Alex Ivanov created HADOOP-13487: ------------------------------------ Summary: Hadoop KMS doesn't clean up old delegation tokens stored in Zookeeper Key: HADOOP-13487 URL: https://issues.apache.org/jira/browse/HADOOP-13487 Project: Hadoop Common Issue Type: Bug Components: kms Affects Versions: 2.6.0 Reporter: Alex Ivanov
Configuration: CDH 5.5.1 (Hadoop 2.6+) KMS configured to store delegation tokens in Zookeeper DEBUG logging enabled in /etc/hadoop-kms/conf/kms-log4j.properties Findings: It seems to me delegation tokens never get cleaned up from Zookeeper past their renewal date. I can see in the logs that the removal thread is started with the expected interval: {code} 2016-08-11 08:15:24,511 INFO AbstractDelegationTokenSecretManager - Starting expired delegation token remover thread, tokenRemoverScanInterval=60 min(s) {code} However, I don't see any delegation token removals, indicated by the following log message: org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager --> removeStoredToken(TokenIdent ident), line 769 [CDH] {code} if (LOG.isDebugEnabled()) { LOG.debug("Removing ZKDTSMDelegationToken_" + ident.getSequenceNumber()); } {code} Meanwhile, I see a lot of expired delegation tokens in Zookeeper that don't get cleaned up. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org