.
I think this covers your basic needs.

Notice you don't need to do any changes in the NM/RM.
After this, you can update the defaultFS for the NM and the RMs separately.
Using this approach you don't need to worry about the users as they will go to 
the right endpoint for the DT.

If you want to keep the users using defaultFS instead of fully qualified paths, 
it will need a fancier rolling upgrade approach.
However, if I assume you are switching from viewfs:// to hdfs:// you should be 
able to do this.

> RBF: Adding security
> --------------------
>
>                 Key: HDFS-13532
>                 URL: https://issues.apache.org/jira/browse/HDFS-13532
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>            Reporter: Íñigo Goiri
>            Assignee: CR Hota
>            Priority: Major
>         Attachments: RBF _ Security delegation token thoughts.pdf, RBF _ 
> Security delegation token thoughts_updated.pdf, RBF _ Security delegation 
> token thoughts_updated_2.pdf, RBF-DelegationToken-Approach1b.pdf, RBF_ 
> Security delegation token thoughts_updated_3.pdf, Security_for_Router-based 
> Federation_design_doc.pdf
>
>
> HDFS Router based federation should support security. This includes 
> authentication and delegation tokens.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to