[ https://issues.apache.org/jira/browse/MAPREDUCE-2764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13101306#comment-13101306 ]
Owen O'Malley commented on MAPREDUCE-2764: ------------------------------------------ Daryn, the service is set by the DelegationTokenFetcher, since it has to happen over there anyways. The service isn't a generic field that is required to be <host>:<port>, it is for the use of each kind of token. The current tokens use that format, but it isn't a requirement. Obviously a shared library of methods to help are a good thing and should be used. That said, the current SecurityUtil class needs cleanup to remove all of the redundant methods and provide a much cleaner and better documented abstraction. > Fix renewal of dfs delegation tokens > ------------------------------------ > > Key: MAPREDUCE-2764 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-2764 > Project: Hadoop Map/Reduce > Issue Type: Bug > Reporter: Daryn Sharp > Assignee: Owen O'Malley > Fix For: 0.20.205.0 > > Attachments: MAPREDUCE-2764-2.patch, MAPREDUCE-2764-3.patch, > MAPREDUCE-2764-4.patch, MAPREDUCE-2764.patch, delegation.patch, > token-renew.patch, token-renew.patch > > > The JT may have issues renewing hftp tokens which disrupt long distcp jobs. > The problem is the JT's delegation token renewal code is built on brittle > assumptions. The token's service field contains only the "ip:port" pair. > The renewal process assumes that the scheme must be hdfs. If that fails due > to a {{VersionMismatchException}}, it tries https based on another assumption > that it must be hftp if it's not hdfs. A number of other exceptions, most > commonly {{IOExceptions}}, can be generated which fouls up the renewal since > it won't fallback to https. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira