Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-3103

AMRMClientImpl does not update AMRM token properly

    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      AMRMClientImpl.updateAMRMToken updates the token service before storing it to the credentials, so the token is mapped using the newly updated service rather than the empty service that was used when the RM created the original AMRM token. This leads to two AMRM tokens in the credentials and can still fail if the AMRMTokenSelector picks the wrong one.

      In addition the AMRMClientImpl grabs the login user rather than the current user when security is enabled, so it's likely the UGI being updated is not the UGI that will be used when reconnecting to the RM.

      The end result is that AMs can fail with invalid token errors when trying to reconnect to an RM after a new AMRM secret has been activated.

      Attachments

        1. YARN-3103.001.patch
          3 kB
          Jason Darrell Lowe

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. FLINK-12623 Flink on yarn encountered AMRMClientImpl does not update AMRM token properly

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MAPREDUCE-6230 MR AM does not survive RM restart if RM activated a new AMRM secret key

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Activity

            People

              jlowe Jason Darrell Lowe
              jlowe Jason Darrell Lowe
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: