[
https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15665273#comment-15665273
]
Li Lu commented on YARN-3053:
-----------------------------
Thanks [~varun_saxena]!
bq. When collector manager receives the request to launch an app collector, it
will generate a token and send it back along with timeline service address to
NM Collector service. We will send this as part of collector protocol to make
sure this works when Collector runs as a separate process / system container.
Once Collector responds to NM with token, token will be forwarded along with
timeline service address to RM and then RM can inform AM with the token.
Got a chance to discuss this topic with [~jianhe] offline. To me this is not an
use case for *delegation* tokens? if we model the timeline service as a YARN
internal service, YARN can grant the AM a token to access its own timeline
collector. There is not much difference between this token and the NM tokens or
AMRM tokens. So it is possible to put the token that grants the application's
access to the collector into the AM's launching context, so that when the AM
got launched it is possible to access its collector.
A real challenge is to provide a general approach to authenticate the timeline
collectors. Right now we ran the collectors within the NM, so kerberos login is
not an issue. However, we also plan to run collectors in separate processes, or
even in containers. For collectors running in a separate process then the NM,
it's fine to run the collector manager process as YARN and perform a kerberos
login. However, if we'd like to run the collectors in separate containers, the
containers may probably under the user's name (to better tracking it's resource
usage). In this way, the collector itself needs some sort of authentication?
Thoughts here?
> [Security] Review and implement security in ATS v.2
> ---------------------------------------------------
>
> Key: YARN-3053
> URL: https://issues.apache.org/jira/browse/YARN-3053
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Sangjin Lee
> Assignee: Varun Saxena
> Labels: YARN-5355
> Attachments: ATSv2Authentication(draft).pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for
> security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and
> any other relevant security aspects.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
