[
https://issues.apache.org/jira/browse/YARN-1915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14095735#comment-14095735
]
Jason Lowe commented on YARN-1915:
----------------------------------
Good question, Hitesh. I don't know exactly why that was changed, as it was
sending it either via the env or via the credentials for the container in 0.23.
I assumed there was a reason that wasn't OK given that it was explicitly
changed to not do that, but that may be a bad assumption.
Digging a bit, found this was changed in YARN-610. Apparently on Windows the
env isn't secure and secrets can be gleaned from it. The JIRA also claims the
key can't go in the container credentials, but it doesn't elaborate. If a
container's credentials also aren't secure then it seems to me we have bigger
problems than just this key.
> ClientToAMTokenMasterKey should be provided to AM at launch time
> ----------------------------------------------------------------
>
> Key: YARN-1915
> URL: https://issues.apache.org/jira/browse/YARN-1915
> Project: Hadoop YARN
> Issue Type: Sub-task
> Affects Versions: 2.2.0
> Reporter: Hitesh Shah
> Assignee: Jason Lowe
> Priority: Critical
> Attachments: YARN-1915.patch, YARN-1915v2.patch
>
>
> Currently, the AM receives the key as part of registration. This introduces a
> race where a client can connect to the AM when the AM has not received the
> key.
> Current Flow:
> 1) AM needs to start the client listening service in order to get host:port
> and send it to the RM as part of registration
> 2) RM gets the port info in register() and transitions the app to RUNNING.
> Responds back with client secret to AM.
> 3) User asks RM for client token. Gets it and pings the AM. AM hasn't
> received client secret from RM and so RPC itself rejects the request.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
