[
https://issues.apache.org/jira/browse/MAPREDUCE-3943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13261805#comment-13261805
]
Siddharth Seth commented on MAPREDUCE-3943:
-------------------------------------------
Looked at the patch. Needs some fixes.
- There's a possibility of an AM getting a container token using the new master
key - before the NM receives the updated key. We have to make sure the NMs
receive the updated key before they are used.
- The NM updates it's master key each time it receives one on a heartbeat. The
key is being sent on each heartbeat - irrespective of whether it's been updated
or not - so the NM will end up losing track of the older keys.
- Minor: ContainerTokenIdentifier doesn't need it's methods to be synchronized.
> RM-NM secret-keys should be randomly generated and rolled every so often
> ------------------------------------------------------------------------
>
> Key: MAPREDUCE-3943
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3943
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2, security
> Affects Versions: 0.23.0
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Vinod Kumar Vavilapalli
> Fix For: 0.23.2
>
> Attachments: MAPREDUCE-3943-20120416.txt
>
>
> - RM should generate the master-key randomly
> - The master-key should roll every so often
> - NM should remember old expired keys so that already doled out
> container-requests can be satisfied.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
