hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaoyu Yao (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14987) Improve KMSClientProvider log around delegation token checking
Date Mon, 30 Oct 2017 22:42:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16225874#comment-16225874
] 

Xiaoyu Yao commented on HADOOP-14987:
-------------------------------------

Thanks [~xiaochen] for the review. This additional line was added mainly for the TestLoadBalancingKMSClientProvider#testCreation
where the provider creation tests uses kmsUrl without proper port. In production, the key.provider.uri
should always have a valid port toward the KMS server. 

I'm hesitant to annotate the new API with @InterfaceAudience.Private because this may be useful
for upstream projects such as MR/Hive/Spark, etc. for debugging token and UGI related code.
The original one is kept to handle the case where the caller may not have a log instance.
As a result, UGI log is used as a fallback.





> Improve KMSClientProvider log around delegation token checking
> --------------------------------------------------------------
>
>                 Key: HADOOP-14987
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14987
>             Project: Hadoop Common
>          Issue Type: Improvement
>    Affects Versions: 2.7.3
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>         Attachments: HADOOP-14987.001.patch, HADOOP-14987.002.patch
>
>
> KMSClientProvider#containsKmsDt uses SecurityUtil.buildTokenService(addr) to build the
key to look for KMS-DT from the UGI's token map. The token lookup key here varies depending
 on the KMSClientProvider's configuration value for hadoop.security.token.service.use_ip.
In certain cases, the token obtained with non-matching hadoop.security.token.service.use_ip
setting will not be recognized by KMSClientProvider. This ticket is opened to improve logs
for troubleshooting KMS delegation token related issues like this.  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message