hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiao Chen (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HADOOP-14987) Improve KMSClientProvider log around delegation token checking
Date Mon, 30 Oct 2017 22:20:03 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16225846#comment-16225846
] 

Xiao Chen edited comment on HADOOP-14987 at 10/30/17 10:19 PM:
---------------------------------------------------------------

Thanks Xiaoyu for revving. Output and code looks good.

I was proposing we add {{@InterfaceAudience.Private}} to the new UGI logging methods, and
{{@Deprecated}} to the one you wanted to remove.

{code}
   // TODO: KMSConfiguration.HTTP_PORT_DEFAULT (9600) is defined in
   // hadoop-kms module, hard code here to avoid introducing dependency.
   int kmsPort = (kmsUrl.getPort() == -1) ? 9600: kmsUrl.getPort();
{code}
Could you explain why we need the change here? 


was (Author: xiaochen):
Thanks Xiaoyu for revving.

I was proposing we add {{@InterfaceAudience.Private}} to the new UGI logging methods, and
{{@Deprecated}} to the one you wanted to remove.

{code}
   // TODO: KMSConfiguration.HTTP_PORT_DEFAULT (9600) is defined in
   // hadoop-kms module, hard code here to avoid introducing dependency.
   int kmsPort = (kmsUrl.getPort() == -1) ? 9600: kmsUrl.getPort();
{code}
Could you explain why we need the change here? 

> Improve KMSClientProvider log around delegation token checking
> --------------------------------------------------------------
>
>                 Key: HADOOP-14987
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14987
>             Project: Hadoop Common
>          Issue Type: Improvement
>    Affects Versions: 2.7.3
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>         Attachments: HADOOP-14987.001.patch, HADOOP-14987.002.patch
>
>
> KMSClientProvider#containsKmsDt uses SecurityUtil.buildTokenService(addr) to build the
key to look for KMS-DT from the UGI's token map. The token lookup key here varies depending
 on the KMSClientProvider's configuration value for hadoop.security.token.service.use_ip.
In certain cases, the token obtained with non-matching hadoop.security.token.service.use_ip
setting will not be recognized by KMSClientProvider. This ticket is opened to improve logs
for troubleshooting KMS delegation token related issues like this.  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message