Description
After HADOOP-14445 and HADOOP-15997, there are still cases where KMSLoadBlanceClientProvider does not select token correctly.
Here is the use case:
The new configuration key hadoop.security.kms.client.token.use.uri.format=true is set cross all the cluster, including both Submitter and Yarn RM(renewer), which is not covered in the test matrix in this HADOOP-14445 comment.
I will post the debug log and the proposed fix shortly, cc: xiaochen and jojochuang.
Attachments
Issue Links
- is broken by
-
HADOOP-14445 Use DelegationTokenIssuer to create KMS delegation tokens that can authenticate to all KMS instances
-
- Resolved
-
- links to