[
https://issues.apache.org/jira/browse/HADOOP-13381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiao Chen updated HADOOP-13381:
-------------------------------
Attachment: HADOOP-13381.01.patch
The {{KeyProviderCache}} is necessary according to HDFS-7718.
To fix the issue, I can think of 2 options:
- Change the cache to recognize different clients.
- Update KMSClientProvider to favor new tokens.
I chose option #2 because #1 would increase {{KeyProvider}} object based on
client number, and even so we still need to update the tokens since after a MR
job, a token may be explicitly cancelled.
This is more of an end-to-end thing, but I tried to mimic it in TestKMS to keep
it simple. Patch 1 attached.
Thanks [~rkanter] again for helping me understand Yarn log aggregation! Ping
[~asuresh] / [~andrew.wang] for review, thank you in advance.
> KMS clients running in the same JVM should use updated KMS Delegation Token
> ---------------------------------------------------------------------------
>
> Key: HADOOP-13381
> URL: https://issues.apache.org/jira/browse/HADOOP-13381
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Priority: Critical
> Attachments: HADOOP-13381.01.patch
>
>
> When {{/tmp}} is setup as an EZ, one may experience YARN log aggregation
> failure after the KMS token is expired. The MR job itself runs find though.
> When this happens, YARN NodeManager's log will show
> {{AuthenticationException}} with token is expire / token can't be found in
> cache, depending on whether the expired token is removed by the background or
> not.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
