[
https://issues.apache.org/jira/browse/HADOOP-14987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16225874#comment-16225874
]
Xiaoyu Yao commented on HADOOP-14987:
-------------------------------------
Thanks [~xiaochen] for the review. This additional line was added mainly for
the TestLoadBalancingKMSClientProvider#testCreation where the provider creation
tests uses kmsUrl without proper port. In production, the key.provider.uri
should always have a valid port toward the KMS server.
I'm hesitant to annotate the new API with @InterfaceAudience.Private because
this may be useful for upstream projects such as MR/Hive/Spark, etc. for
debugging token and UGI related code. The original one is kept to handle the
case where the caller may not have a log instance. As a result, UGI log is used
as a fallback.
> Improve KMSClientProvider log around delegation token checking
> --------------------------------------------------------------
>
> Key: HADOOP-14987
> URL: https://issues.apache.org/jira/browse/HADOOP-14987
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 2.7.3
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Attachments: HADOOP-14987.001.patch, HADOOP-14987.002.patch
>
>
> KMSClientProvider#containsKmsDt uses SecurityUtil.buildTokenService(addr) to
> build the key to look for KMS-DT from the UGI's token map. The token lookup
> key here varies depending on the KMSClientProvider's configuration value for
> hadoop.security.token.service.use_ip. In certain cases, the token obtained
> with non-matching hadoop.security.token.service.use_ip setting will not be
> recognized by KMSClientProvider. This ticket is opened to improve logs for
> troubleshooting KMS delegation token related issues like this.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
