[HADOOP-14497] Logs for KMS delegation token lifecycle - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 2.9.0, 3.0.0-alpha4
Component/s: None
Labels:
None

Description

We run into quite some customer cases about authentication failures related to KMS delegation token. It would be nice to see a log for each stage of the token:
1. creation
2. renewal
3. removal upon cancel
4. remove upon expiration
So that when we correlate the logs for the same DT, we can have a good picture about what's going on, and what could have caused the authentication failure.

The same is applicable to other delegation tokens.

NOTE: When log info about delagation token, we don't want leak user's secret info.

Attachments

Issue Links

is duplicated by

HADOOP-14496 Logs for KMS delegation token lifecycle

Resolved

Sub-Tasks

1.	KMS should log error details in KMSExceptionsProvider	Resolved	Xiao Chen
2.	Add more details in the log when a token is expired	Resolved	Xiao Chen
3.	Add more debug logs for delegation tokens and authentication	Resolved	Xiao Chen
4.	Add more info to the msgs printed in AbstractDelegationTokenSecretManager for better supportability	Resolved	Yongjun Zhang

Activity

People

Assignee:: Xiao Chen

Reporter:: Yongjun Zhang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 06/Jun/17 19:40

Updated:: 12/Jun/17 18:41

Resolved:: 10/Jun/17 03:38