Work in Progress
The sequence diagrams below are intended to be a very detailed description of the interactions that occur during the process of defining, submitting and executing a map reduce job on a secure Hadoop 2.x cluster.
The descriptions of the interactions below take this form.
Code Block |
---|
message [Protocol] ( input ) : output |
Wiki Markup |
---|
The {{\[Protocol\]}} portion describes the protocol, authentication mechanism and identities exchanged. |
Abbreviation | Description | ||
---|---|---|---|
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="380f9deb-125f-4f73-be89-fbeed70da198"><ac:plain-text-body><![CDATA[ | | Kerberos Protocol | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4a63bfaa-2cc3-46f8-9f9f-8e9190a75421"><ac:plain-text-body><![CDATA[ | | RPC protocol with SASL mutual authentication using Kerberos tickets. | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="971b1f76-7852-47ec-a534-d7626b5dad3f"><ac:plain-text-body><![CDATA[ | | RPC protocol with SASL mutual authentication using delegation tokens. | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c1a7517e-fe07-4650-8b5d-de7a18ac346d"><ac:plain-text-body><![CDATA[ | | RPC protocol with SASL mutual authentication using delegation tokens. | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="45e0e303-5b68-42c2-b0c0-8c264f7a2db6"><ac:plain-text-body><![CDATA[ | | Data transfer protocol between the DataNode and a client. HTTP protocol with block tokens plus SHA1 hash exchange. | ]]></ac:plain-text-body></ac:structured-macro> |
Suffixes are used in many cases to denote type.
Abbreviation | Description |
---|---|
tgt | Kerberos Ticket Granting Ticket |
kp | Kerberos Principal: nn-kp = The Kerberos principal for the NameNode nn |
kt | Kerberos Ticket: u-jt-kt = A Kerberos Ticket for User u to access the JobTracker jt |
sk | Secret Key |
dt | Delegation Token |
tkn | Token |
Kerberos principals use the principal abbreviation and the kp suffix.
Abbreviation | Description |
---|---|
| NameNode's Kerberos Principal |
| DataNode's Kerberos Principal (Unique principal for each DataNode on every node) |
| JobTracker's Kerberos Principal |
| TaskTracker's Kerberos Principal (Unique principal for each TaskTracker on every node) |
Kerberos tickets use the consumer principal abbreviation, provider principal abbreviation and kt suffix.
Abbreviation | Description |
---|---|
| Kerberos service ticket for User u to access NameNode nn |
| Kerberos service ticket for User u to access JobTracker jt |
| Kerberos service ticket for DataNode dn to access NameNode nn |
| Kerberos service ticket for JobTracker dn to access NameNode nn |
| Kerberos service ticket for TaskTracker tt to access JobTracker jt |
...
...
...
...
...
...
...
...