Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-17368

Zookeeper secret manager attempts to reuse token sequence numbers

Add voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: In Progress
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      Daryn Sharp reported that the ZK delegation token secret manager uses a SharedCounter to synchronize increments of a monotonically increasing sequence number for new tokens. Yet the KMS logs occasionally, depending on load, contains an odd error indicating collisions:

      org.apache.zookeeper.KeeperException$NodeExistsException: KeeperErrorCode = NodeExists for /zkdtsm/ZKDTSMRoot/ZKDTSMTokensRoot/DT_137547444
      

      ZKDTSM does a CAS get and set of the sequence number. Rather than return the value it set, it returns the current value which may have already been incremented by another KMS.

        Attachments

          Activity

            People

            • Assignee:
              ahussein Ahmed Hussein
              Reporter:
              ahussein Ahmed Hussein

              Dates

              • Created:
                Updated:

                Issue deployment