You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Tarun Parimi (JIRA)" <ji...@apache.org> on 2019/02/28 06:54:00 UTC

[jira] [Assigned] (YARN-9224) TimelineDelegationTokenIdentifier.Renewer contacts KDC for every renew/cancel token operation

     [ https://issues.apache.org/jira/browse/YARN-9224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tarun Parimi reassigned YARN-9224:
----------------------------------

    Assignee: Tarun Parimi

> TimelineDelegationTokenIdentifier.Renewer contacts KDC for every renew/cancel token operation
> ---------------------------------------------------------------------------------------------
>
>                 Key: YARN-9224
>                 URL: https://issues.apache.org/jira/browse/YARN-9224
>             Project: Hadoop YARN
>          Issue Type: Bug
>    Affects Versions: 2.6.0, 2.7.3
>            Reporter: Tarun Parimi
>            Assignee: Tarun Parimi
>            Priority: Major
>         Attachments: YARN-9224.001.patch, YARN-9224.002.patch, YARN-9224.003.patch
>
>
> In a production cluster, we have observed the active RM principal making excessive requests to the KDC server. Being a service principal, this shouldn't be the case normally.
> On capturing tcpdump for the connections between RM and KDC, we saw that these excessive requests were for the SPNEGO service HTTP/ats-host.example.com .
> The requests were also matching in frequency with the below log entry in RM.
> {code:java}
> 2019-01-09T03:41:56.048-0500 INFO org.apache.hadoop.yarn.client.api.impl.TimelineClientImpl: Timeline service address: http://ats-host.example.com:8188/ws/v1/timeline/ 
> {code}
> On looking at the code in TimelineDelegationTokenIdentifier.java, it seems this kdc request for SPNEGO is done as we are creating a new timeline client instance every time.
> {code:java}
> @SuppressWarnings("unchecked")
>     @Override
>     public long renew(Token<?> token, Configuration conf) throws IOException,
>         InterruptedException {
>       TimelineClient client = TimelineClient.createTimelineClient();
>       try {
>         client.init(conf);
>         client.start();
>         return client.renewDelegationToken(
>             (Token<TimelineDelegationTokenIdentifier>) token);
>       } catch (YarnException e) {
>         throw new IOException(e);
>       } finally {
>         client.stop();
>       }
>     }
>     @SuppressWarnings("unchecked")
>     @Override
>     public void cancel(Token<?> token, Configuration conf) throws IOException,
>         InterruptedException {
>       TimelineClient client = TimelineClient.createTimelineClient();
>       try {
>         client.init(conf);
>         client.start();
>         client.cancelDelegationToken(
>             (Token<TimelineDelegationTokenIdentifier>) token);
>       } catch (YarnException e) {
>         throw new IOException(e);
>       } finally {
>         client.stop();
>       }
>     }{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org