Ahmed Hussein created HADOOP-17368:
--------------------------------------
Summary: Zookeeper secret manager attempts to reuse token sequence
numbers
Key: HADOOP-17368
URL: https://issues.apache.org/jira/browse/HADOOP-17368
Project: Hadoop Common
Issue Type: Bug
Components: security
Reporter: Ahmed Hussein
Assignee: Ahmed Hussein
[~daryn] reported that the ZK delegation token secret manager uses a
{{SharedCounter}} to synchronize increments of a monotonically increasing
sequence number for new tokens. Yet the KMS logs occasionally, depending on
load, contains an odd error indicating collisions:
{code:bash}
org.apache.zookeeper.KeeperException$NodeExistsException: KeeperErrorCode =
NodeExists for /zkdtsm/ZKDTSMRoot/ZKDTSMTokensRoot/DT_137547444
{code}
ZKDTSM does a CAS get and set of the sequence number. Rather than return the
value it set, it returns the current value which may have already been
incremented by another KMS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
