Alex Ivanov created HADOOP-13487:
------------------------------------
Summary: Hadoop KMS doesn't clean up old delegation tokens stored
in Zookeeper
Key: HADOOP-13487
URL: https://issues.apache.org/jira/browse/HADOOP-13487
Project: Hadoop Common
Issue Type: Bug
Components: kms
Affects Versions: 2.6.0
Reporter: Alex Ivanov
Configuration:
CDH 5.5.1 (Hadoop 2.6+)
KMS configured to store delegation tokens in Zookeeper
DEBUG logging enabled in /etc/hadoop-kms/conf/kms-log4j.properties
Findings:
It seems to me delegation tokens never get cleaned up from Zookeeper past their
renewal date. I can see in the logs that the removal thread is started with the
expected interval:
{code}
2016-08-11 08:15:24,511 INFO AbstractDelegationTokenSecretManager - Starting
expired delegation token remover thread, tokenRemoverScanInterval=60 min(s)
{code}
However, I don't see any delegation token removals, indicated by the following
log message:
org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager -->
removeStoredToken(TokenIdent ident), line 769 [CDH]
{code}
if (LOG.isDebugEnabled()) {
LOG.debug("Removing ZKDTSMDelegationToken_"
+ ident.getSequenceNumber());
}
{code}
Meanwhile, I see a lot of expired delegation tokens in Zookeeper that don't get
cleaned up.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
