[
https://issues.apache.org/jira/browse/MAPREDUCE-2764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13101306#comment-13101306
]
Owen O'Malley commented on MAPREDUCE-2764:
------------------------------------------
Daryn, the service is set by the DelegationTokenFetcher, since it has to happen
over there anyways.
The service isn't a generic field that is required to be <host>:<port>, it is
for the use of each kind of token. The current tokens use that format, but it
isn't a requirement. Obviously a shared library of methods to help are a good
thing and should be used.
That said, the current SecurityUtil class needs cleanup to remove all of the
redundant methods and provide a much cleaner and better documented abstraction.
> Fix renewal of dfs delegation tokens
> ------------------------------------
>
> Key: MAPREDUCE-2764
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2764
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Reporter: Daryn Sharp
> Assignee: Owen O'Malley
> Fix For: 0.20.205.0
>
> Attachments: MAPREDUCE-2764-2.patch, MAPREDUCE-2764-3.patch,
> MAPREDUCE-2764-4.patch, MAPREDUCE-2764.patch, delegation.patch,
> token-renew.patch, token-renew.patch
>
>
> The JT may have issues renewing hftp tokens which disrupt long distcp jobs.
> The problem is the JT's delegation token renewal code is built on brittle
> assumptions. The token's service field contains only the "ip:port" pair.
> The renewal process assumes that the scheme must be hdfs. If that fails due
> to a {{VersionMismatchException}}, it tries https based on another assumption
> that it must be hftp if it's not hdfs. A number of other exceptions, most
> commonly {{IOExceptions}}, can be generated which fouls up the renewal since
> it won't fallback to https.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
