[ https://issues.apache.org/jira/browse/MAPREDUCE-5199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13659804#comment-13659804 ]
Daryn Sharp commented on MAPREDUCE-5199: ---------------------------------------- The referenced jiras add the app token to the launch context, which causes the app token to leak to the task. When the task launches a child job, it dumps out its credentials (including the leaked app token) to the appTokens file. The new AM gets its credentials from the login UGI which contains a new app token from the RM, but when it reads the appTokens file the new app token is squashed with the parent job's app token. The AM never starts up. > AppTokens file can/should be removed > ------------------------------------ > > Key: MAPREDUCE-5199 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-5199 > Project: Hadoop Map/Reduce > Issue Type: Sub-task > Components: security > Affects Versions: 3.0.0, 2.0.5-beta > Reporter: Vinod Kumar Vavilapalli > Assignee: Daryn Sharp > Priority: Blocker > Attachments: MAPREDUCE-5199.patch > > > All the required tokens are propagated to AMs and containers via > startContainer(), no need for explicitly creating the app-token file that we > have today.. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira