[jira] [Commented] (OOZIE-1362) RM token renewer as full service principal is incompatible with hadoop-1

Tue, 14 May 2013 15:01:19 -0700 

    [ 
https://issues.apache.org/jira/browse/OOZIE-1362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13657575#comment-13657575
 ] 

Rohini Palaniswamy commented on OOZIE-1362:
-------------------------------------------

bq. you are putting "yarn/_HOST@LOCALREALM"->"yarn/11.00.23.56@LOCALREALM" into 
the mrTokenRenewers, right? 
   Yes. 

bq. Can you point me to the link in apache github in hadoop-1 where it used the 
auth_to_local to do what you showed above?

http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.0/src/core/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java?revision=1206848&view=markup

{code}
public AbstractDelegationTokenIdentifier(Text owner, Text renewer, Text 
realUser) {
KerberosName renewerKrbName = new KerberosName(renewer.toString());
this.renewer = new Text(renewerKrbName.getShortName());
...
}
{code}

So even if the renewer is set as yarn/11.00.23.56@LOCALREALM, and if there was 
a auth_to_local mapping yarn -> mapred, it will become mapred and the 
delegation token will have the renewer as mapred and not 
yarn/11.00.23.56@LOCALREALM. 

In 1.x, JT only used to renew the NN delegation tokens. It was not able to 
renew its own tokens and oozie did not call renewDelegationToken either. In 
Hadoop 2, we fixed it so that RM can renew its own tokens. Wondering if it was 
fixed in 1.x later. Do you have the full stack trace which shows where the 
JobTracker.renewDelegationToken call came from? Before the older patch, Oozie 
used to set it to a dummy value which had no relevance and it had no issues as 
the token was never renewed. So it should not matter now that we are setting 
yarn/11.00.23.56@LOCALREALM.

                
> RM token renewer as full service principal is incompatible with hadoop-1
> ------------------------------------------------------------------------
>
>                 Key: OOZIE-1362
>                 URL: https://issues.apache.org/jira/browse/OOZIE-1362
>             Project: Oozie
>          Issue Type: Bug
>            Reporter: Bowen Zhang
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to