Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
trunk
-
None
-
None
Description
Currently, Oozie has no way of setting hadoop.security.token.service.use_ip to the non-default value, as explained in HADOOP-12954. Once that is resolved, we should have Oozie set hadoop.security.token.service.use_ip on startup via the new method added by HADOOP-12954.
hadoop.security.token.service.use_ip (default=true) is needed if your network is setup such that you need to use hostnames in delegation tokens instead of ip addresses.
e.g.
Kind: HDFS_DELEGATION_TOKEN, Service: 127.0.0.1:8020, Ident: (HDFS_DELEGATION_TOKEN token 7 for hive)
vs
Kind: HDFS_DELEGATION_TOKEN, Service: foo.bar.cloudera.com:8020, Ident: (HDFS_DELEGATION_TOKEN token 4 for hive)
Some notes:
- Ideally, hadoop.security.token.service.use_ip could be set on a per-cluster basis (because Oozie supports multiple clusters), however, like many of Hadoop's Security stuff, it's static so we can't. I think we should have Oozie use the Configuration associated with the default NN/JT/RM when setting this.
- We'll have to use reflection to do this because
HADOOP-12954will add a new method and we can't guarantee the method is there. If the method doesn't exist, there's no alternative to set hadoop.security.token.service.use_ip, so we'll just ignore it.
Attachments
Attachments
Issue Links
- depends upon
-
HADOOP-12954 Add a way to change hadoop.security.token.service.use_ip
- Resolved