[jira] [Commented] (YARN-2770) Timeline delegation tokens need to be automatically renewed by the RM

Thu, 30 Oct 2014 14:14:54 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-2770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14190855#comment-14190855
 ] 

Jian He commented on YARN-2770:
-------------------------------

thanks Zhijie ! some comments:
- {{SecurityUtil#getServerPrincipal}} may be useful.
{code}
    if (rmPrincipal != null && rmPrincipal.length() > 0) {
      renewer = new KerberosName(rmPrincipal).getServiceName();
    }
{code}
- We may replace the token after renew is really succeeded. 
{code}
            if (!timelineDT.equals(token.getDelegationToken())) {
              token.setDelegationToken((Token) timelineDT);
            }
{code}
- In cancelDelegationToken, why replacing the token. Also rename the 
{{renewDTAction}} to {{cacnelDT}}
{code}
            // If the timeline DT to renew is different than cached, replace it.
            // Token to set every time for retry, because when exception 
happens,
            // DelegationTokenAuthenticatedURL will reset it to null;
            if (!timelineDT.equals(token.getDelegationToken())) {
              token.setDelegationToken((Token) timelineDT);
            }
{code}
- the same DelegationTokenAuthenticatedURL is instantiated multiple times, is 
it possible to store it as a variable ?
{code}
            DelegationTokenAuthenticatedURL authUrl =
                new DelegationTokenAuthenticatedURL(authenticator,
                    connConfigurator);
{code}
- similarly for the timeline client instantiation.
{code}
       TimelineClient client = TimelineClient.createTimelineClient();
        client.init(conf);
        client.start();
{code}

> Timeline delegation tokens need to be automatically renewed by the RM
> ---------------------------------------------------------------------
>
>                 Key: YARN-2770
>                 URL: https://issues.apache.org/jira/browse/YARN-2770
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>    Affects Versions: 2.5.0
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>            Priority: Critical
>         Attachments: YARN-2770.1.patch
>
>
> YarnClient will automatically grab a timeline DT for the application and pass 
> it to the app AM. Now the timeline DT renew is still dummy. If an app is 
> running for more than 24h (default DT expiry time), the app AM is no longer 
> able to use the expired DT to communicate with the timeline server. Since RM 
> will cache the credentials of each app, and renew the DTs for the running 
> app. We should provider renew hooks similar to what HDFS DT has for RM, and 
> set RM user as the renewer when grabbing the timeline DT.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to