Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-16199

KMSLoadBlanceClientProvider does not select token correctly

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.0.2
    • 3.3.0
    • None
    • Reviewed

    Description

      After HADOOP-14445 and HADOOP-15997, there are still cases where KMSLoadBlanceClientProvider does not select token correctly. 

      Here is the use case:

      The new configuration key hadoop.security.kms.client.token.use.uri.format=true is set cross all the cluster, including both Submitter and Yarn RM(renewer), which is not covered in the test matrix in this HADOOP-14445 comment.

      I will post the debug log and the proposed fix shortly, cc: xiaochen and jojochuang.

      Attachments

        Issue Links

          is broken by

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-14445 Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #642

          Activity

            People

              xyao Xiaoyu Yao
              xyao Xiaoyu Yao
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: