diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/amrmproxy/AMRMProxyApplicationContextImpl.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/amrmproxy/AMRMProxyApplicationContextImpl.java index 2e5aa94..6d4fdfc 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/amrmproxy/AMRMProxyApplicationContextImpl.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/amrmproxy/AMRMProxyApplicationContextImpl.java @@ -115,7 +115,7 @@ public synchronized int getLocalAMRMTokenKeyId() { throw new YarnRuntimeException("Missing AMRM token for " + this.applicationAttemptId); } - keyId = this.amrmToken.decodeIdentifier().getKeyId(); + keyId = this.localToken.decodeIdentifier().getKeyId(); this.localTokenKeyId = keyId; } catch (IOException e) { throw new YarnRuntimeException("AMRM token decode error for " diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/amrmproxy/AMRMProxyService.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/amrmproxy/AMRMProxyService.java index dc56090..5c2a9ae 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/amrmproxy/AMRMProxyService.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/amrmproxy/AMRMProxyService.java @@ -342,9 +342,14 @@ private void updateAMRMTokens(AMRMTokenIdentifier amrmTokenIdentifier, // check to see if the RM has issued a new AMRMToken & accordingly update // the real ARMRMToken in the current context if (allocateResponse.getAMRMToken() != null) { + LOG.info("RM rolled master-key for amrm-tokens"); + org.apache.hadoop.yarn.api.records.Token token = allocateResponse.getAMRMToken(); + // Do not propagate this info back to AM + allocateResponse.setAMRMToken(null); + org.apache.hadoop.security.token.Token newTokenId = new org.apache.hadoop.security.token.Token( token.getIdentifier().array(), token.getPassword().array(), @@ -371,6 +376,9 @@ private void updateAMRMTokens(AMRMTokenIdentifier amrmTokenIdentifier, this.secretManager.createAndGetAMRMToken(pipeline .getApplicationAttemptId()); context.setLocalAMRMToken(localToken); + } else { + LOG.warn( + "AM did not use the newly issued local AMRMToken, resending it"); } allocateResponse