You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@twill.apache.org by "Gary Helmling (JIRA)" <ji...@apache.org> on 2014/11/11 23:07:34 UTC
[jira] [Created] (TWILL-109) SecureStoreUpdater related
improvements
Gary Helmling created TWILL-109:
-----------------------------------
Summary: SecureStoreUpdater related improvements
Key: TWILL-109
URL: https://issues.apache.org/jira/browse/TWILL-109
Project: Apache Twill
Issue Type: Improvement
Components: api, yarn
Affects Versions: 0.3.0-incubating
Reporter: Gary Helmling
There are a couple aspects of the {{SecureStoreUpdater}} mechanism that should be improved:
# When using {{YarnUtils.addDelegationTokens()}} to refresh delegation tokens for an application, the calling code must provide a new {{Credentials}} instance to ensure that new tokens are fetched for HDFS and the YARN RM. If a token already exists in the given {{Credentials}} that matches the derived service name, a new token will not be requested. We should at least clearly document this behavior, and possibly refactor the API so that a {{Credentials}} instance does not need to be provided, and so that new tokens are obtained by default.
# When multiple {{SecureStoreUpdater}} instances are in use, since all credentials are written to the same file in HDFS, it seems to be possible for each updater to overwrite the currently saved credentials. From testing, this seems to happen, even though {{YarnTwillRunnerService.updateCredentials()}} has code to read in the existing credentials file and merge the provided credentials to it. More testing and debugging is needed to determine if this could be due to a race condition or another bug in the code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)