[
https://issues.apache.org/jira/browse/YARN-10311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17137779#comment-17137779
]
Eric Yang commented on YARN-10311:
----------------------------------
[~BilwaST], thank you for patch 002. I am not sure if this change is good.
1. Removing final from org.apache.hadoop.security.token.Token is dangerous,
and can cause third party code to inject malicious credential after it's
creation.
2. Delegation token should work across namenodes. There is no reason to
obtain separated DT individually. The token is always renewed with active
namenode. Get delegation token request is redirected from standby namenode to
active namenode. Otherwise, this solution would require a lot more inner
tracking mechanism to know which token must be renewed with which name service.
The complexity would quickly grow out of hand.
3. There is no precedence of doing manual token renewals with each name service
in Hadoop code.
Can you explain in more details why is this necessary? Thanks
> Yarn Service should support obtaining tokens from multiple name services
> ------------------------------------------------------------------------
>
> Key: YARN-10311
> URL: https://issues.apache.org/jira/browse/YARN-10311
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Bilwa S T
> Assignee: Bilwa S T
> Priority: Major
> Attachments: YARN-10311.001.patch, YARN-10311.002.patch
>
>
> Currently yarn services support single name service tokens. We can add a new
> conf called
> "yarn.service.hdfs-servers" for supporting this
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
