Re: [PR] HDFS-17849 : Fix for Namenode crashed while cleaning up Expired Delegation tokens of older realm [hadoop]

Fri, 07 Nov 2025 22:58:39 -0800 


surendralilhore commented on code in PR #8054:
URL: https://github.com/apache/hadoop/pull/8054#discussion_r2506337576


##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java:
##########
@@ -858,7 +858,11 @@ private void removeExpiredToken() throws IOException {
         long renewDate = entry.getValue().getRenewDate();
         if (renewDate < now) {
           expiredTokens.add(entry.getKey());
-          removeTokenForOwnerStats(entry.getKey());
+          try {
+            removeTokenForOwnerStats(entry.getKey());

Review Comment:
   @arunreddyav, I have a question, similar to what @Hexiaoqiao mentioned: how 
are we handling the cleanup of tokenOwnerStats in exception cases? Could you 
check if the following idea makes sense?
   We need to ensure that tokenOwnerStats is cleaned up when an exception 
occurs. To do this, we should try to obtain the real user from the token 
identity, like so:
   
   ```
             try {
               removeTokenForOwnerStats(entry.getKey());
             } catch (IllegalArgumentException e) {
               
**removeTokenForOwnerStats(entry.getKey().getRealUser().toString());**
               LOG.warn("Ignoring the exception in removeTokenForOwnerStats to 
remove expired " +
                       "delegation tokens from cache and proceeding to remove", 
e);
             }
   ```
   
   Let's introduce a new `removeTokenForOwnerStats(String)` method, for example:
   
   ```
     private void removeTokenForOwnerStats(TokenIdent id) {
       String realOwner = getTokenRealOwner(id);
       removeTokenForOwnerStats(realOwner);
     }
   
     private void removeTokenForOwnerStats(String realOwner) {
       if (tokenOwnerStats.containsKey(realOwner)) {
         // unlikely to be less than 1 but in case
         if (tokenOwnerStats.get(realOwner) <= 1) {
           tokenOwnerStats.remove(realOwner);
         } else {
           tokenOwnerStats.put(realOwner, tokenOwnerStats.get(realOwner)-1);
         }
       }
     }
   ```
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to