hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jian He (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (YARN-6134) [ATSv2 Security] Regenerate delegation token for app just before token expires if app collector is active
Date Wed, 16 Aug 2017 20:10:01 GMT

    [ https://issues.apache.org/jira/browse/YARN-6134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16129335#comment-16129335
] 

Jian He edited comment on YARN-6134 at 8/16/17 8:09 PM:
--------------------------------------------------------

thanks Varun, few comments on my end:

- In regenerateToken, looks like the regeneration of token is only scheduled for the first
time, it is not rescheduled for the next time?
- Instead of scheduling two runnable separately, we can do schedule regeneration of token
in the else case below?
{code}
        if (renewalDelay + Time.now() < tokenId.getMaxDate()) {
          Future<?> renewalFuture = tokenRenewalExecutor.schedule(
              this, renewalDelay, TimeUnit.MILLISECONDS);
          appCollector.setRenewalFutureForApp(renewalFuture);
        } else {
        	// schedule a regenerationToken 
        }
{code}
- should we add the exception in the logging too ?
{code}
            LOG.warn("Unable to " + (timerForRenewal ? "renew" : "regenerate") +
                " token for " + appId);
{code}
- In generateTokenAndSetTimers, can we log the token ? can be useful for debugging


was (Author: jianhe):
thanks Varun, few comments on my end:

- In regenerateToken, looks like the regeneration of token is only scheduled for the first
time, it is not rescheduled for the next time?
- Instead of scheduling two threads separately, we can do schedule regeneration of token in
the else case below?
{code}
        if (renewalDelay + Time.now() < tokenId.getMaxDate()) {
          Future<?> renewalFuture = tokenRenewalExecutor.schedule(
              this, renewalDelay, TimeUnit.MILLISECONDS);
          appCollector.setRenewalFutureForApp(renewalFuture);
        } else {
        	// schedule a regenerationToken 
        }
{code}
- should we add the exception in the logging too ?
{code}
            LOG.warn("Unable to " + (timerForRenewal ? "renew" : "regenerate") +
                " token for " + appId);
{code}
- In generateTokenAndSetTimers, can we log the token ? can be useful for debugging

> [ATSv2 Security] Regenerate delegation token for app just before token expires if app
collector is active
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-6134
>                 URL: https://issues.apache.org/jira/browse/YARN-6134
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Varun Saxena
>            Assignee: Varun Saxena
>              Labels: yarn-5355-merge-blocker
>         Attachments: YARN-6134-YARN-5355.01.patch, YARN-6134-YARN-5355.02.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message