[
https://issues.apache.org/jira/browse/YARN-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14039279#comment-14039279
]
Jian He commented on YARN-941:
------------------------------
[~vanzin], what you said about securely exchanging tokens makes sense. Aside
from that, this jira itself about renewing tokens for long-running services is
needed.
> RM Should have a way to update the tokens it has for a running application
> --------------------------------------------------------------------------
>
> Key: YARN-941
> URL: https://issues.apache.org/jira/browse/YARN-941
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Robert Joseph Evans
> Assignee: Xuan Gong
> Attachments: YARN-941.preview.2.patch, YARN-941.preview.3.patch,
> YARN-941.preview.4.patch, YARN-941.preview.patch
>
>
> When an application is submitted to the RM it includes with it a set of
> tokens that the RM will renew on behalf of the application, that will be
> passed to the AM when the application is launched, and will be used when
> launching the application to access HDFS to download files on behalf of the
> application.
> For long lived applications/services these tokens can expire, and then the
> tokens that the AM has will be invalid, and the tokens that the RM had will
> also not work to launch a new AM.
> We need to provide an API that will allow the RM to replace the current
> tokens for this application with a new set. To avoid any real race issues, I
> think this API should be something that the AM calls, so that the client can
> connect to the AM with a new set of tokens it got using kerberos, then the AM
> can inform the RM of the new set of tokens and quickly update its tokens
> internally to use these new ones.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
