The Scenario is as follows:
1. NameNode HA is enabled.
2. Kerberos is enabled.
3. HDFS Delegation Token (not Keytab or TGT) is used to communicate with NameNode.
4. We want to update the HDFS Delegation Token for long running applicatons. HDFS Client will generate private tokens for each NameNode. When we update the HDFS Delegation Token, these private tokens will not be updated, which will cause token expired.
This bug can be reproduced by the following program:
To reproduce the bug, please set the following configuration to Name Node:
The bug will occure after 3 minutes.
The stacktrace is: