[jira] [Commented] (YARN-2156) ApplicationMasterService#serviceStart() method has hardcoded AuthMethod.TOKEN as security configuration
[ https://issues.apache.org/jira/browse/YARN-2156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14030639#comment-14030639 ] Daryn Sharp commented on YARN-2156: --- A warning doesn't make sense because it implies there is something you should change. There's not. The config setting, whether explicitly set or not, is entirely irrelevant. By design, yarn always uses tokens and these tokens carry essential information that is not otherwise obtainable for non-token authenticated connections. That's why token authentication is explicitly set. > ApplicationMasterService#serviceStart() method has hardcoded AuthMethod.TOKEN > as security configuration > --- > > Key: YARN-2156 > URL: https://issues.apache.org/jira/browse/YARN-2156 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Svetozar Ivanov > > org.apache.hadoop.yarn.server.resourcemanager.ApplicationMasterService#serviceStart() > method has mistakenly hardcoded AuthMethod.TOKEN as Hadoop security > authentication. > It looks like that: > {code} > @Override > protected void serviceStart() throws Exception { > Configuration conf = getConfig(); > YarnRPC rpc = YarnRPC.create(conf); > InetSocketAddress masterServiceAddress = conf.getSocketAddr( > YarnConfiguration.RM_SCHEDULER_ADDRESS, > YarnConfiguration.DEFAULT_RM_SCHEDULER_ADDRESS, > YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT); > Configuration serverConf = conf; > // If the auth is not-simple, enforce it to be token-based. > serverConf = new Configuration(conf); > serverConf.set( > CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, > SaslRpcServer.AuthMethod.TOKEN.toString()); > > ... > } > {code} > Obviously such code makes sense only if > CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION config setting > is missing. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (YARN-2156) ApplicationMasterService#serviceStart() method has hardcoded AuthMethod.TOKEN as security configuration
[ https://issues.apache.org/jira/browse/YARN-2156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14030286#comment-14030286 ] Svetozar Ivanov commented on YARN-2156: --- Hm, I would expect a warning message in my logs if is like you said. That's because my configuration settings are completely ignored. > ApplicationMasterService#serviceStart() method has hardcoded AuthMethod.TOKEN > as security configuration > --- > > Key: YARN-2156 > URL: https://issues.apache.org/jira/browse/YARN-2156 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Svetozar Ivanov > > org.apache.hadoop.yarn.server.resourcemanager.ApplicationMasterService#serviceStart() > method has mistakenly hardcoded AuthMethod.TOKEN as Hadoop security > authentication. > It looks like that: > {code} > @Override > protected void serviceStart() throws Exception { > Configuration conf = getConfig(); > YarnRPC rpc = YarnRPC.create(conf); > InetSocketAddress masterServiceAddress = conf.getSocketAddr( > YarnConfiguration.RM_SCHEDULER_ADDRESS, > YarnConfiguration.DEFAULT_RM_SCHEDULER_ADDRESS, > YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT); > Configuration serverConf = conf; > // If the auth is not-simple, enforce it to be token-based. > serverConf = new Configuration(conf); > serverConf.set( > CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, > SaslRpcServer.AuthMethod.TOKEN.toString()); > > ... > } > {code} > Obviously such code makes sense only if > CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION config setting > is missing. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (YARN-2156) ApplicationMasterService#serviceStart() method has hardcoded AuthMethod.TOKEN as security configuration
[ https://issues.apache.org/jira/browse/YARN-2156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14029913#comment-14029913 ] Daryn Sharp commented on YARN-2156: --- Yes, this is by design. Yarn uses tokens regardless of your security setting. > ApplicationMasterService#serviceStart() method has hardcoded AuthMethod.TOKEN > as security configuration > --- > > Key: YARN-2156 > URL: https://issues.apache.org/jira/browse/YARN-2156 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Svetozar Ivanov > > org.apache.hadoop.yarn.server.resourcemanager.ApplicationMasterService#serviceStart() > method has mistakenly hardcoded AuthMethod.TOKEN as Hadoop security > authentication. > It looks like that: > {code} > @Override > protected void serviceStart() throws Exception { > Configuration conf = getConfig(); > YarnRPC rpc = YarnRPC.create(conf); > InetSocketAddress masterServiceAddress = conf.getSocketAddr( > YarnConfiguration.RM_SCHEDULER_ADDRESS, > YarnConfiguration.DEFAULT_RM_SCHEDULER_ADDRESS, > YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT); > Configuration serverConf = conf; > // If the auth is not-simple, enforce it to be token-based. > serverConf = new Configuration(conf); > serverConf.set( > CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, > SaslRpcServer.AuthMethod.TOKEN.toString()); > > ... > } > {code} > Obviously such code makes sense only if > CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION config setting > is missing. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (YARN-2156) ApplicationMasterService#serviceStart() method has hardcoded AuthMethod.TOKEN as security configuration
[ https://issues.apache.org/jira/browse/YARN-2156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14029796#comment-14029796 ] Jian He commented on YARN-2156: --- Svetozar, I think this is expected because AMRMToken today is used in both secure and non-secure environment. > ApplicationMasterService#serviceStart() method has hardcoded AuthMethod.TOKEN > as security configuration > --- > > Key: YARN-2156 > URL: https://issues.apache.org/jira/browse/YARN-2156 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Svetozar Ivanov > > org.apache.hadoop.yarn.server.resourcemanager.ApplicationMasterService#serviceStart() > method has mistakenly hardcoded AuthMethod.TOKEN as Hadoop security > authentication. > It looks like that: > {code} > @Override > protected void serviceStart() throws Exception { > Configuration conf = getConfig(); > YarnRPC rpc = YarnRPC.create(conf); > InetSocketAddress masterServiceAddress = conf.getSocketAddr( > YarnConfiguration.RM_SCHEDULER_ADDRESS, > YarnConfiguration.DEFAULT_RM_SCHEDULER_ADDRESS, > YarnConfiguration.DEFAULT_RM_SCHEDULER_PORT); > Configuration serverConf = conf; > // If the auth is not-simple, enforce it to be token-based. > serverConf = new Configuration(conf); > serverConf.set( > CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, > SaslRpcServer.AuthMethod.TOKEN.toString()); > > ... > } > {code} > Obviously such code makes sense only if > CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION config setting > is missing. -- This message was sent by Atlassian JIRA (v6.2#6252)