[jira] [Commented] (YARN-617) In unsercure mode, AM can fake resource requirements

Wed, 01 May 2013 19:33:14 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13647211#comment-13647211
 ] 

Omkar Vinit Joshi commented on YARN-617:
----------------------------------------

I am attaching the patch. (Junit tests not included). I will update the patch 
with tests soon.

* At present master key is exchanged between RM and NM only if the environment 
is secured. I am updating this to make sure that RM - NM exchange master key in 
both the scenarios Secured / Unsecured.
** During NM register
** During NM heartbeat (status updater only if key is updated as it is today)
* At present master key is not genertated/sent during container launch for 
unsecured case. Now making sure that it is send as a part of the payload to 
AMLauncher to NodeManager.. On Node Manager this token will be used to verify 
container start request.
** For Secured case retrieving token from remoteUgi
** For unsecured case retrieving token from passed in container payload.

There are some other changes related to this patch
* start Container requires UGI-username to be that of container-id ... still I 
have not understood why so? (ContainerLauncherImpl)
* Making sure that NMContainerTokenSecretManager is created for both cases.
                
> In unsercure mode, AM can fake resource requirements 
> -----------------------------------------------------
>
>                 Key: YARN-617
>                 URL: https://issues.apache.org/jira/browse/YARN-617
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Omkar Vinit Joshi
>            Priority: Minor
>         Attachments: YARN-617.20130501.1.patch, YARN-617.20130501.patch
>
>
> Without security, it is impossible to completely avoid AMs faking resources. 
> We can at the least make it as difficult as possible by using the same 
> container tokens and the RM-NM shared key mechanism over unauthenticated 
> RM-NM channel.
> In the minimum, this will avoid accidental bugs in AMs in unsecure mode.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to