You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-issues@hadoop.apache.org by "Benoy Antony (JIRA)" <ji...@apache.org> on 2012/08/13 18:44:38 UTC
[jira] [Created] (MAPREDUCE-4551) Key Protection : Add ability to
read keys and protect keys in JobClient and TTS/NodeManagers
Benoy Antony created MAPREDUCE-4551:
---------------------------------------
Summary: Key Protection : Add ability to read keys and protect keys in JobClient and TTS/NodeManagers
Key: MAPREDUCE-4551
URL: https://issues.apache.org/jira/browse/MAPREDUCE-4551
Project: Hadoop Map/Reduce
Issue Type: Sub-task
Components: job submission, security
Reporter: Benoy Antony
Assignee: Benoy Antony
The following requirements are addressed.
• Plug in different key store mechanisms.
• Retrieve specified keys from a configured keystore as part of job submission
• Protect keys during its transport through the cluster.
• Make sure that keys are handed over only to the tasks of the correct job.
Based on Cluster configuration, NodeManager/TaskTrackers set up Decrypters to decrypt the job's secrets.
Based on Job configuration, JobClient reads secrets from a KeyStore using a Keyprovider implementation and encrypts them using the cluster's public key.
The encrypted secrets are stored in Job Credentials.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-4551) Key Protection : Add ability to
read keys and protect keys in JobClient and TTS/NodeManagers
Posted by "Benoy Antony (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-4551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benoy Antony updated MAPREDUCE-4551:
------------------------------------
Attachment: MR_4551_trunk.patch
MR_4551_1_1.patch
> Key Protection : Add ability to read keys and protect keys in JobClient and TTS/NodeManagers
> -----------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-4551
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-4551
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: job submission, security
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: MR_4551_1_1.patch, MR_4551_trunk.patch
>
>
> Based on Cluster configuration, NodeManager/TaskTrackers set up Decrypters to decrypt the job's secrets.
> Based on Job configuration, JobClient reads secrets from a KeyStore using a Keyprovider implementation and encrypts them using the cluster's public key.
> The encrypted secrets are stored in Job Credentials.
> The task addresses the following requirements:
> • Plug in different key store mechanisms.
> • Retrieve specified keys from a configured keystore as part of job submission
> • Protect keys during its transport through the cluster.
> • Make sure that keys are handed over only to the tasks of the correct job.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-4551) Key Protection : Add ability to
read keys and protect keys in JobClient and TTS/NodeManagers
Posted by "Benoy Antony (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-4551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benoy Antony updated MAPREDUCE-4551:
------------------------------------
Description:
Based on Cluster configuration, NodeManager/TaskTrackers set up Decrypters to decrypt the job's secrets.
Based on Job configuration, JobClient reads secrets from a KeyStore using a Keyprovider implementation and encrypts them using the cluster's public key.
The encrypted secrets are stored in Job Credentials.
The task addresses the following requirements:
• Plug in different key store mechanisms.
• Retrieve specified keys from a configured keystore as part of job submission
• Protect keys during its transport through the cluster.
• Make sure that keys are handed over only to the tasks of the correct job.
was:
The following requirements are addressed.
• Plug in different key store mechanisms.
• Retrieve specified keys from a configured keystore as part of job submission
• Protect keys during its transport through the cluster.
• Make sure that keys are handed over only to the tasks of the correct job.
Based on Cluster configuration, NodeManager/TaskTrackers set up Decrypters to decrypt the job's secrets.
Based on Job configuration, JobClient reads secrets from a KeyStore using a Keyprovider implementation and encrypts them using the cluster's public key.
The encrypted secrets are stored in Job Credentials.
> Key Protection : Add ability to read keys and protect keys in JobClient and TTS/NodeManagers
> -----------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-4551
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-4551
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: job submission, security
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: MR_4551_1_1.patch, MR_4551_trunk.patch
>
>
> Based on Cluster configuration, NodeManager/TaskTrackers set up Decrypters to decrypt the job's secrets.
> Based on Job configuration, JobClient reads secrets from a KeyStore using a Keyprovider implementation and encrypts them using the cluster's public key.
> The encrypted secrets are stored in Job Credentials.
> The task addresses the following requirements:
> • Plug in different key store mechanisms.
> • Retrieve specified keys from a configured keystore as part of job submission
> • Protect keys during its transport through the cluster.
> • Make sure that keys are handed over only to the tasks of the correct job.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira