[
https://issues.apache.org/jira/browse/MAPREDUCE-5199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13659804#comment-13659804
]
Daryn Sharp commented on MAPREDUCE-5199:
----------------------------------------
The referenced jiras add the app token to the launch context, which causes the
app token to leak to the task. When the task launches a child job, it dumps
out its credentials (including the leaked app token) to the appTokens file.
The new AM gets its credentials from the login UGI which contains a new app
token from the RM, but when it reads the appTokens file the new app token is
squashed with the parent job's app token. The AM never starts up.
> AppTokens file can/should be removed
> ------------------------------------
>
> Key: MAPREDUCE-5199
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-5199
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: security
> Affects Versions: 3.0.0, 2.0.5-beta
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: MAPREDUCE-5199.patch
>
>
> All the required tokens are propagated to AMs and containers via
> startContainer(), no need for explicitly creating the app-token file that we
> have today..
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
