> On April 26, 2016, 7:33 p.m., Yi Pan (Data Infrastructure) wrote: > > docs/learn/documentation/versioned/yarn/yarn-security.md, line 48 > > <https://reviews.apache.org/r/46282/diff/2/?file=1347140#file1347140line48> > > > > nit: trailing white space
done. > On April 26, 2016, 7:33 p.m., Yi Pan (Data Infrastructure) wrote: > > docs/learn/documentation/versioned/yarn/yarn-security.md, line 62 > > <https://reviews.apache.org/r/46282/diff/2/?file=1347140#file1347140line62> > > > > nit: trailing white space done. > On April 26, 2016, 7:33 p.m., Yi Pan (Data Infrastructure) wrote: > > docs/learn/documentation/versioned/yarn/yarn-security.md, line 30 > > <https://reviews.apache.org/r/46282/diff/2/?file=1347140#file1347140line30> > > > > nit: config stream --> coordinator stream done. > On April 26, 2016, 7:33 p.m., Yi Pan (Data Infrastructure) wrote: > > docs/learn/documentation/versioned/yarn/yarn-security.md, line 34 > > <https://reviews.apache.org/r/46282/diff/2/?file=1347140#file1347140line34> > > > > Question: wouldn't the running container needs a HDFS delegation token > > to access secured HDFS to read the credential files as well? How is the > > initial HDFS delegation token passed to the container? Via launch context > > from RM? It would be good to add some explanation, or pointing to some > > online docs for general YARN APP launch sequence w/ Kerberos. Yes, that is my understanding. Each container, once initialized, will use whatever HDFS delegation token passed in the launch context. However, once it expires, the container won't get renewed or refreshed token from RM and that is why we need to manage renewal of HDFS delegation tokens ourselves. Same rule applies to AM too. Let me summarize this a bit, and provide some detailed explanations once confirm from the Hadoop community. - Chen ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/46282/#review130660 ----------------------------------------------------------- On April 15, 2016, 10:09 p.m., Chen Song wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/46282/ > ----------------------------------------------------------- > > (Updated April 15, 2016, 10:09 p.m.) > > > Review request for samza. > > > Repository: samza > > > Description > ------- > > SAMZA-928 document Kerberos on YARN > > > Diffs > ----- > > docs/learn/documentation/versioned/jobs/yarn-jobs.md 827cc14 > docs/learn/documentation/versioned/yarn/isolation.md 1eb3bf5 > docs/learn/documentation/versioned/yarn/yarn-security.md PRE-CREATION > > Diff: https://reviews.apache.org/r/46282/diff/ > > > Testing > ------- > > > Thanks, > > Chen Song > >
