You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Jian He (JIRA)" <ji...@apache.org> on 2013/05/02 23:26:16 UTC
[jira] [Commented] (YARN-638) Add RMDelegationTokens back to
DelegationTokenSecretManager after RM Restart
[ https://issues.apache.org/jira/browse/YARN-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13647914#comment-13647914 ]
Jian He commented on YARN-638:
------------------------------
Simply adding RMDelegationTokens back to DelegationTokenSecretManager is not enough. We also need to store the master keys, since renewToken method is using corresponding key of token to generate new password and verify the client is renewing token with correct password.
The current solution for restoring RMDelegationTokens is to add a separate RMDelegationSecrectManagerStore in RMStateStore. What it does is to save the token and the master key whenever they are generated, and remove the states when token expires and key is rolled over
> Add RMDelegationTokens back to DelegationTokenSecretManager after RM Restart
> ----------------------------------------------------------------------------
>
> Key: YARN-638
> URL: https://issues.apache.org/jira/browse/YARN-638
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: resourcemanager
> Reporter: Jian He
> Assignee: Jian He
> Attachments: YARN-638.1.patch
>
>
> This is missed in YARN-581. After RM restart, RMDelegationTokens need to be added both in DelegationTokenRenewer (addressed in YARN-581), and delegationTokenSecretManager
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira