K0K0V0K opened a new pull request, #8194: URL: https://github.com/apache/hadoop/pull/8194
### Description of PR Problem Statement: I have a scenario where I need to migrate a YARN cluster to a FIPS 140-3–compatible environment. For this, the AMRMTokenSecretManager must use secrets that are at least 112 bits long. By default, the secret length is 64 bits. When I modify the key size and restart the cluster with recovery enabled, the state store reloads the old secret, which has a default lifetime of 24 hours. As a result, even though the cluster is configured to operate in FIPS 140-3–compatible mode, it continues to use a non-compliant secret. Solution: When the ResourceManager recovers, it should validate the secret size stored in the state store. If the stored secret size differs from the configured value, the secret should be forcibly regenerated and updated. ### How was this patch tested? - Through manual testing, I verified that HIVE applications can run successfully both before and after the configuration change. - UT was created. ### AI Tooling ChatGPT to check grammar in the commit message -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
