You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-dev@hadoop.apache.org by "Tarun Parimi (Jira)" <ji...@apache.org> on 2021/06/10 04:41:00 UTC
[jira] [Created] (YARN-10816) Avoid doing delegation token ops when
yarn.timeline-service.http-authentication.type=simple
Tarun Parimi created YARN-10816:
-----------------------------------
Summary: Avoid doing delegation token ops when yarn.timeline-service.http-authentication.type=simple
Key: YARN-10816
URL: https://issues.apache.org/jira/browse/YARN-10816
Project: Hadoop YARN
Issue Type: Bug
Components: timelineclient
Affects Versions: 3.4.0
Reporter: Tarun Parimi
Assignee: Tarun Parimi
YARN-10339 introduced changes to ensure that PseudoAuthenticationHandler is used in TimelineClient when yarn.timeline-service.http-authentication.type=simple
PseudoAuthenticationHandler doesn't support delegation token ops like get, renew and cancel since those ops strictly require SPNEGO auth to work. We don't use timeline delegation tokens when simple auth is used.
Prior to YARN-10339, Timeline delegation tokens were unnecessarily used when yarn.timeline-service.http-authentication.type=simple, but hadoop security was enabled. After YARN-10339, the tokens are not used when yarn.timeline-service.http-authentication.type=simple.
In a rolling upgrade scenario, we can have a client which doesn't have YARN-10339 changes submitting an application and requests a Timeline delegation token even when yarn.timeline-service.http-authentication.type=simple. RM on the other hand can have YARN-10339 changes and so will result in error while trying to renew the token with PseudoAuthenticationHandler.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org