----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61734/#review183689 -----------------------------------------------------------
core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java Lines 1083 (patched) <https://reviews.apache.org/r/61734/#comment259749> Let's just call it acquireHDFSDelegationToken() core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java Lines 1087 (patched) <https://reviews.apache.org/r/61734/#comment259756> Perform this check in submitLauncher() instead as I explained below. core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java Lines 1094 (patched) <https://reviews.apache.org/r/61734/#comment259750> I would rewrite this part a bit. If we're running on a secure cluster, then let's always create a Credentials object and call this method. By doing so we don't need this null check. core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java Lines 1100 (patched) <https://reviews.apache.org/r/61734/#comment259751> This can be deleted too core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java Lines 687 (patched) <https://reviews.apache.org/r/61734/#comment259753> Incomplete javadoc core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java Lines 697 (patched) <https://reviews.apache.org/r/61734/#comment259752> Minor: let's use {} or {0} placeholders so you don't have to concat strings. core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java Lines 699 (patched) <https://reviews.apache.org/r/61734/#comment259754> When this can be thrown? Does it mean an error that we somehow circumvent? If it is, then probably we should log something on WARN level. - Peter Bacsko On aug. 18, 2017, 1:48 du, András Piros wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61734/ > ----------------------------------------------------------- > > (Updated aug. 18, 2017, 1:48 du) > > > Review request for oozie, Peter Cseh, Peter Bacsko, and Robert Kanter. > > > Repository: oozie-git > > > Description > ------- > > In a secure environment, when both HDFS HA and log aggregation are turned on, > `JavaActionExecutor` is not able to call `YarnClient#submitApplication` since > `HDFS_DELEGATION_TOKEN` is missing. > > In those cases we need to get `HDFS_DELEGATION_TOKEN` from YARN: > > * get server principal / YARN renewer via > `HadoopAccessorService#getServerPrincipal` > * get `HDFS_DELEGATION_TOKEN` via `DFSClient#getDelegationToken` > * add `HDFS_DELEGATION_TOKEN` to `Credentials` > > > Diffs > ----- > > core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java > dc17950418ada9b4848ed5597702a29e7124ab38 > core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java > b507c79d44aa2095caf532a5f4d19d20c1a30630 > > > Diff: https://reviews.apache.org/r/61734/diff/1/ > > > Testing > ------- > > `TestJavaActionExecutor`, `TestHadoopAccessorService` > > > Thanks, > > András Piros > >
