[
https://issues.apache.org/jira/browse/YARN-575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13642445#comment-13642445
]
Vinod Kumar Vavilapalli commented on YARN-575:
----------------------------------------------
I don't think we really want the APIs to be user-accessible by opening up NM
itself to the users.
startContainer():
- should only be called by the AM.
stopContainer()/getContainerStatus():
- Today these are only callable by the AM which launches containers - which is
bad of course. Once YARN-613 is done, we will use the AMToken for
authentication to the NM, so any AM can talk to a NM irrespective of whether it
launched containers or not.
- If user really wants to stop a container, or get a container-status, we can
add this as an RM API - RM has enough information to tell the users - should we
go that way?
> ContainerManager APIs should be user accessible
> -----------------------------------------------
>
> Key: YARN-575
> URL: https://issues.apache.org/jira/browse/YARN-575
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: nodemanager
> Affects Versions: 2.0.4-alpha
> Reporter: Siddharth Seth
> Priority: Critical
>
> Auth for ContainerManager is based on the containerId being accessed - since
> this is what is used to launch containers (There's likely another jira
> somewhere to change this to not be containerId based).
> What this also means is the API is effectively not usable with kerberos
> credentials.
> Also, it should be possible to use this API with some generic tokens
> (RMDelegation?), instead of with Container specific tokens.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
