[jira] [Commented] (YARN-1151) Ability to configure auxiliary services from HDFS-based JAR files

Thu, 22 Mar 2018 14:21:26 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16410330#comment-16410330
 ] 

Jason Lowe commented on YARN-1151:
----------------------------------

+1 for Robert's comment about security.  We need to be very careful about 
consuming files from distributed sources.

bq. Probably we should check the file permission of the tars is something like 
600?

We need to check for jarfile owner == NM user and {{(permbits & 0022) == 0}} 
(i.e.: it's not writable by group or other).  IMO from the NM perspective, it's 
not critical to ensure the files aren't readable by group or other.  It is 
critical to make sure the files are not writeable.




> Ability to configure auxiliary services from HDFS-based JAR files
> -----------------------------------------------------------------
>
>                 Key: YARN-1151
>                 URL: https://issues.apache.org/jira/browse/YARN-1151
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: nodemanager
>    Affects Versions: 2.1.0-beta, 2.9.0
>            Reporter: john lilley
>            Assignee: Xuan Gong
>            Priority: Major
>              Labels: auxiliary-service, yarn
>         Attachments: YARN-1151.1.patch, YARN-1151.branch-2.poc.patch, 
> [YARN-1151] [Design] Configure auxiliary services from HDFS-based JAR 
> files.pdf
>
>
> I would like to install an auxiliary service in Hadoop YARN without actually 
> installing files/services on every node in the system.  Discussions on the 
> user@ list indicate that this is not easily done.  The reason we want an 
> auxiliary service is that our application has some persistent-data components 
> that are not appropriate for HDFS.  In fact, they are somewhat analogous to 
> the mapper output of MapReduce's shuffle, which is what led me to 
> auxiliary-services in the first place.  It would be much easier if we could 
> just place our service's JARs in HDFS.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to