[jira] [Commented] (YARN-613) Create NM proxy per NM instead of per container

Tue, 14 May 2013 17:36:14 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13657744#comment-13657744
 ] 

Omkar Vinit Joshi commented on YARN-613:
----------------------------------------

I am just summarizing the changes which we need to make for AMNMToken per AM 
per NM 

AMNMToken will remain valid until application is Alive. So Ideally AM will be 
able to communicated with NM as long as
* It received AMNMToken and at least started one container on the underlying 
Node (NameNode).
* Application has not yet finished.( Because after this NM will no longer 
remember about this AMNMToken master key...)

List of changes..
* RM side
** RM will now have ...RMAMNMTokenSecretManager which will generate token for 
every application per NM. This token creation will happen only once per NM per 
AM. If AM requests and gets new container on same NM then the token will not be 
regenerated. So RM maintains a map of AMNMTokens sent per AM per NM ... 
** RM will share master key with NM in its heartbeat if updated.

* AM side
** AM will now have to remember AMNMTokens per NM which it will get only once 
per NM during allocate call.
** AM will use this token for authentication by updating UGI while 
communicating with NM

* NM side
** NMAMNMTokenSecretManager will remember current and previous master key 
received as a part of heartbeat.
** It will also remember MasterKeyId per AM (appId) (This is to make sure we 
can support long running jobs).
** It will authenticate startContainer, getContainerStatus and stopContainer 
calls using AMNMToken via already saved master key. For very first 
startContainer request for the application using current/previous master key.

                
> Create NM proxy per NM instead of per container
> -----------------------------------------------
>
>                 Key: YARN-613
>                 URL: https://issues.apache.org/jira/browse/YARN-613
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Bikas Saha
>            Assignee: Omkar Vinit Joshi
>
> Currently a new NM proxy has to be created per container since the secure 
> authentication is using a containertoken from the container.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to