[
https://issues.apache.org/jira/browse/HADOOP-13487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15428963#comment-15428963
]
Lei (Eddy) Xu commented on HADOOP-13487:
----------------------------------------
Hi, [~xiaochen]
The patch LGTM overall. But I am not very familiar with this area.
The only small suggestion I have is that, we can probably create a help
function for the cache force loading part for both keyCache and tokenCache.
{code}
LOG.info("Starting to load key cache.");
365 final List<ChildData> children = keyCache.getCurrentData();
366 int count = 0;
367 for (ChildData child : children) {
368 try {
369 processKeyAddOrUpdate(child.getData());
370 } catch (Exception e) {
371 LOG.info("Ignoring node {} because it failed to load.",
372 child.getPath());
373 LOG.debug("Failure exception:", e);
374 ++count;
375 }
376 }
377 if (count > 0) {
378 LOG.warn("Ignored {} nodes while loading keyCache.", count);
379 }
380 LOG.info("Loaded key cache.");
{code}
+1 pending the changes.
> Hadoop KMS doesn't clean up old delegation tokens stored in Zookeeper
> ---------------------------------------------------------------------
>
> Key: HADOOP-13487
> URL: https://issues.apache.org/jira/browse/HADOOP-13487
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Alex Ivanov
> Assignee: Xiao Chen
> Attachments: HADOOP-13487.01.patch, HADOOP-13487.02.patch
>
>
> Configuration:
> CDH 5.5.1 (Hadoop 2.6+)
> KMS configured to store delegation tokens in Zookeeper
> DEBUG logging enabled in /etc/hadoop-kms/conf/kms-log4j.properties
> Findings:
> It seems to me delegation tokens never get cleaned up from Zookeeper past
> their renewal date. I can see in the logs that the removal thread is started
> with the expected interval:
> {code}
> 2016-08-11 08:15:24,511 INFO AbstractDelegationTokenSecretManager - Starting
> expired delegation token remover thread, tokenRemoverScanInterval=60 min(s)
> {code}
> However, I don't see any delegation token removals, indicated by the
> following log message:
> org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager
> --> removeStoredToken(TokenIdent ident), line 769 [CDH]
> {code}
> if (LOG.isDebugEnabled()) {
> LOG.debug("Removing ZKDTSMDelegationToken_"
> + ident.getSequenceNumber());
> }
> {code}
> Meanwhile, I see a lot of expired delegation tokens in Zookeeper that don't
> get cleaned up.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
