[
https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15674433#comment-15674433
]
Joep Rottinghuis commented on YARN-3053:
----------------------------------------
Once we trust that the connection to the collector is secure, the remaining
part is to ensure that collectors to HBase are secure.
As noted during the status call today, this shouldn't be hard given that the
collectors run in the NM JVM, so we can configure the NM user (whether is it
"yarn", "mapred", or something else) to have access to write to HBase.
Wrt. YARN-4061 we can make sure that any spooling that the HBase client does to
HDFS will be as the same user as the client ("yarn" or "mapred") in a directory
protected by HDFS permissions.
If collectors are going to run in their own containers, we'll have to deal with
HBase authentication tokens and (HDFS) delegation tokens.
> [Security] Review and implement security in ATS v.2
> ---------------------------------------------------
>
> Key: YARN-3053
> URL: https://issues.apache.org/jira/browse/YARN-3053
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Sangjin Lee
> Assignee: Varun Saxena
> Labels: YARN-5355
> Attachments: ATSv2Authentication(draft).pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for
> security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and
> any other relevant security aspects.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
