[
https://issues.apache.org/jira/browse/YARN-3104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14299032#comment-14299032
]
Jian He commented on YARN-3104:
-------------------------------
thanks for your detailed explanation. Effectively, so far, the new token client
get from the server is not used by the server at all for re-authenticatoin..
patch looks good to me.
> RM generates new AMRM tokens every heartbeat between rolling and activation
> ---------------------------------------------------------------------------
>
> Key: YARN-3104
> URL: https://issues.apache.org/jira/browse/YARN-3104
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.6.0
> Reporter: Jason Lowe
> Assignee: Jason Lowe
> Attachments: YARN-3104.001.patch
>
>
> When the RM rolls a new AMRM secret, it conveys this to the AMs when it
> notices they are still connected with the old key. However neither the RM
> nor the AM explicitly close the connection or otherwise try to reconnect with
> the new secret. Therefore the RM keeps thinking the AM doesn't have the new
> token on every heartbeat and keeps sending new tokens for the period between
> the key roll and the key activation. Once activated the RM no longer squawks
> in its logs about needing to generate a new token every heartbeat (i.e.:
> second) for every app, but the apps can still be using the old token. The
> token is only checked upon connection to the RM. The apps don't reconnect
> when sent a new token, and the RM doesn't force them to reconnect by closing
> the connection.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
