[
https://issues.apache.org/jira/browse/HADOOP-11017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14145107#comment-14145107
]
Jian He commented on HADOOP-11017:
----------------------------------
Now, the storeNewMasterKey is invoked inside the synchronized block. if ZK is
unavailable. The whole class will be blocked.
{code}
synchronized (this) {
currentId = newKey.getKeyId();
currentKey = newKey;
storeDelegationKey(currentKey);
}
{code}
Irrespective of this, I think YARN also has a bug. RM should do updateMasterKey
instead of storeNewMasterKey while it's rolling the key.
> KMS delegation token secret manager should be able to use zookeeper as store
> ----------------------------------------------------------------------------
>
> Key: HADOOP-11017
> URL: https://issues.apache.org/jira/browse/HADOOP-11017
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.6.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
> Fix For: 2.6.0
>
> Attachments: HADOOP-11017.1.patch, HADOOP-11017.10.patch,
> HADOOP-11017.11.patch, HADOOP-11017.2.patch, HADOOP-11017.3.patch,
> HADOOP-11017.4.patch, HADOOP-11017.5.patch, HADOOP-11017.6.patch,
> HADOOP-11017.7.patch, HADOOP-11017.8.patch, HADOOP-11017.9.patch,
> HADOOP-11017.WIP.patch
>
>
> This will allow supporting multiple KMS instances behind a load balancer.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
