[
https://issues.apache.org/jira/browse/HADOOP-14987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16226213#comment-16226213
]
Xiao Chen commented on HADOOP-14987:
------------------------------------
Thanks Xiaoyu.
bq. TestLoadBalancingKMSClientProvider#testCreation
Can we accommodate that by using some test-only flags and logic? Then we don't
need to worry about the 9600 since it's test-only.
bq. I'm hesitant to annotate the new API with @InterfaceAudience.Private
Makes sense to me. We can still try to downgrade that from the UGI's {{Public}}
{{Evolving}} to {{LimitedPrivate}} {{Unstable}}, so we don't have to worry
future changes.
> Improve KMSClientProvider log around delegation token checking
> --------------------------------------------------------------
>
> Key: HADOOP-14987
> URL: https://issues.apache.org/jira/browse/HADOOP-14987
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 2.7.3
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Attachments: HADOOP-14987.001.patch, HADOOP-14987.002.patch
>
>
> KMSClientProvider#containsKmsDt uses SecurityUtil.buildTokenService(addr) to
> build the key to look for KMS-DT from the UGI's token map. The token lookup
> key here varies depending on the KMSClientProvider's configuration value for
> hadoop.security.token.service.use_ip. In certain cases, the token obtained
> with non-matching hadoop.security.token.service.use_ip setting will not be
> recognized by KMSClientProvider. This ticket is opened to improve logs for
> troubleshooting KMS delegation token related issues like this.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
