[
https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15983156#comment-15983156
]
Varun Saxena edited comment on YARN-3053 at 4/25/17 4:24 PM:
-------------------------------------------------------------
We will come to security for off app collectors and collector running as
container once we get to it. For the former, it will depend a great deal on the
design decided for launching off app collectors themselves.
Things are more clear when it comes to container based solution. The token
solution should work well in that case.
We would have to secure the RPC communication though which would be done once
code for collectors/aux services as containers is done.
I am doing login from keytab though in one of my JIRAs' expecting the case
where collector would run outside NM.
However, we would have to see how the collector address is passed to AM when
collector runs as separate container. I guess the info would passed onto local
NM. Will follow up on the related JIRA for launching aux services and
containers. Based on its design we can decide security design for it as well.
IIRC, as per plan we wont have collectors as containers part done by second
drop. Right?
was (Author: varun_saxena):
We will come to security for off app collectors and collector running as
container once we get to it. For the former, it will depend a great deal on the
design decided for off app collectors.
Things are more clear when it comes to container based solution. The token
solution should work well in that case.
We would have to secure the RPC communication though which would be done once
code for collectors/aux services as containers is done.
I am doing login from keytab though in one of my JIRAs' expecting the case
where collector would run outside NM.
However, we would have to see how the collector address is passed to AM when
collector runs as separate container. I guess the info would passed onto local
NM. Will follow up on the related JIRA for launching aux services and
containers. Based on its design we can decide security design for it as well.
IIRC, as per plan we wont have collectors as containers part done by second
drop. Right?
> [Security] Review and implement authentication in ATS v.2
> ---------------------------------------------------------
>
> Key: YARN-3053
> URL: https://issues.apache.org/jira/browse/YARN-3053
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Sangjin Lee
> Assignee: Varun Saxena
> Labels: YARN-5355, yarn-5355-merge-blocker
> Attachments: ATSv2Authentication(draft).pdf,
> ATSv2Authentication.v01.pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for
> security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and
> any other relevant security aspects.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
