[
https://issues.apache.org/jira/browse/YARN-6638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16042434#comment-16042434
]
Varun Saxena commented on YARN-6638:
------------------------------------
bq. How about reusing reusing RM timeline APIs for reader server? But one
potential issue I see is reader server can be any number deployed in cluster,
so RM will issue token to which reader server?
I think the reader instance itself should issue delegation token. We would have
to address recovery of tokens as well if we do it. Once we have work for
offline timeline collector in, even collectors may need to recover token to
have them across restarts.
So I had thought we can add DT support in reader then.
I will change the patch to use Authentication Filter as of now. And add back
the Timeline Auth filter once the support for delegation token is added. We do
not have a JIRA for it as of now. Will raise it. I think we can have it in the
next iteration. We do not need it immediately. Or for your use case scenario,
do you need it immediately? If yes, we can do it in this iteration itself.
> [Security] Timeline reader side changes for loading auth filters and
> principals
> -------------------------------------------------------------------------------
>
> Key: YARN-6638
> URL: https://issues.apache.org/jira/browse/YARN-6638
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Varun Saxena
> Assignee: Varun Saxena
> Attachments: YARN-6638-YARN-5355.01.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
