Hi Ted, The TwillRunner supports running a periodic task to acquire new delegation tokens in the client side (as it's kerberos authenticated). Twill will then push the new delegation tokens to a HDFS location, that is only readable by the YARN application. The Twill AM also periodically pull that HDFS location as well to see if it has updated delegation tokens. This approach requires the client process is keep running (or at least runs periodically before the current tokens expires).
This is the method I mentioned above: http://twill.incubator.apache.org/apidocs/org/apache/twill/api/TwillRunner.html#scheduleSecureStoreUpdate(org.apache.twill.api.SecureStoreUpdater, long, long, java.util.concurrent.TimeUnit) Terence On Wed, Aug 13, 2014 at 9:52 AM, Ted Yu <[email protected]> wrote: > Hi, > Applications on YARN can run for over 7 days. > Can someone tell me how Twill handles tokens in secure deployment ? > > Thanks
