Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
Reply-To: common-issues@hadoop.apache.org
Date: Wed, 20 Jan 2016 23:50:39 +0000 (UTC)
From: "Xiaoyu Yao (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <JIRA.12923193.1450491198000.164965.1453333839896@Atlassian.JIRA>
In-Reply-To: <JIRA.12923193.1450491198000@Atlassian.JIRA>
References: <JIRA.12923193.1450491198000@Atlassian.JIRA>
 <JIRA.12923193.1450491198936@arcas>
Subject: [jira] [Commented] (HADOOP-12659) Incorrect usage of config
 parameters in token manager of KMS
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/HADOOP-12659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15109756#comment-15109756 ] 

Xiaoyu Yao commented on HADOOP-12659:
-------------------------------------

Patch look good to me. +1. I will commit it shortly.

> Incorrect usage of config parameters in token manager of KMS
> ------------------------------------------------------------
>
>                 Key: HADOOP-12659
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12659
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.7.1, 2.6.2
>            Reporter: Tianyin Xu
>            Assignee: Mingliang Liu
>         Attachments: HADOOP-12659.000.patch
>
>
> Hi, the usage of the following configs of Key Management Server (KMS) are problematic: 
> {{hadoop.kms.authentication.delegation-token.renew-interval.sec}}
> {{hadoop.kms.authentication.delegation-token.removal-scan-interval.sec}}
> The name indicates that the units are {{sec}}, and the online doc shows that the default values are {{86400}} and {{3600}}, respectively.
> https://hadoop.apache.org/docs/stable/hadoop-kms/index.html
> which is also defined in
> {code:title=DelegationTokenManager.java|borderStyle=solid}
>  55   public static final String RENEW_INTERVAL = PREFIX + "renew-interval.sec";
>  56   public static final long RENEW_INTERVAL_DEFAULT = 24 * 60 * 60;
>  ...
>  58   public static final String REMOVAL_SCAN_INTERVAL = PREFIX +
>  59       "removal-scan-interval.sec";
>  60   public static final long REMOVAL_SCAN_INTERVAL_DEFAULT = 60 * 60;
> {code}
> However, in {{DelegationTokenManager.java}} and {{ZKDelegationTokenSecretManager.java}}, these two parameters are used incorrectly.
> 1. *{{DelegationTokenManager.java}}*
> {code}
>  70           conf.getLong(RENEW_INTERVAL, RENEW_INTERVAL_DEFAULT) * 1000,
>  71           conf.getLong(REMOVAL_SCAN_INTERVAL, 
>  72               REMOVAL_SCAN_INTERVAL_DEFAULT * 1000));
> {code}
> Apparently, at Line 72, {{REMOVAL_SCAN_INTERVAL}} should be used in the same way as {{RENEW_INTERVAL}}, like
> {code}
> 72c72
> <               REMOVAL_SCAN_INTERVAL_DEFAULT * 1000));
> ---
> >               REMOVAL_SCAN_INTERVAL_DEFAULT) * 1000);
> {code}
> Currently, the unit of {{hadoop.kms.authentication.delegation-token.removal-scan-interval.sec}} is not {{sec}} but {{millisec}}.
> 2. *{{ZKDelegationTokenSecretManager.java}}*
> {code}
> 142         conf.getLong(DelegationTokenManager.RENEW_INTERVAL,
> 143             DelegationTokenManager.RENEW_INTERVAL_DEFAULT * 1000),
> 144         conf.getLong(DelegationTokenManager.REMOVAL_SCAN_INTERVAL,
> 145             DelegationTokenManager.REMOVAL_SCAN_INTERVAL_DEFAULT) * 1000);
> {code}
>  The situation is the opposite in this class that {{hadoop.kms.authentication.delegation-token.renew-interval.sec}} is wrong but the other is correct...
> A patch should be like
> {code}
> 143c143
> <             DelegationTokenManager.RENEW_INTERVAL_DEFAULT * 1000),
> ---
> >             DelegationTokenManager.RENEW_INTERVAL_DEFAULT) * 1000,
> {code}
> Thanks!


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)