[ https://issues.apache.org/jira/browse/HADOOP-14987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16222660#comment-16222660 ]
Xiao Chen commented on HADOOP-14987: ------------------------------------ Thanks for the improvement Xiaoyu. {{DelegationTokenAuthenticatedURL}} has some debug logs which might help a little bit, but agree logging in KMSCP is more direct. :) LGTM overall, some comments: - {code:title=KMSCP#getActualUgi} if (LOG.isDebugEnabled()) { UserGroupInformation.logAllUserInfo(LOG, currentUgi); } {code} We can skip the {{isDebugEnabled}} check here. - We cannot make the change in UGI, since it's Public-Evolving. We can add the new methods though, and consider annotate at method level as Private-Unstable to save maintenance burden, according to http://hadoop.apache.org/docs/r3.0.0-beta1/hadoop-project-dist/hadoop-common/Compatibility.html. The old logging method can be marked deprecated at this time. - {{UGI#logUserInfo}} could use a {{isDebugEnabled}} check so we don't loop through the tokens unnecessarily. Should also make sure {{log}} is used as the logger in those methods. It'd be helpful to provide an example debug log for demonstration purpose. > Improve KMSClientProvider log around delegation token checking > -------------------------------------------------------------- > > Key: HADOOP-14987 > URL: https://issues.apache.org/jira/browse/HADOOP-14987 > Project: Hadoop Common > Issue Type: Improvement > Affects Versions: 2.7.3 > Reporter: Xiaoyu Yao > Assignee: Xiaoyu Yao > Attachments: HADOOP-14987.001.patch > > > KMSClientProvider#containsKmsDt uses SecurityUtil.buildTokenService(addr) to > build the key to look for KMS-DT from the UGI's token map. The token lookup > key here varies depending on the KMSClientProvider's configuration value for > hadoop.security.token.service.use_ip. In certain cases, the token obtained > with non-matching hadoop.security.token.service.use_ip setting will not be > recognized by KMSClientProvider. This ticket is opened to improve logs for > troubleshooting KMS delegation token related issues like this. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org