Robert Kanter created OOZIE-2490: ------------------------------------ Summary: Oozie can't set hadoop.security.token.service.use_ip Key: OOZIE-2490 URL: https://issues.apache.org/jira/browse/OOZIE-2490 Project: Oozie Issue Type: Bug Affects Versions: trunk Reporter: Robert Kanter Assignee: Robert Kanter Fix For: trunk
Currently, Oozie has no way of setting {{hadoop.security.token.service.use_ip}} to the non-default value, as explained in HADOOP-12954. Once that is resolved, we should have Oozie set {{hadoop.security.token.service.use_ip}} on startup via the new method added by HADOOP-12954. {{hadoop.security.token.service.use_ip}} (default=true) is needed if your network is setup such that you need to use hostnames in delegation tokens instead of ip addresses. e.g. {noformat} Kind: HDFS_DELEGATION_TOKEN, Service: 127.0.0.1:8020, Ident: (HDFS_DELEGATION_TOKEN token 7 for hive) {noformat} vs {noformat} Kind: HDFS_DELEGATION_TOKEN, Service: foo.bar.cloudera.com:8020, Ident: (HDFS_DELEGATION_TOKEN token 4 for hive) {noformat} Some notes: - Ideally, {{hadoop.security.token.service.use_ip}} could be set on a per-cluster basis (because Oozie supports multiple clusters), however, like many of Hadoop's Security stuff, it's static so we can't. I think we should have Oozie use the {{Configuration}} associated with the default NN/JT/RM when setting this. - We'll have to use reflection to do this because HADOOP-12954 will add a new method and we can't guarantee the method is there. If the method doesn't exist, there's no alternative to set {{hadoop.security.token.service.use_ip}}, so we'll just ignore it. -- This message was sent by Atlassian JIRA (v6.3.4#6332)