hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun Suresh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13539) KMS's zookeeper-based secret manager should be consistent when failed to remove node
Date Thu, 25 Aug 2016 15:33:21 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15437084#comment-15437084
] 

Arun Suresh commented on HADOOP-13539:
--------------------------------------

So... this is actually intentional.
The Master Key deletion failure is not that big a deal, and I felt it did not warrant an Exception.
If one ZKDTSM cannot delete it, one of its peers will delete it later on. Furthermore, these
are mostly old expired keys which are anyway not used to create new Tokens.
On the other hand deletion of a DelegationToken is important else it is possible that the
peer ZKDTSMs are not notified of the deleted token of an expired DelegationToken may be used
to authenticate.

> KMS's zookeeper-based secret manager should be consistent when failed to remove node
> ------------------------------------------------------------------------------------
>
>                 Key: HADOOP-13539
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13539
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13539.01.patch
>
>
> In {{ZKDelegationTokenSecretManager}}, the 2 methods {{removeStoredMasterKey}} and {{removeStoredToken}}
are very much alike, yet handles exception differently. We should not throw RTE if a node
cannot be removed - logging is enough.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message