Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7B3B57962 for ; Fri, 2 Sep 2011 18:19:32 +0000 (UTC) Received: (qmail 48722 invoked by uid 500); 2 Sep 2011 18:19:32 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 48464 invoked by uid 500); 2 Sep 2011 18:19:31 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 48437 invoked by uid 99); 2 Sep 2011 18:19:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Sep 2011 18:19:31 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Sep 2011 18:19:30 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 636743C6E5 for ; Fri, 2 Sep 2011 18:19:10 +0000 (UTC) Date: Fri, 2 Sep 2011 18:19:10 +0000 (UTC) From: "Jitendra Nath Pandey (JIRA)" To: common-issues@hadoop.apache.org Message-ID: <809900228.11485.1314987550403.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <483574068.6147.1312408047400.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (HADOOP-7510) Tokens should use original hostname provided instead of ip MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-7510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13096181#comment-13096181 ] Jitendra Nath Pandey commented on HADOOP-7510: ---------------------------------------------- > Hftp requests appear to be handled.. Agreed that Hftp should not have an issue because DN resets the service. However, there could be a usecase where we run into this issue. For example: A job is launched on cluster running new version and some of its tasks submit a job on a cluster running older version. I admit this is a contrived use case and may not exist anywhere. But that makes me worried that we might end up breaking something. Can we take following approach (Thanks to Owen and Suresh!) # Don't change the service in the token and keep it ip:port # Cache a map in TokenSelectors which maps ipNew to ipOld. Cache entry can be purged after a token lifetime. # Token selector matches the new ip, if that doesn't work, it also tries old ip, if that exists. The cache will have an entry only if there is an ip failover, otherwise the TokenSelectors will behave exactly as they are doing today. Another plus is that tokens don't change at all. > Tokens should use original hostname provided instead of ip > ---------------------------------------------------------- > > Key: HADOOP-7510 > URL: https://issues.apache.org/jira/browse/HADOOP-7510 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Reporter: Daryn Sharp > Assignee: Daryn Sharp > Fix For: 0.20.205.0 > > Attachments: HADOOP-7510.patch > > > Tokens currently store the ip:port of the remote server. This precludes tokens from being used after a host's ip is changed. Tokens should store the hostname used to make the RPC connection. This will enable new processes to use their existing tokens. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira