Gary Helmling created TWILL-109:
-----------------------------------
Summary: SecureStoreUpdater related improvements
Key: TWILL-109
URL: https://issues.apache.org/jira/browse/TWILL-109
Project: Apache Twill
Issue Type: Improvement
Components: api, yarn
Affects Versions: 0.3.0-incubating
Reporter: Gary Helmling
There are a couple aspects of the {{SecureStoreUpdater}} mechanism that should
be improved:
# When using {{YarnUtils.addDelegationTokens()}} to refresh delegation tokens
for an application, the calling code must provide a new {{Credentials}}
instance to ensure that new tokens are fetched for HDFS and the YARN RM. If a
token already exists in the given {{Credentials}} that matches the derived
service name, a new token will not be requested. We should at least clearly
document this behavior, and possibly refactor the API so that a {{Credentials}}
instance does not need to be provided, and so that new tokens are obtained by
default.
# When multiple {{SecureStoreUpdater}} instances are in use, since all
credentials are written to the same file in HDFS, it seems to be possible for
each updater to overwrite the currently saved credentials. From testing, this
seems to happen, even though {{YarnTwillRunnerService.updateCredentials()}} has
code to read in the existing credentials file and merge the provided
credentials to it. More testing and debugging is needed to determine if this
could be due to a race condition or another bug in the code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
