You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Xiaoyu Yao (JIRA)" <ji...@apache.org> on 2016/01/21 22:55:40 UTC
[jira] [Updated] (HADOOP-12659) Incorrect usage of config
parameters in token manager of KMS
[ https://issues.apache.org/jira/browse/HADOOP-12659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xiaoyu Yao updated HADOOP-12659:
--------------------------------
Resolution: Fixed
Hadoop Flags: Reviewed
Fix Version/s: 2.8.0
Status: Resolved (was: Patch Available)
Thanks [~liuml07] for the contribution and all for the reviews. I've committed the patch to trunk, branch-2 and branch-2.8.
> Incorrect usage of config parameters in token manager of KMS
> ------------------------------------------------------------
>
> Key: HADOOP-12659
> URL: https://issues.apache.org/jira/browse/HADOOP-12659
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.7.1, 2.6.2
> Reporter: Tianyin Xu
> Assignee: Mingliang Liu
> Fix For: 2.8.0
>
> Attachments: HADOOP-12659.000.patch
>
>
> Hi, the usage of the following configs of Key Management Server (KMS) are problematic:
> {{hadoop.kms.authentication.delegation-token.renew-interval.sec}}
> {{hadoop.kms.authentication.delegation-token.removal-scan-interval.sec}}
> The name indicates that the units are {{sec}}, and the online doc shows that the default values are {{86400}} and {{3600}}, respectively.
> https://hadoop.apache.org/docs/stable/hadoop-kms/index.html
> which is also defined in
> {code:title=DelegationTokenManager.java|borderStyle=solid}
> 55 public static final String RENEW_INTERVAL = PREFIX + "renew-interval.sec";
> 56 public static final long RENEW_INTERVAL_DEFAULT = 24 * 60 * 60;
> ...
> 58 public static final String REMOVAL_SCAN_INTERVAL = PREFIX +
> 59 "removal-scan-interval.sec";
> 60 public static final long REMOVAL_SCAN_INTERVAL_DEFAULT = 60 * 60;
> {code}
> However, in {{DelegationTokenManager.java}} and {{ZKDelegationTokenSecretManager.java}}, these two parameters are used incorrectly.
> 1. *{{DelegationTokenManager.java}}*
> {code}
> 70 conf.getLong(RENEW_INTERVAL, RENEW_INTERVAL_DEFAULT) * 1000,
> 71 conf.getLong(REMOVAL_SCAN_INTERVAL,
> 72 REMOVAL_SCAN_INTERVAL_DEFAULT * 1000));
> {code}
> Apparently, at Line 72, {{REMOVAL_SCAN_INTERVAL}} should be used in the same way as {{RENEW_INTERVAL}}, like
> {code}
> 72c72
> < REMOVAL_SCAN_INTERVAL_DEFAULT * 1000));
> ---
> > REMOVAL_SCAN_INTERVAL_DEFAULT) * 1000);
> {code}
> Currently, the unit of {{hadoop.kms.authentication.delegation-token.removal-scan-interval.sec}} is not {{sec}} but {{millisec}}.
> 2. *{{ZKDelegationTokenSecretManager.java}}*
> {code}
> 142 conf.getLong(DelegationTokenManager.RENEW_INTERVAL,
> 143 DelegationTokenManager.RENEW_INTERVAL_DEFAULT * 1000),
> 144 conf.getLong(DelegationTokenManager.REMOVAL_SCAN_INTERVAL,
> 145 DelegationTokenManager.REMOVAL_SCAN_INTERVAL_DEFAULT) * 1000);
> {code}
> The situation is the opposite in this class that {{hadoop.kms.authentication.delegation-token.renew-interval.sec}} is wrong but the other is correct...
> A patch should be like
> {code}
> 143c143
> < DelegationTokenManager.RENEW_INTERVAL_DEFAULT * 1000),
> ---
> > DelegationTokenManager.RENEW_INTERVAL_DEFAULT) * 1000,
> {code}
> Thanks!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)