[jira] [Updated] (OOZIE-2490) Oozie can't set hadoop.security.token.service.use_ip

Thu, 07 Apr 2016 14:01:45 -0700 

     [ 
https://issues.apache.org/jira/browse/OOZIE-2490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Kanter updated OOZIE-2490:
---------------------------------
    Attachment: OOZIE-2490.003.patch

Good point.  The 003 patch loops through {{hadoopConfigs}} until it either 
finds a valid one (or doesn't find any).

> Oozie can't set hadoop.security.token.service.use_ip
> ----------------------------------------------------
>
>                 Key: OOZIE-2490
>                 URL: https://issues.apache.org/jira/browse/OOZIE-2490
>             Project: Oozie
>          Issue Type: Bug
>    Affects Versions: trunk
>            Reporter: Robert Kanter
>            Assignee: Robert Kanter
>             Fix For: trunk
>
>         Attachments: OOZIE-2490.001.patch, OOZIE-2490.002.patch, 
> OOZIE-2490.003.patch
>
>
> Currently, Oozie has no way of setting 
> {{hadoop.security.token.service.use_ip}} to the non-default value, as 
> explained in HADOOP-12954.  Once that is resolved, we should have Oozie set 
> {{hadoop.security.token.service.use_ip}} on startup via the new method added 
> by HADOOP-12954.  
> {{hadoop.security.token.service.use_ip}} (default=true) is needed if your 
> network is setup such that you need to use hostnames in delegation tokens 
> instead of ip addresses.
> e.g.
> {noformat}
> Kind: HDFS_DELEGATION_TOKEN, Service: 127.0.0.1:8020, Ident: 
> (HDFS_DELEGATION_TOKEN token 7 for hive)
> {noformat}
> vs
> {noformat}
> Kind: HDFS_DELEGATION_TOKEN, Service: foo.bar.cloudera.com:8020, Ident: 
> (HDFS_DELEGATION_TOKEN token 4 for hive)
> {noformat}
> Some notes:
> - Ideally, {{hadoop.security.token.service.use_ip}} could be set on a 
> per-cluster basis (because Oozie supports multiple clusters), however, like 
> many of Hadoop's Security stuff, it's static so we can't.  I think we should 
> have Oozie use the {{Configuration}} associated with the default NN/JT/RM 
> when setting this.
> - We'll have to use reflection to do this because HADOOP-12954 will add a new 
> method and we can't guarantee the method is there.  If the method doesn't 
> exist, there's no alternative to set 
> {{hadoop.security.token.service.use_ip}}, so we'll just ignore it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to