krishan1390 opened a new pull request, #5443: URL: https://github.com/apache/hadoop/pull/5443
### Description of PR JIRA - https://issues.apache.org/jira/browse/YARN-11448 Currently router secret manager requires routers to be stateful & with clients using sticky sessions. Otherwise, there are several issues mentioned below which lead to the delegation token functionality not working across router instances Eg: - allKeys needs to be consistently updated across all router instances - DB update exceptions are swallowed & returned as a success if just in memory variables are updated - Purging Delegation Token / Master key on expiry assumes all tokens are available in memory - APIs like get all tokens return only in memory data which is incorrect A more scalable & maintainable framework for Router would be to be design it as a stateless service. Given database KV lookups are in the order of < 10 ms, it doesn't add any latency overhead and makes router easier to maintain. Plus a stateless router setup, with no assumptions of stickiness makes the router framework more generic. Additionally, some of the functionality around master key ids, delegation token sequence numbers is implemented as globally autoincrement ids which too isn't feasible across all datastores. The actual requirement is to generate unique keys for master key ids / delegation tokens which is a much more simpler & generic solution. Plus certain apis like get sequence no / set sequence no aren't applicable for router and we can avoid providing them to make things much more simpler. This patch addresses these functional concerns while working within the interfaces of AbstractDelegationTokenSecretManager. As a later patch, we can create better delegation token interfaces to support both stateful & stateless secret managers. ### How was this patch tested? Unit Tests - Currently implemented 1 test - testNewTokenVerification - adding more test cases -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
