You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2018/01/03 16:33:01 UTC

[jira] [Commented] (NIFI-4350) Remove relogin period parameter from Hadoop processors

    [ https://issues.apache.org/jira/browse/NIFI-4350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16309890#comment-16309890 ] 

ASF subversion and git services commented on NIFI-4350:
-------------------------------------------------------

Commit 42a1ee011b683da06011a946cbacaf0e8d3b2c81 in nifi's branch refs/heads/master from [~jtstorck]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=42a1ee0 ]

NIFI-4323 This closes #2360. Wrapped Get/ListHDFS hadoop operations in ugi.doAs calls
NIFI-3472 NIFI-4350 Removed explicit relogin code from HDFS/Hive/HBase components and updated SecurityUtils.loginKerberos to use UGI.loginUserFromKeytab. This brings those components in line with daemon-process-style usage, made possible by NiFi's InstanceClassloader isolation.  Relogin (on ticket expiry/connection failure) can now be properly handled by hadoop-client code implicitly.
NIFI-3472 Added default value (true) for javax.security.auth.useSubjectCredsOnly to bootstrap.conf
NIFI-3472 Added javadoc explaining the removal of explicit relogin threads and usage of UGI.loginUserFromKeytab
Readded Relogin Period property to AbstractHadoopProcessor, and updated its documentation to indicate that it is now a deprecated property
Additional cleanup of code that referenced relogin periods
Marked KerberosTicketRenewer is deprecated

NIFI-3472 Cleaned up imports in TestPutHiveStreaming


> Remove relogin period parameter from Hadoop processors
> ------------------------------------------------------
>
>                 Key: NIFI-4350
>                 URL: https://issues.apache.org/jira/browse/NIFI-4350
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Extensions
>            Reporter: Pierre Villard
>
> Right now, in Hadoop processors, there is a re-login period parameter that will define when the Kerberos ticket must be renewed by the processor. This re-login method will not take into account the lifetime of the generated ticket as the Hadoop library does (when requiring a new ticket, one will be actually generated only after 80% of the current ticket lifetime).
> With the current situation, in very specific sets of parameters for relogin period, ticket lifetime and processor scheduling, we can be in a situation where we try to execute the code without actually renewing the ticket. The re-login parameter / code should be removed to rely on the one provided by the underlying Hadoop library. 
> Workaround is to lower the re-login period parameter.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)