[jira] [Updated] (YARN-10816) Avoid doing delegation token ops when yarn.timeline-service.http-authentication.type=simple
[ https://issues.apache.org/jira/browse/YARN-10816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Szilard Nemeth updated YARN-10816: -- Fix Version/s: 3.4.0 > Avoid doing delegation token ops when > yarn.timeline-service.http-authentication.type=simple > --- > > Key: YARN-10816 > URL: https://issues.apache.org/jira/browse/YARN-10816 > Project: Hadoop YARN > Issue Type: Bug > Components: timelineclient >Affects Versions: 3.4.0 >Reporter: Tarun Parimi >Assignee: Tarun Parimi >Priority: Major > Fix For: 3.4.0 > > Attachments: YARN-10816.001.patch, YARN-10816.002.patch > > > YARN-10339 introduced changes to ensure that PseudoAuthenticationHandler is > used in TimelineClient when > yarn.timeline-service.http-authentication.type=simple > PseudoAuthenticationHandler doesn't support delegation token ops like get, > renew and cancel since those ops strictly require SPNEGO auth to work. We > don't use timeline delegation tokens when simple auth is used. > Prior to YARN-10339, Timeline delegation tokens were unnecessarily used when > yarn.timeline-service.http-authentication.type=simple, but hadoop security > was enabled. After YARN-10339, the tokens are not used when > yarn.timeline-service.http-authentication.type=simple. > In a rolling upgrade scenario, we can have a client which doesn't have > YARN-10339 changes submitting an application and requests a Timeline > delegation token even when > yarn.timeline-service.http-authentication.type=simple. RM on the other hand > can have YARN-10339 changes and so will result in error while trying to renew > the token with PseudoAuthenticationHandler. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-10816) Avoid doing delegation token ops when yarn.timeline-service.http-authentication.type=simple
[ https://issues.apache.org/jira/browse/YARN-10816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tarun Parimi updated YARN-10816: Attachment: YARN-10816.002.patch > Avoid doing delegation token ops when > yarn.timeline-service.http-authentication.type=simple > --- > > Key: YARN-10816 > URL: https://issues.apache.org/jira/browse/YARN-10816 > Project: Hadoop YARN > Issue Type: Bug > Components: timelineclient >Affects Versions: 3.4.0 >Reporter: Tarun Parimi >Assignee: Tarun Parimi >Priority: Major > Attachments: YARN-10816.001.patch, YARN-10816.002.patch > > > YARN-10339 introduced changes to ensure that PseudoAuthenticationHandler is > used in TimelineClient when > yarn.timeline-service.http-authentication.type=simple > PseudoAuthenticationHandler doesn't support delegation token ops like get, > renew and cancel since those ops strictly require SPNEGO auth to work. We > don't use timeline delegation tokens when simple auth is used. > Prior to YARN-10339, Timeline delegation tokens were unnecessarily used when > yarn.timeline-service.http-authentication.type=simple, but hadoop security > was enabled. After YARN-10339, the tokens are not used when > yarn.timeline-service.http-authentication.type=simple. > In a rolling upgrade scenario, we can have a client which doesn't have > YARN-10339 changes submitting an application and requests a Timeline > delegation token even when > yarn.timeline-service.http-authentication.type=simple. RM on the other hand > can have YARN-10339 changes and so will result in error while trying to renew > the token with PseudoAuthenticationHandler. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-10816) Avoid doing delegation token ops when yarn.timeline-service.http-authentication.type=simple
[ https://issues.apache.org/jira/browse/YARN-10816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tarun Parimi updated YARN-10816: Attachment: YARN-10816.001.patch > Avoid doing delegation token ops when > yarn.timeline-service.http-authentication.type=simple > --- > > Key: YARN-10816 > URL: https://issues.apache.org/jira/browse/YARN-10816 > Project: Hadoop YARN > Issue Type: Bug > Components: timelineclient >Affects Versions: 3.4.0 >Reporter: Tarun Parimi >Assignee: Tarun Parimi >Priority: Major > Attachments: YARN-10816.001.patch > > > YARN-10339 introduced changes to ensure that PseudoAuthenticationHandler is > used in TimelineClient when > yarn.timeline-service.http-authentication.type=simple > PseudoAuthenticationHandler doesn't support delegation token ops like get, > renew and cancel since those ops strictly require SPNEGO auth to work. We > don't use timeline delegation tokens when simple auth is used. > Prior to YARN-10339, Timeline delegation tokens were unnecessarily used when > yarn.timeline-service.http-authentication.type=simple, but hadoop security > was enabled. After YARN-10339, the tokens are not used when > yarn.timeline-service.http-authentication.type=simple. > In a rolling upgrade scenario, we can have a client which doesn't have > YARN-10339 changes submitting an application and requests a Timeline > delegation token even when > yarn.timeline-service.http-authentication.type=simple. RM on the other hand > can have YARN-10339 changes and so will result in error while trying to renew > the token with PseudoAuthenticationHandler. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
