[
https://issues.apache.org/jira/browse/YARN-6539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16904992#comment-16904992
]
Xie YiFan commented on YARN-6539:
---------------------------------
[~subru], I cant' find any test that was related to RM and NM secureLogin.
Also, I think it's hard to add a test, because testing it requires kerberos
environment.
My implementation:
1.Call SecurityUtils#login in secureLogin to enable Router login with kerberos
like RM & NM does.
2.RouterClientRMService receives the request from the YarnClient and creates
the FederationClientInterceptor, initializes the UGI based on the user.
Next,FederationClientInterceptor forward it to RM. FederationClientInterceptor
constructs clientRMProxy to send RPC requests to RM using previously
initialized UGI. AbstractClientRequestInterceptor calls
UserGroupInformation#createProxyUser to construct UGI in setupUser, in other
word, use Router’s Kerberos identity to proxy the current user.
> Create SecureLogin inside Router
> --------------------------------
>
> Key: YARN-6539
> URL: https://issues.apache.org/jira/browse/YARN-6539
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Giovanni Matteo Fumarola
> Assignee: Xie YiFan
> Priority: Minor
> Attachments: YARN-6359_1.patch, YARN-6359_2.patch, YARN-6539_3.patch
>
>
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
