KMSClientProvider need to be closed to free up the SSLFactory internally. See HADOOP-11368 for details.
Credit to Robert Kanter for finding this.
Implement TokenRenewer to renew and cancel delegation tokens in KMS
SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10902 (See https://builds.apache.org/job/Hadoop-trunk-Commit/10902/)
HADOOP-13838. KMSTokenRenewer should close providers (xiaochen via (rkanter: rev 47ca9e26fba4a639e43bee5bfc001ffc4b42330d)
Thank you Robert Kanter!
Cherry picked to branch-2.8 as well to match HADOOP-13155.
Thanks Xiao Chen. Committed to trunk and branch-2!
Test failure look unrelated, and the checkstyle is about the test method being too long, which was already around the border before this change.
This message was automatically generated.
Thanks a lot for the reviews, Robert and Andrew.
Patch adds the unit test for KMS, and also closes the instance in FSN.
Good catch here Xiao. Do you want to also close the key provider in FSNamesystem? I think this only really affects unit tests, but would be good code hygiene.
The fix seems good to me. Can you add a unit test?
This only applies to the KMSTokenRenwer added by HADOOP-13155. Fixing in patch 1.
HDFS clients caches the provider in clientcontext, which closes the provider on cache removal.