You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by aa...@apache.org on 2021/07/12 01:19:55 UTC
[hadoop] branch branch-2.10 updated: HADOOP-12665. Document
hadoop.security.token.service.use_ip. (#3187)
This is an automated email from the ASF dual-hosted git repository.
aajisaka pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-2.10 by this push:
new 992d2c5 HADOOP-12665. Document hadoop.security.token.service.use_ip. (#3187)
992d2c5 is described below
commit 992d2c5f4e5041f5c3b34ec0517ef0c352ed0e3a
Author: Akira Ajisaka <aa...@apache.org>
AuthorDate: Mon Jul 12 10:16:13 2021 +0900
HADOOP-12665. Document hadoop.security.token.service.use_ip. (#3187)
Reviewed-by: Masatake Iwasaki <iw...@apache.org>
Reviewed-by: Chris Nauroth <cn...@apache.org>
(cherry picked from commit c81f82e21d137b6d45c20c481e7bbc6160d72f94)
---
.../src/main/resources/core-default.xml | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
index 15e515f..584c633 100644
--- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -646,6 +646,27 @@
</description>
</property>
+ <property>
+ <name>hadoop.security.token.service.use_ip</name>
+ <value>true</value>
+ <description>
+ Controls whether tokens always use IP addresses.
+ DNS changes will not be detected if this option is enabled.
+ Existing client connections that break will always reconnect
+ to the IP of the original host. New clients will connect
+ to the host's new IP but fail to locate a token.
+ Disabling this option will allow existing and new clients
+ to detect an IP change and continue to locate the new host's token.
+
+ In secure multi-homed environments, this parameter will need to
+ be set to false on both cluster servers and clients (see HADOOP-7733).
+ If it is not set correctly, the symptom will be inability to
+ submit an application to YARN from an external client
+ (with error "client host not a member of the Hadoop cluster"),
+ or even from an in-cluster client if server failover occurs.
+ </description>
+ </property>
+
<property>
<name>hadoop.workaround.non.threadsafe.getpwuid</name>
<value>true</value>
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org