Hector Sandoval Chaverri created HDFS-17128:
-----------------------------------------------
Summary: SQLDelegationTokenSecretManager should use version of
tokens updated by other routers
Key: HDFS-17128
URL: https://issues.apache.org/jira/browse/HDFS-17128
Project: Hadoop HDFS
Issue Type: Improvement
Components: rbf
Reporter: Hector Sandoval Chaverri
The SQLDelegationTokenSecretManager keeps tokens that it has interacted with in
a memory cache. This prevents routers from connecting to the SQL server for
each token operation.
We've noticed issues with some tokens being loaded in one router's cache and
later renewed on a different one. If clients try to use the token in the
outdated router, it will throw an "Auth failed" error when the cached token's
expiration has passed.
This can also affect cancelation scenarios since a token can be removed from
one router's cache and still exist in another one.
A possible solution is already implemented on the
ZKDelegationTokenSecretManager, which consists of having an executor refreshing
each router's cache on a periodic basis. We should evaluate whether this will
work with the volume of tokens expected to be handled by the
SQLDelegationTokenSecretManager.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
