[ https://issues.apache.org/jira/browse/YARN-4653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15123315#comment-15123315 ]
Steve Loughran commented on YARN-4653: -------------------------------------- thanks for the link ... hadn't seen that. nice. That's a document which should be linked to, ideally even pulled into the hadoop site I'm doing something less ambitious but equally important: explain to application developers what they need. I'll change the title accordingly > Document YARN security model from the perspective of Application Developers > --------------------------------------------------------------------------- > > Key: YARN-4653 > URL: https://issues.apache.org/jira/browse/YARN-4653 > Project: Hadoop YARN > Issue Type: Task > Components: site > Affects Versions: 2.7.2 > Reporter: Steve Loughran > Assignee: Steve Loughran > Original Estimate: 2h > Remaining Estimate: 2h > > What YARN apps need to do for security today is generally copied direct from > distributed shell, with a bit of [ill-informed > superstition|https://steveloughran.gitbooks.io/kerberos_and_hadoop/content/sections/yarn.html] > being the sole prose. > We need a normative document in the YARN site covering > # the needs for YARN security > # token creation for AM launch > # how the RM gets involved > # token propagation on container launch > # token renewal strategies > # How to get tokens for other apps like HBase and Hive. > # how to work under OOzie > Perhaps the WritingYarnApplications.md doc is updated, otherwise why not just > link to the relevant bit of the distributed shell client on github for a > guarantee of staying up to date? -- This message was sent by Atlassian JIRA (v6.3.4#6332)