[jira] [Commented] (HADOOP-11017) KMS delegation token secret manager should be able to use zookeeper as store

Jian He (JIRA) Mon, 22 Sep 2014 15:42:07 -0700

    [ 
https://issues.apache.org/jira/browse/HADOOP-11017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14143969#comment-14143969
 ]


Jian He commented on HADOOP-11017:
----------------------------------

this patch somehow broke RM failover where ZK NodeExistsException is thrown 
when RM tries store delegation key in the zooKeeper.  From a quick scan, seem 
RM has to use the new updateMasterKey API also ?

{code}
FATAL org.apache.hadoop.yarn.server.resourcemanager.ResourceManager: Received a 
org.apache.hadoop.yarn.server.resourcemanager.RMFatalEvent of type 
STATE_STORE_OP_FAILED. Cause:
org.apache.zookeeper.KeeperException$NodeExistsException: KeeperErrorCode = 
NodeExists
  at org.apache.zookeeper.KeeperException.create(KeeperException.java:119)      
  at org.apache.zookeeper.ZooKeeper.multiInternal(ZooKeeper.java:949)           
  at org.apache.zookeeper.ZooKeeper.multi(ZooKeeper.java:915)                   
  at 
org.apache.hadoop.yarn.server.resourcemanager.recovery.ZKRMStateStore$4.run(ZKRMStateStore.java:930)
  at 
org.apache.hadoop.yarn.server.resourcemanager.recovery.ZKRMStateStore$4.run(ZKRMStateStore.java:927)
  at 
org.apache.hadoop.yarn.server.resourcemanager.recovery.ZKRMStateStore$ZKAction.runWithCheck(ZKRMStateStore.java:1069)
  at 
org.apache.hadoop.yarn.server.resourcemanager.recovery.ZKRMStateStore$ZKAction.runWithRetries(ZKRMStateStore.java:1088)
  at 
org.apache.hadoop.yarn.server.resourcemanager.recovery.ZKRMStateStore.doMultiWithRetries(ZKRMStateStore.java:927)
  at 
org.apache.hadoop.yarn.server.resourcemanager.recovery.ZKRMStateStore.doMultiWithRetries(ZKRMStateStore.java:941)
  at 
org.apache.hadoop.yarn.server.resourcemanager.recovery.ZKRMStateStore.createWithRetries(ZKRMStateStore.java:950)
  at 
org.apache.hadoop.yarn.server.resourcemanager.recovery.ZKRMStateStore.storeRMDTMasterKeyState(ZKRMStateStore.java:820)
  at 
org.apache.hadoop.yarn.server.resourcemanager.recovery.RMStateStore.storeRMDTMasterKey(RMStateStore.java:712)
  at 
org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager.storeNewMasterKey(RMDelegationTokenSecretManager.java:88)
  at 
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.storeDelegationKey(AbstractDelegationTokenSecretManager.java:228)
  at 
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.addKey(AbstractDelegationTokenSecretManager.java:144)
  at 
org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager.recover(RMDelegationTokenSecretManager.java:185)
  at 
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.recover(ResourceManager.java:1127)
  at 
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager$RMActiveServices.serviceStart(ResourceManager.java:507)
  at org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)  
  at 
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.startActiveServices(ResourceManager.java:937)
  at 
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager$1.run(ResourceManager.java:977)
  at 
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager$1.run(ResourceManager.java:974)
  at java.security.AccessController.doPrivileged(Native Method)                 
  at javax.security.auth.Subject.doAs(Subject.java:394)                         
  at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1626)
  at 
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.transitionToActive(ResourceManager.java:974)
  at 
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1018)
  at org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)  
  at 
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1152)
{code}

> KMS delegation token secret manager should be able to use zookeeper as store
> ----------------------------------------------------------------------------
>
>                 Key: HADOOP-11017
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11017
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>             Fix For: 2.6.0
>
>         Attachments: HADOOP-11017.1.patch, HADOOP-11017.2.patch, 
> HADOOP-11017.3.patch, HADOOP-11017.4.patch, HADOOP-11017.5.patch, 
> HADOOP-11017.6.patch, HADOOP-11017.7.patch, HADOOP-11017.8.patch, 
> HADOOP-11017.9.patch, HADOOP-11017.WIP.patch
>
>
> This will allow supporting multiple KMS instances behind a load balancer.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (HADOOP-11017) KMS delegation token secret manager should be able to use zookeeper as store

Reply via email to