[jira] [Commented] (HADOOP-13539) KMS's zookeeper-based secret manager should be consistent when failed to remove node

Thu, 25 Aug 2016 10:05:38 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15437233#comment-15437233
 ] 

Xiao Chen commented on HADOOP-13539:
------------------------------------

Thanks Arun for the explanation. Looking closer at the version of this 
exception, I think HADOOP-11722 will cover the {{NoNodeException}} I saw 
specifically.

That said, I still think current patch is valid. If a deletion failed, the 
current KMS instance is brought down by the exception, but the peers are still 
running and without knowing that instance being down, right?

Also, for DT auth, the token is 
[verified|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java#L335],
 which eventually [checks its 
expire|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java#L425]
 time, so I don't think an expired token would work - otherwise we should fix 
it as a big security flaw.

> KMS's zookeeper-based secret manager should be consistent when failed to 
> remove node
> ------------------------------------------------------------------------------------
>
>                 Key: HADOOP-13539
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13539
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13539.01.patch
>
>
> In {{ZKDelegationTokenSecretManager}}, the 2 methods 
> {{removeStoredMasterKey}} and {{removeStoredToken}} are very much alike, yet 
> handles exception differently. We should not throw RTE if a node cannot be 
> removed - logging is enough.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to