You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Jason Lowe (JIRA)" <ji...@apache.org> on 2017/05/03 21:12:04 UTC

[jira] [Commented] (YARN-3053) [Security] Review and implement authentication in ATS v.2

    [ https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15995692#comment-15995692 ] 

Jason Lowe commented on YARN-3053:
----------------------------------

Thanks for updating the document, Varun!  I think the approach is reasonable, since it piggybacks on the discovery problem which already needed to be solved.  Also I think it makes sense that we don't need to persist the tokens in any way, since the collector needs to be re-discovered if restarted and new tokens can be handed out at that point.

Not really a security concern, but I'm assuming the ATSv2 client is going to have to buffer/spool events until the collector has been discovered or there's some kind of flow control mitigation there.  By default the AM is being started with no way to write events until the collector is discovered (which could take some number of heartbeats given the circuitous route the information takes) and there's also the case where the collector becomes unavailable temporarily (e.g.: collector restarts/crashes/etc.).


> [Security] Review and implement authentication in ATS v.2
> ---------------------------------------------------------
>
>                 Key: YARN-3053
>                 URL: https://issues.apache.org/jira/browse/YARN-3053
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Sangjin Lee
>            Assignee: Varun Saxena
>              Labels: YARN-5355, yarn-5355-merge-blocker
>         Attachments: ATSv2Authentication(draft).pdf, ATSv2Authentication.v01.pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and any other relevant security aspects.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org