Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13381

KMS clients should use KMS Delegation Tokens from current UGI.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.6.0
    • 2.8.0, 3.0.0-alpha1
    • kms
    • None
    • Reviewed

    Description

      When /tmp is setup as an EZ, one may experience YARN log aggregation failure after the very first KMS token is expired. The MR job itself runs fine though.

      When this happens, YARN NodeManager's log will show AuthenticationException with token is expired / token can't be found in cache, depending on whether the expired token is removed by the background or not.

      Attachments

        1. HADOOP-13381.04.patch
          9 kB
          Xiao Chen
        2. HADOOP-13381.03.patch
          10 kB
          Xiao Chen
        3. HADOOP-13381.02.patch
          10 kB
          Xiao Chen
        4. HADOOP-13381.01.patch
          8 kB
          Xiao Chen

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-13749 KMSClientProvider combined with KeyProviderCache can result in wrong UGI being used

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              xiaochen Xiao Chen
              xiaochen Xiao Chen
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: