[
https://issues.apache.org/jira/browse/MAPREDUCE-6565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15674604#comment-15674604
]
Junping Du commented on MAPREDUCE-6565:
---------------------------------------
I probably won't agree it could be safe to let job.xml settings to override all
configurations, especially serve-side configuration. Forget about MR tarball
case, do we think this setting in job.xml should override what we have in local
configuration? I think it is probably not - as I mentioned above, it won't have
any benefit to give client flexibility to be different with what server
settings. Isn't it?
Base on that, back to MR tar ball case, if we think everything inside of MR
tarball should be per job only, then only client configuration should work, but
serve configuration (like case here) shouldn't get chance to override cluster
setting. I am not fully agree that it should be cluster admin' job to create
tarball and keep consistent for all configurations with cluster settings. In
supportability prospective, making some server-side configurations to be
transparent from client setting (job.xml or mr tar ball config) should be our
job.
Given that, I think the real problem now is: we should bypass server-side
configurations in mr tar ball. Thoughts?
> Configuration to use host name in delegation token service is not read from
> job.xml during MapReduce job execution.
> -------------------------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-6565
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-6565
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Reporter: Chris Nauroth
> Assignee: Li Lu
>
> By default, the service field of a delegation token is populated based on
> server IP address. Setting {{hadoop.security.token.service.use_ip}} to
> {{false}} changes this behavior to use host name instead of IP address.
> However, this configuration property is not read from job.xml. Instead, it's
> read from a separate {{Configuration}} instance created during static
> initialization of {{SecurityUtil}}. This does not work correctly with
> MapReduce jobs if the framework is distributed by setting
> {{mapreduce.application.framework.path}} and the
> {{mapreduce.application.classpath}} is isolated to avoid reading
> core-site.xml from the cluster nodes. MapReduce tasks will fail to
> authenticate to HDFS, because they'll try to find a delegation token based on
> the NameNode IP address, even though at job submission time the tokens were
> generated using the host name.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: mapreduce-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: mapreduce-issues-h...@hadoop.apache.org
