[
https://issues.apache.org/jira/browse/YARN-7605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7605:
----------------------------
Description: In YARN-7540, all client entry points for API service is
centralized to use REST API instead of having direct file system and resource
manager rpc calls. This change helped to centralize yarn metadata to be owned
by yarn user instead of crawling through every user's home directory to find
metadata. The next step is to make sure "doAs" calls work properly for API
Service. The metadata is stored by YARN user, but the actual workload still
need to be performed as end users, hence API service must authenticate end user
kerberos credential, and perform doAs call when requesting containers via
ServiceClient. (was: In YARN-7540, all client entry points for API service is
centralized to use REST API instead of having direct file system and resource
manager rpc calls. This change helped to centralize yarn metadata to be owned
by yarn user instead of crawling through every user's home directory to find
metadata. The next step is to make sure "doAs" calls work properly for API
Service. The metadata is stored by YARN user, but the actual workload still
need to be performed as end users, hence API service must authenticate end user
kerberos credential, and perform doAs call when requesting containers by
Application Manager.)
> Implement doAs for Api Service REST API
> ---------------------------------------
>
> Key: YARN-7605
> URL: https://issues.apache.org/jira/browse/YARN-7605
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Eric Yang
> Fix For: yarn-native-services
>
>
> In YARN-7540, all client entry points for API service is centralized to use
> REST API instead of having direct file system and resource manager rpc calls.
> This change helped to centralize yarn metadata to be owned by yarn user
> instead of crawling through every user's home directory to find metadata.
> The next step is to make sure "doAs" calls work properly for API Service.
> The metadata is stored by YARN user, but the actual workload still need to be
> performed as end users, hence API service must authenticate end user kerberos
> credential, and perform doAs call when requesting containers via
> ServiceClient.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
