hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12954) Add a way to change hadoop.security.token.service.use_ip
Date Tue, 22 Mar 2016 23:36:25 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12954?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15207529#comment-15207529
] 

Chris Nauroth commented on HADOOP-12954:
----------------------------------------

Thanks, Robert.  I think this makes sense.  I guess the new {{SecurityUtil#setConfiguration}}
call would have to be wired into the MR AM.  If you weren't planning on doing that within
the scope of this issue, then maybe it makes more sense to keep both open instead of resolving
one as duplicate of another.

bq. Though for MAPREDUCE-6565, why can't you have a core-site.xml added via mapreduce.application.classpath?

You can, but when I filed MAPREDUCE-6565, I was asserting that you shouldn't have to do this.
 The behavior is different from a lot of other things in that the correct value of use_ip
doesn't propagate down via the submitted job.xml.

> Add a way to change hadoop.security.token.service.use_ip
> --------------------------------------------------------
>
>                 Key: HADOOP-12954
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12954
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.6.0
>            Reporter: Robert Kanter
>            Assignee: Robert Kanter
>         Attachments: HADOOP-12954.001.patch
>
>
> Currently, {{hadoop.security.token.service.use_ip}} is set on JVM startup via:
> {code:java}
>   static {
>     Configuration conf = new Configuration();
>     boolean useIp = conf.getBoolean(
>         CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP,
>         CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP_DEFAULT);
>     setTokenServiceUseIp(useIp);
>   }
> {code}
> This is a problem for clients, such as Oozie, who don't add *-site.xml files to their
classpath.  Oozie normally creates a {{JobClient}} and passes a {{Configuration}} to it with
the proper configs we need.  However, because {{hadoop.security.token.service.use_ip}} is
specified in a static block like this, and there's no API to change it, Oozie has no way to
set it to the non-default value.
> I propose we add a {{setConfiguration}} method which takes a {{Configuration}} and rereads
{{hadoop.security.token.service.use_ip}}.  There's a few other properties that are also loaded
statically on startup that can be reloaded here as well.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message