Work in Progress
Overview
The sequence diagrams below are intended to be a very detailed description of the interactions that occur during the process of defining, submitting and executing a map reduce job on a secure Hadoop 2.x cluster.
The descriptions of the interactions below take this form.
message [Protocol] ( input ) : output
The [Protocol]
portion describes the protocol, authentication mechanism and identities exchanged.
Abbreviation |
Description |
||
---|---|---|---|
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6a392f04-5099-4aed-a7c7-4ac9d78fa9d7"><ac:plain-text-body><![CDATA[ |
|
Kerberos Protocol |
]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8bb8eb98-cd03-4ba6-b64e-e91a861b67f1"><ac:plain-text-body><![CDATA[ |
|
RPC protocol with SASL mutual authentication using Kerberos tickets. |
]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a2b924d0-c0b5-43ef-8e61-8b67cdddf3b4"><ac:plain-text-body><![CDATA[ |
|
RPC protocol with SASL mutual authentication using delegation tokens. |
]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="caad9886-d390-46f4-9def-87f15a96a5ef"><ac:plain-text-body><![CDATA[ |
|
RPC protocol with SASL mutual authentication using delegation tokens. |
]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c594abad-4b4d-49ec-8d86-06956c07bc13"><ac:plain-text-body><![CDATA[ |
|
Data transfer protocol between the DataNode and a client. HTTP protocol with block tokens plus SHA1 hash exchange. |
]]></ac:plain-text-body></ac:structured-macro> |
Suffixes are used in many cases to denote type.
Abbreviation |
Description |
---|---|
tgt |
Kerberos Ticket Granting Ticket |
kp |
Kerberos Principal: nn-kp = The Kerberos principal for the NameNode nn |
kt |
Kerberos Ticket: u-jt-kt = A Kerberos Ticket for User u to access the JobTracker jt |
dt |
Delegation Token |
tkn |
Token |
tkn-sk |
Token Secret Key |
Kerberos principals use the principal abbreviation and the kp suffix.
Abbreviation |
Description |
---|---|
|
NameNode's Kerberos Principal |
|
DataNode's Kerberos Principal (Unique principal for each DataNode on every node) |
|
JobTracker's Kerberos Principal |
|
TaskTracker's Kerberos Principal (Unique principal for each TaskTracker on every node) |
Kerberos tickets use the consumer principal abbreviation, provider principal abbreviation and kt suffix.
Abbreviation |
Description |
---|---|
|
Kerberos service ticket for User u to access NameNode nn |
|
Kerberos service ticket for User u to access JobTracker jt |
|
Kerberos service ticket for DataNode dn to access NameNode nn |
|
Kerberos service ticket for JobTracker dn to access NameNode nn |
|
Kerberos service ticket for TaskTracker tt to access JobTracker jt |
Secure MapReduce2 - Bootstrap
Secure MapReduce2 - Job Definition
Secure MapReduce2 - Job Submission
Secure MapReduce2 - Job Initiation
Secure MapReduce2 - Map Task Execution
Secure MapReduce2 - Reduce Task Execution
Secure MapReduce2 - Job Completion
Secure MapReduce2 - Client Monitoring