You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@tez.apache.org by "Jason Lowe (JIRA)" <ji...@apache.org> on 2015/10/14 18:11:05 UTC

[jira] [Assigned] (TEZ-2886) Ability to merge AM credentials with DAG credentials

     [ https://issues.apache.org/jira/browse/TEZ-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Lowe reassigned TEZ-2886:
-------------------------------

    Assignee: Jason Lowe

bq. Did you mean "AM NodeManager" and "Other NodeManagers" ?
Technically yes.  Task containers that happen to run on the AM node will have logs aggregated since the NM aggregator gets the token from the first container that runs on the node.

bq. Unrelated to this jira: Does the RM end up obtaining tokens for this alternate filesystem on behalf of the user ? (Is it running with proxy capabilities?)
Yes, the RM is acting as a proxy.

bq. It should be possible to run DAGs for different users within the same session
This seems like it could have problems in practice.  Who owns the logs, for example?  How does a user authenticate with that AM when they try to monitor their specific session?  Curious, is there a use case for this or is it theoretical?

bq. To fix this, do we want to add an option to merge all credentials
That's my plan initially.  Given that Tez went out of its way to not use the AM credentials, I assumed there must be some reason that was desired and am coding up a config to request it be merged.  One might argue the default should be it merges and in the, I'm guessing rare, case that one does not want that behavior it can be set to false.

> Ability to merge AM credentials with DAG credentials
> ----------------------------------------------------
>
>                 Key: TEZ-2886
>                 URL: https://issues.apache.org/jira/browse/TEZ-2886
>             Project: Apache Tez
>          Issue Type: Improvement
>    Affects Versions: 0.7.0
>            Reporter: Jason Lowe
>            Assignee: Jason Lowe
>
> Currently AM credentials are explicitly kept separate from DAG credentials, but this can cause problems when credentials are automatically added to the application as part of the submission process but outside of the client's knowledge.  We need the ability for the AM's credentials to be merged with the DAG credentials so DAGs can pick up important credentials that were not submitted by the client.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)