[jira] [Commented] (MAPREDUCE-5663) Add an interface to Input/Ouput Formats to obtain delegation tokens

Wed, 15 Jan 2014 17:50:49 -0800 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-5663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13872944#comment-13872944
 ] 

Siddharth Seth commented on MAPREDUCE-5663:
-------------------------------------------

bq. I'm not against this, just not sure how existing services function if 
they're asked for tokens with security disabled. HDFS, afaik, works just fine.

bq. ... JobSubmitter#populateTokenCache() method which is called by 
JobSubmitter#submitJobInternal() ...
All of these methods are invoked, but end up calling 
TokenCache.obtainTokensForNameNodeInternal - which short circuits the fetch 
based on the security settings.

That's an interesting proposal. 
Each application would have to figure out how it gets this list of URIs. MR, if 
it chooses can have Input/OutputFormats implement an interface to retrieve URIs 
instead of getting the Credentials directly.

Spoke [~devaraj] on how this could work for HBase - I'm not sure if all systems 
which provide credentials can have their information represented as a URI. In 
case of HBase, I believe this is a quorum, which is available in the 
Configuration. For HBase, this could potentially be faked by setting the URI as 
hbase://

Alrternately, this could accept a list of Strings instead of URIs, or even a 
<String, URI> pair - where the first part represents the provider, and the 
second one is the URI - if applicable.

> Add an interface to Input/Ouput Formats to obtain delegation tokens
> -------------------------------------------------------------------
>
>                 Key: MAPREDUCE-5663
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-5663
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>            Reporter: Siddharth Seth
>            Assignee: Michael Weng
>         Attachments: MAPREDUCE-5663.4.txt, MAPREDUCE-5663.5.txt, 
> MAPREDUCE-5663.6.txt, MAPREDUCE-5663.patch.txt, MAPREDUCE-5663.patch.txt2, 
> MAPREDUCE-5663.patch.txt3
>
>
> Currently, delegation tokens are obtained as part of the getSplits / 
> checkOutputSpecs calls to the InputFormat / OutputFormat respectively.
> This works as long as the splits are generated on a node with kerberos 
> credentials. For split generation elsewhere (AM for example), an explicit 
> interface is required.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to