[
https://issues.apache.org/jira/browse/OOZIE-3035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16126488#comment-16126488
]
Robert Kanter commented on OOZIE-3035:
--------------------------------------
The {{Master}} class is marked {{\@Private}} and {{\@Unstable}}
(https://github.com/apache/hadoop/blob/trunk/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/Master.java#L31).
It would be best to not rely on it because they could change it at any time
without warning. If we really need that code, we should copy it into Oozie
somewhere. That said {{HadoopAccessorService#getMRDelegationTokenRenewer}}
already gets you the token renewer, right? We could use that or something
similar.
> HDFS HA and log aggregation: getting HDFS delegation token from YARN renewer
> within JavaActionExecutor
> ------------------------------------------------------------------------------------------------------
>
> Key: OOZIE-3035
> URL: https://issues.apache.org/jira/browse/OOZIE-3035
> Project: Oozie
> Issue Type: Bug
> Affects Versions: 4.3.0
> Environment: * [*Hadoop 3 alpha
> 4*|https://github.com/apache/hadoop/tree/branch-3.0.0-alpha4]
> * [*HDFS
> HA*|https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithNFS.html]
> * log aggregation turned on
> Reporter: Andras Piros
> Assignee: Andras Piros
> Fix For: 5.0.0
>
> Attachments: OOZIE-3035.001.patch
>
>
> In a secure environment, when both HDFS HA and log aggregation are turned on,
> {{JavaActionExecutor}} is not able to call {{YarnClient#submitApplication}}
> since {{HDFS_DELEGATION_TOKEN}} is missing.
> In those cases we need to get {{HDFS_DELEGATION_TOKEN}} from YARN:
> * get YARN renewer via {{Master#getMasterPrincipal}}
> * get {{HDFS_DELEGATION_TOKEN}} via {{DFSClient#getDelegationToken}}
> * add {{HDFS_DELEGATION_TOKEN}} to {{Credentials}}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
