[ https://issues.apache.org/jira/browse/HDFS-14035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16667872#comment-16667872 ]
Chen Liang commented on HDFS-14035: ----------------------------------- Post v001 patch which enables delegation token for HAService protocol. The way it works is that, currently in SaslRpcClient#getTokenInfo, it goes through all the security info providers and returns the first found non-null token info. And the security info providers are specified in {{org.apache.hadoop.security.SecurityInfo}} file in META-INF.services directory of all packages. v001 patch introduces a new HDFS specific security info provider, the only thing it does is returning delegation token selector when it is HAService protocol, one good thing with this approach is that configuration is being passed around so we can choose to disable this when it is not observer read case (yet to be implemented). This is also very similar to how existing LocalizerSecurityInfo works. Still missing unit test, but have tried with a simple word count job, job succeeded with this change. > NN status discovery does not leverage delegation token > ------------------------------------------------------ > > Key: HDFS-14035 > URL: https://issues.apache.org/jira/browse/HDFS-14035 > Project: Hadoop HDFS > Issue Type: Sub-task > Reporter: Chen Liang > Assignee: Chen Liang > Priority: Major > Attachments: HDFS-14035-HDFS-12943.001.patch > > > Currently ObserverReadProxyProvider uses > {{HAServiceProtocol#getServiceStatus}} to get the status of each NN. However > {{HAServiceProtocol}} does not leverage delegation token. So when running an > application on YARN and when YARN node manager makes this call > getServiceStatus, token authentication will fail, causing the application to > fail. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org