Naganarasimha G R commented on YARN-3557:

Hi [~dian.fu],
Thanks for posting the doc.  My views are similar to [~wangda], 
bq. Need to provide a mechanism at RM side which can configure node label in 
the similar way as YARN-2495.
Did you mean NM here ? RM side configure is already there and NM side 
(distributed) is almost done and might be available in 2.8.

bq. As labels related to security are very sensitive, it’s better to manage 
these labels through the centralized method. So we choose #2
If you have selected the 2nd option {{RM retrieve the trust status of all 
cluster nodes from OAT}}, then why is it dependent on YARN-2495 & support to 
{{configure centralized node label configuration or distributed node label 
configuration}} required ? And also as Wangda mentioned there would be issues 
with mixing them up.

Scenario suggested here looks like a good use case of NodeLabels but could not 
get the need for modifications or current limitations in the feature which 
blocks the scenario.

> Support Intel Trusted Execution Technology(TXT) in YARN scheduler
> -----------------------------------------------------------------
>                 Key: YARN-3557
>                 URL: https://issues.apache.org/jira/browse/YARN-3557
>             Project: Hadoop YARN
>          Issue Type: New Feature
>            Reporter: Dian Fu
>         Attachments: Support TXT in YARN high level design doc.pdf
> Intel TXT defines platform-level enhancements that provide the building 
> blocks for creating trusted platforms. A TXT aware YARN scheduler can 
> schedule security sensitive jobs on TXT enabled nodes only. YARN-2492 
> provides the capacity to restrict YARN applications to run only on cluster 
> nodes that have a specified node label. This is a good mechanism that be 
> utilized for TXT aware YARN scheduler.

This message was sent by Atlassian JIRA

Reply via email to