[ https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15665273#comment-15665273 ]
Li Lu commented on YARN-3053: ----------------------------- Thanks [~varun_saxena]! bq. When collector manager receives the request to launch an app collector, it will generate a token and send it back along with timeline service address to NM Collector service. We will send this as part of collector protocol to make sure this works when Collector runs as a separate process / system container. Once Collector responds to NM with token, token will be forwarded along with timeline service address to RM and then RM can inform AM with the token. Got a chance to discuss this topic with [~jianhe] offline. To me this is not an use case for *delegation* tokens? if we model the timeline service as a YARN internal service, YARN can grant the AM a token to access its own timeline collector. There is not much difference between this token and the NM tokens or AMRM tokens. So it is possible to put the token that grants the application's access to the collector into the AM's launching context, so that when the AM got launched it is possible to access its collector. A real challenge is to provide a general approach to authenticate the timeline collectors. Right now we ran the collectors within the NM, so kerberos login is not an issue. However, we also plan to run collectors in separate processes, or even in containers. For collectors running in a separate process then the NM, it's fine to run the collector manager process as YARN and perform a kerberos login. However, if we'd like to run the collectors in separate containers, the containers may probably under the user's name (to better tracking it's resource usage). In this way, the collector itself needs some sort of authentication? Thoughts here? > [Security] Review and implement security in ATS v.2 > --------------------------------------------------- > > Key: YARN-3053 > URL: https://issues.apache.org/jira/browse/YARN-3053 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver > Reporter: Sangjin Lee > Assignee: Varun Saxena > Labels: YARN-5355 > Attachments: ATSv2Authentication(draft).pdf > > > Per design in YARN-2928, we want to evaluate and review the system for > security, and ensure proper security in the system. > This includes proper authentication, token management, access control, and > any other relevant security aspects. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org