[
https://issues.apache.org/jira/browse/HDFS-2904?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13215812#comment-13215812
]
Todd Lipcon commented on HDFS-2904:
-----------------------------------
bq. I think we should not couple the idea of logical uri with the failover
proxy configuration. For example, someone might want to turnoff ha and not
provide failover proxy configurations, but the logical URIs should continue to
work.
This seems similar to your JIRA HDFS-2839, right? I don't disagree with you
that it would be nice to generalize the concept of logical URIs further, but as
it stands today, it is not general - this patch just works with the existing
design, rather than seeking to change it.
bq. In the cloneDelegationTokenForLogicalUri, should we clone one more token
for the standby as well for ha configurations?
Not sure I follow what you mean here. Before the
ConfiguredFailoverProxyProvider creates a new proxy, it calls this method to
clone the logical-service DT to the physical-address DT it's about to connect
to. So this works with any number of standby nodes.
bq. I think it is a good idea to clone a token for a logical service, to
multiple tokens with underlying service addresses. We should have it
irrespective of the failover proxy configuration i.e. whenever we have a
logical uri, we map it to actual service addresses and clone token for each.
Currently the only thing that can "map to actual service addresses" is the
proxy provider. This is similar to your #1 above. In the case of a ZK-based
failover, for example, there is no list of "actual service addresses" to
consult, unless it had explicit registration/deregistration steps.
> HA: Client support for getting delegation tokens to an HA cluster
> -----------------------------------------------------------------
>
> Key: HDFS-2904
> URL: https://issues.apache.org/jira/browse/HDFS-2904
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: ha, hdfs client, name-node, security
> Affects Versions: HA branch (HDFS-1623)
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Critical
> Attachments: hdfs-2904.txt, hdfs-2904.txt, hdfs-2904.txt, test-dt.sh
>
>
> Currently we have server-side support for delegation tokens in HA, and some
> tests to verify it, but the client throws NPEs when trying to fetch a DT.
> This is because the cluster doesn't have a single hostname, but instead a
> logical nameservice name.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
