[
https://issues.apache.org/jira/browse/MAPREDUCE-5199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daryn Sharp updated MAPREDUCE-5199:
-----------------------------------
Attachment: MAPREDUCE-5199.patch
bq. JobImpl.fsTokens should be renamed too.
Done
bq. Jobtoken itself could be set in jobCredentials and passed to TaskImpl etc.
Perhaps another ticket.
Yes, will defer since it's out of scope for removing appTokens file.
bq. initAndStartAppMaster Adding the credentials to conf is necessary for the
sake of MAPREDUCE-5240. Please remove the comment " // shouldn't be necessary"
Removed.
bq. And it is better to add to conf before init() happens. We never know if the
original conf is cached as part of init().
Done. Although the first thing init() does is call the method to setup the
credentials, I changed it.
bq. appMasterUgi is useless. Perhaps remove it in a separate ticket.
I too thought it was useless, but it's not. That's how the AM constructs a UGI
as the submitting user in insecure mode. Otherwise the UGI is the NM user.
The issue is the launch context sets $USER which in turn is used by the AM to
construct the "unnecessary" UGI. However if $HADOOP_USER_NAME=$USER is also
defined in the launch context, the UGI will create the login UGI as the
submitter.
bq. TestMRAppMaster: Wherever you say appToken shouldn't be present, you should
explicitly validate it. Seems like that comment is invalid in some cases.
It does validate by checking that there's 1 token, and that it's the expected
non-app token.
bq. MRJobConf.APPLICATION_TOKENS_FILE should just be removed along with the
java comments. This was supposed to be private anyways.
Done. I considered this too, but was worried if other projects might be using
it.
bq. downloadTokensAndSetupUGI -> setupJobCredentialsAndUGI like Sid proposed.
Done.
> AppTokens file can/should be removed
> ------------------------------------
>
> Key: MAPREDUCE-5199
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-5199
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: security
> Affects Versions: 3.0.0, 2.0.5-beta
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: MAPREDUCE-5199.patch, MAPREDUCE-5199.patch
>
>
> All the required tokens are propagated to AMs and containers via
> startContainer(), no need for explicitly creating the app-token file that we
> have today..
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
