[GitHub] [hadoop] slfan1989 commented on pull request #5443: YARN-11448 [Federation] Stateless Router Secret Manager

Wed, 01 Mar 2023 23:48:47 -0800 


slfan1989 commented on PR #5443:
URL: https://github.com/apache/hadoop/pull/5443#issuecomment-1451434842

   > > Purging Delegation Token / Master key on expiry assumes all tokens are 
available in memory
   > 
   > > > We only cache tokens in MemeoryStateStore, but MemeoryStateStore is 
not a distributed storage and can only be used for test verification. It is 
recommended to use ZKFederationStateStore Or SQLServerFederationStateStore.
   > 
   > Yes by in memory variables I meant the class instance variables like 
currentTokens, currentKey, allKeys. Currently, it doesn't look at all variables 
in the database.
   
   - currentKey
   We implement `getDelegationTokenSeqNum` and `getCurrentKeyId` of 
`AbstractDelegationTokenSecretManager` in `RouterDelegationTokenSecretManager`. 
   These information will not return local variables, but return after querying 
shared storage.
   
   - currentTokens
   
   We store the RMDelegationTokenIdentifier in the local currentToken. If the 
Token of the client changes, we can only get null, Then query from shared 
storage.
   
   RouterDelegationTokenSecretManager#getTokenInfo
   ```
   // First check if I have this..
       DelegationTokenInformation tokenInfo = currentTokens.get(ident);
       if (tokenInfo == null) {
         try {
           RouterRMTokenResponse response = 
federationFacade.getTokenByRouterStoreToken(ident);
           RouterStoreToken routerStoreToken = response.getRouterStoreToken();
           String tokenStr = routerStoreToken.getTokenInfo();
           byte[] tokenBytes = Base64.getUrlDecoder().decode(tokenStr);
           tokenInfo = 
RouterDelegationTokenSupport.decodeDelegationTokenInformation(tokenBytes);
         } catch (Exception e) {
           LOG.error("Error retrieving tokenInfo [" + ident.getSequenceNumber()
               + "] from StateStore.", e);
           throw new YarnRuntimeException(e);
         }
       }
       return tokenInfo;
   ```
   
   
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to