Daniel Roudnitsky created HBASE-28785:
-----------------------------------------
Summary: Canary should not create RefreshCredentials chore if not
in daemon mode
Key: HBASE-28785
URL: https://issues.apache.org/jira/browse/HBASE-28785
Project: HBase
Issue Type: Improvement
Components: canary
Reporter: Daniel Roudnitsky
Assignee: Daniel Roudnitsky
For kerberos enabled clusters, on startup Canary.runMonitor [will create a
chore service running a RefreshCredentials chore regardless of the canary
mode|https://github.com/apache/hbase/blob/97de2912396d303b78a0d85552953e3e9955a145/hbase-server/src/main/java/org/apache/hadoop/hbase/tool/CanaryTool.java#L1057-L1067].
The [documentation in the
reference|https://hbase.apache.org/book.html#_running_canary_in_a_kerberos_enabled_cluster]
for running a canary against kerberos enabled clusters specifies that the
RefreshCredentials chore will only be created in daemon mode, which makes sense
as the canary is intended to be long lived if run in daemon mode. If the canary
is being run one off (not in daemon mode) it should be relatively short lived,
the default canary timeout we have set is 10min, and should not require
credential refresh if one has a sane kerberos ticket lifetime.
If we do see a need to keep that behavior then this can turn into a ticket to
correct what's documented in the reference.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
