[jira] [Commented] (HDFS-14035) NN status discovery does not leverage delegation token

Mon, 29 Oct 2018 16:08:12 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-14035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16667872#comment-16667872
 ] 

Chen Liang commented on HDFS-14035:
-----------------------------------

Post v001 patch which enables delegation token for HAService protocol. The way 
it works is that, currently in SaslRpcClient#getTokenInfo, it goes through all 
the security info providers and returns the first found non-null token info. 
And the security info providers are specified in 
{{org.apache.hadoop.security.SecurityInfo}} file in META-INF.services directory 
of all packages. v001 patch introduces a new HDFS specific security info 
provider, the only thing it does is returning delegation token selector when it 
is HAService protocol, one good thing with this approach is that configuration 
is being passed around so we can choose to disable this when it is not observer 
read case (yet to be implemented). This is also very similar to how existing 
LocalizerSecurityInfo works. 

Still missing unit test, but have tried with a simple word count job, job 
succeeded with this change.

> NN status discovery does not leverage delegation token
> ------------------------------------------------------
>
>                 Key: HDFS-14035
>                 URL: https://issues.apache.org/jira/browse/HDFS-14035
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>            Reporter: Chen Liang
>            Assignee: Chen Liang
>            Priority: Major
>         Attachments: HDFS-14035-HDFS-12943.001.patch
>
>
> Currently ObserverReadProxyProvider uses 
> {{HAServiceProtocol#getServiceStatus}} to get the status of each NN. However 
> {{HAServiceProtocol}} does not leverage delegation token. So when running an 
> application on YARN and when YARN node manager makes this call 
> getServiceStatus, token authentication will fail, causing the application to 
> fail.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to