[ https://issues.apache.org/jira/browse/YARN-694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Omkar Vinit Joshi updated YARN-694: ----------------------------------- Summary: AM uses the NMToken to authenticate all communication with NM. NM remembers and updates token across RM restart (was: AM uses the AMNMToken to authenticate all communication with NM. NM remembers and updates token across RM restart) > AM uses the NMToken to authenticate all communication with NM. NM remembers > and updates token across RM restart > --------------------------------------------------------------------------------------------------------------- > > Key: YARN-694 > URL: https://issues.apache.org/jira/browse/YARN-694 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Omkar Vinit Joshi > Assignee: Omkar Vinit Joshi > > AM uses the AMNMToken to authenticate all the AM-NM communication. > NM will validate AMNMToken in below manner > * If AMNMToken is using current or previous master key then the AMNMToken is > valid. In this case it will update its cache with this key corresponding to > appId. > * If AMNMToken is using the master key which is present in NM's cache > corresponding to AM's appId then it will be validated based on this. > * If AMNMToken is invalid then NM will reject AM calls. > Modification for ContainerToken > * At present RPC validates AM-NM communication based on ContainerToken. It > will be replaced with AMNMToken. Also now onwards AM will use AMNMToken per > NM (replacing earlier behavior of ContainerToken per container per NM). > * startContainer in case of Secured environment is using ContainerToken from > UGI YARN-617; however after this it will use it from the payload (Container). > * ContainerToken will exist and it will only be used to validate the AM's > container start request. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira