[jira] [Commented] (HDFS-2665) Viewfs changes for MAPREDUCE-3529

Mon, 12 Dec 2011 16:32:02 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-2665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13167989#comment-13167989
 ] 

Jitendra Nath Pandey commented on HDFS-2665:
--------------------------------------------

I think, option 3 is ok. It is an optimization over the existing API.
Please specify in the javadoc that if a token is found for the filesystem, the 
api returns it without verifying the expiry or renewer.
Also since Credentials class is LimitedPrivate for hdfs and mapreduce, we 
should annotate this API also with limitedprivate.
                
> Viewfs changes for MAPREDUCE-3529
> ---------------------------------
>
>                 Key: HDFS-2665
>                 URL: https://issues.apache.org/jira/browse/HDFS-2665
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 0.23.0
>            Reporter: Siddharth Seth
>            Priority: Critical
>
> ViewFs.getDelegationTokens returns a list of tokens for the associated 
> namenodes. Credentials serializes these tokens using the service name for the 
> actual namenodes. Effectively, tokens are not cached for viewfs (some more 
> details in MR 3529). Affects any job which uses the TokenCache in tasks along 
> with viewfs (some Pig jobs).
> Talk to Jitendra about this, some options
> 1. Change Credentials.getAllTokens to return the key, instead of just a token 
> list (associate the viewfs canonical name with a token in credentials)
> 2. Have viewfs issue a fake token.
> Both of these would allow for a single viewfs configuration only.
> 3. An additional API in FileSystem - something like 
> getDelegationTokens(String renewer, Credentials credentials) - which would 
> check the credentials object before making token requests to the actual 
> namenode.
> 4. An additional API in FileSystem - getCanonicalServiceNames - similar to 
> getDelegationTokens, which would return service names for the actual 
> namenodes. TokenCache/Credentials can work using this list.
> 5. have getDelegationTokens check the current UGI - and fetch tokens only if 
> they don't exist.
> Have a quick patch for 3, along with associated MR changes.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to