hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jitendra Nath Pandey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7510) Tokens should use original hostname provided instead of ip
Date Tue, 06 Sep 2011 19:29:10 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13098292#comment-13098292

Jitendra Nath Pandey commented on HADOOP-7510:

> Everything that gets a token immediately stomps the service to its format. Both sides
always ignore what the other 
> side set.
I don't think this will work in this case. The token is actually obtained by the first jobClient
only. After that it is just passed along in the credentials. The jobclient at the task submitting
a new job will not (it can't) get a new token. The jobClient at the task in fact will not
find a token for the other namenode and will not be able to issue one as well. The relevant
section of the code I am referring to is TokenCache#obtainTokensForNamenodesInternal.

The proposed scheme works only if it can be determined at the client side that a failover
has occurred and TokenSelector can be updated with the mapping.

> With the static TokenSelector cache, there's issues with how to handle multiple ip changes.
The cache lookup will
> have to deal with circular loops. There would also need to be something like reference
counting to expire the 
> cache. Multiple tokens may be relying on the mappings being maintained in the TokenSelector.
Multiple ip changes in the lifetoken of a same token, is very rare. We should be ok if we
can handle one IP failure. Just lookup once and use the mapping if present. The cache can
expire after a token lifetime, no need to maintain a reference count. 
  I think the patch can be kept pretty simple if we just handle one ip failure in the lifetime
of a token. Another enhancement here could be to stamp the token with new service after each
renewal and expire the cache after the renewal time of the token.

> Tokens should use original hostname provided instead of ip
> ----------------------------------------------------------
>                 Key: HADOOP-7510
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7510
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>             Fix For:
>         Attachments: HADOOP-7510.patch
> Tokens currently store the ip:port of the remote server.  This precludes tokens from
being used after a host's ip is changed.  Tokens should store the hostname used to make the
RPC connection.  This will enable new processes to use their existing tokens.

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message