[
https://issues.apache.org/jira/browse/YARN-3104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14298028#comment-14298028
]
Jian He commented on YARN-3104:
-------------------------------
Trying to understand this, do you mean once the connection is authenticated,
take MapReduce as an example, even if MapReduce AM gets the new token and add
the new token into its ugi. But because the connection will not
re-authenticate, it always uses the old token for this comparison
{{nextMasterKey.getMasterKey().getKeyId() != amrmTokenIdentifier.getKeyId()}}
which leads to RM keep sending new tokens ?
> RM continues to send new AMRM tokens every heartbeat between rolling and
> activation
> -----------------------------------------------------------------------------------
>
> Key: YARN-3104
> URL: https://issues.apache.org/jira/browse/YARN-3104
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.6.0
> Reporter: Jason Lowe
> Assignee: Jason Lowe
> Attachments: YARN-3104.001.patch
>
>
> When the RM rolls a new AMRM secret, it conveys this to the AMs when it
> notices they are still connected with the old key. However neither the RM
> nor the AM explicitly close the connection or otherwise try to reconnect with
> the new secret. Therefore the RM keeps thinking the AM doesn't have the new
> token on every heartbeat and keeps sending new tokens for the period between
> the key roll and the key activation. Once activated the RM no longer squawks
> in its logs about needing to generate a new token every heartbeat (i.e.:
> second) for every app, but the apps can still be using the old token. The
> token is only checked upon connection to the RM. The apps don't reconnect
> when sent a new token, and the RM doesn't force them to reconnect by closing
> the connection.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
