[
https://issues.apache.org/jira/browse/YARN-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14042446#comment-14042446
]
Vinod Kumar Vavilapalli commented on YARN-941:
----------------------------------------------
Clarifications for folks who are just getting started in this space
- Not renewing tokens is the same as dishing out tokens without an expiry time.
- The underlying master-key needs to be rolled over every so often, otherwise
we run the risk of malicious users collecting tokens over time and having
indefinite time to guess the underlying keys.
- Once we roll the master-keys, together with the fact that we want to support
services that run for ever, the only way we can support not expiring tokens is
by making ResourceManager remember master-keys for ever which is not feasible.
Hence, we roll master-keys, and to limit the memory requirements of
ResourceManager, we also expire tokens and therefore to support long running
services, we have to replace tokens.
And like [~xgong], mentioned above this JIRA is focused on putting expiry times
for AMRMTokens and then periodically replacing them. This is the same thing
that we do for NMTokens. If folks want to pursue a new approach, that should
apply to all tokens and so should be done separately.
> RM Should have a way to update the tokens it has for a running application
> --------------------------------------------------------------------------
>
> Key: YARN-941
> URL: https://issues.apache.org/jira/browse/YARN-941
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Robert Joseph Evans
> Assignee: Xuan Gong
> Attachments: YARN-941.preview.2.patch, YARN-941.preview.3.patch,
> YARN-941.preview.4.patch, YARN-941.preview.patch
>
>
> When an application is submitted to the RM it includes with it a set of
> tokens that the RM will renew on behalf of the application, that will be
> passed to the AM when the application is launched, and will be used when
> launching the application to access HDFS to download files on behalf of the
> application.
> For long lived applications/services these tokens can expire, and then the
> tokens that the AM has will be invalid, and the tokens that the RM had will
> also not work to launch a new AM.
> We need to provide an API that will allow the RM to replace the current
> tokens for this application with a new set. To avoid any real race issues, I
> think this API should be something that the AM calls, so that the client can
> connect to the AM with a new set of tokens it got using kerberos, then the AM
> can inform the RM of the new set of tokens and quickly update its tokens
> internally to use these new ones.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
