Hi Rohith,
Thanks for the quick response. That sounds promising. Do you know how I can extend the client interface of the RPC port? I know AM has some endpoints exposed through the RPC port for internal YARN communications, but was not sure how I can extend it to expose a custom endpoint. Any pointer would be appreciated! Mingyu From: Rohith Sharma K S <rohithsharm...@huawei.com> Date: Wednesday, June 8, 2016 at 10:39 PM To: Mingyu Kim <m...@palantir.com>, "user@hadoop.apache.org" <user@hadoop.apache.org> Cc: Matt Cheah <mch...@palantir.com> Subject: RE: Securely discovering Application Master's metadata or sending a secret to Application Master at submission Hi Apart from AM address and tracking URL, no other meta data of applicationMaster are stored in YARN. May be AM can expose client interface so that AM clients can interact with Running AM to retrieve specific AM details. RPC port of AM can be get from YARN client interface such as ApplicationClientProtocol# getApplicationReport() OR ApplicationClientProtocol #getApplicationAttemptReport(). Thanks & Regards Rohith Sharma K S From: Mingyu Kim [mailto:m...@palantir.com] Sent: 09 June 2016 10:36 To: user@hadoop.apache.org Cc: Matt Cheah Subject: Securely discovering Application Master's metadata or sending a secret to Application Master at submission Hi all, To provide a bit of background, I’m trying to deploy a REST server on Application Master and discover the randomly assigned port number securely. I can easily discover the host name of AM through YARN REST API, but the port number needs to be discovered separately. (Port number is assigned within a specified range with retries to avoid port conflicts) An easy solution would be to have Application Master make a callback with the port number, but I’d like to design it such that YARN nodes don’t talk back to the node that submitted the YARN application. So, this problem reduces to securely discovering a small metadata of Application Master. To be clear, by being secure, I’m less concerned about exposing the information to others, but more concerned about the integrity of data (e.g. the metadata actually originated from the Application Master.) I was hoping that there is a way to register some Application Master metadata to Resource Manager, but there doesn’t seem to be a way. Another option I considered was to write the information to a HDFS file, but in order to verify the integrity of the content, I need a way to securely send a private key to Application Master, which I’m not sure what the best is. To recap, does anyone know if there is a way · To register small metadata securely from Application Master to Resource Manager so that it can be discovered by the YARN application submitter? · Or, to securely send a private key to Application Master at the application submission time? Thanks a lot, Mingyu
smime.p7s
Description: S/MIME cryptographic signature