hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-3825) Need generalized multi-token filesystem support
Date Wed, 08 Feb 2012 00:36:59 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-3825?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13203034#comment-13203034

Daryn Sharp commented on MAPREDUCE-3825:

(sorry, have to leave for the day)

Yes, there no question there is multi-token support, but the way it integrates with the TokenCache
is broken.  The TokenCache expects a 1 to 1 mapping between the canonical service name and
the filesystem's delegation token service.  This is because TokenCache uses the canonical
service as a key in its credentials.  It doesn't work correctly for multi-token filesystems,
or filtered filesystems using a different scheme than the underlying fs.  It's wrong, but
it's what we've got to work with.  Eventually the token cache should have no knowledge about
the canonical service at all.

I agree the TokenCache does need an overhaul.  If it wasn't for the block of code that tries
to load the binary token cache if a token is missing, then with the changes in common the
whole method collapses into calling getDelegationTokens on the filesystems.  However, I'm
paranoid of altering the behavior of the TokenCache in 23, so I created a backwards compatible
solution that works perfectly with the way FileSystem tokens are currently designed.

> Need generalized multi-token filesystem support
> -----------------------------------------------
>                 Key: MAPREDUCE-3825
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-3825
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.23.1, 0.24.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
> This is the counterpart to HADOOP-7967.  The token cache currently tries to assume a
filesystem's token service key.  The assumption generally worked while there was a one to
one mapping of filesystem to token.  With the advent of multi-token filesystems like viewfs,
the token cache will try to use a service key (ie. for viewfs) that will never exist (because
it really gets the mounted fs tokens).

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message