hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4477) Secondary namenode may retain old tokens
Date Thu, 07 Feb 2013 17:11:12 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4477?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13573678#comment-13573678
] 

Daryn Sharp commented on HDFS-4477:
-----------------------------------

Yes, the TSM has a thread that does things like roll secret keys, remove expired tokens, etc.
 This thread isn't started in the 2NN because it mutates state, ie. you can't be generating
and rolling keys in the 2NN.

My first thought was for the TSM to discard expired tokens when reading & writing its
state.  However, I think HA standby NNs will retain the tokens "forever" until they become
the active.  We may need to generate edits for naturally expired tokens, just like we do for
explicitly cancelled tokens.
                
> Secondary namenode may retain old tokens
> ----------------------------------------
>
>                 Key: HDFS-4477
>                 URL: https://issues.apache.org/jira/browse/HDFS-4477
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.23.7
>            Reporter: Kihwal Lee
>            Assignee: Daryn Sharp
>
> Upon inspection of a fsimage created by a secondary namenode, we've discovered it contains
very old tokens. These are probably the ones that were not explicitly canceled.  It may be
related to the optimization done to avoid loading fsimage from scratch every time checkpointing.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message