[
https://issues.apache.org/jira/browse/HDFS-4477?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13628110#comment-13628110
]
Todd Lipcon commented on HDFS-4477:
-----------------------------------
Hey Daryn. I like the approach. Couple quick questions:
- it looks like the new patched code no longer actually removes the expired
tokens from the original token set when it adds them to the expiredTokens list.
Am I missing something?
- can you write a unit test for this for either the SBN in HA or for the 2NN in
non-HA? Seems like it should be reasonably straightforward to set the token
expiration time to 100millis, create a token, and make sure that the token gets
purged from the SBN's namespace.
I'm leaving on a trip for a couple weeks tonight, so may not be able to do more
rounds of review until I get back. Feel free to commit based on +1s from other
folks, though, after addressing the above.
> Secondary namenode may retain old tokens
> ----------------------------------------
>
> Key: HDFS-4477
> URL: https://issues.apache.org/jira/browse/HDFS-4477
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
> Reporter: Kihwal Lee
> Assignee: Daryn Sharp
> Priority: Critical
> Attachments: HDFS-4477.patch, HDFS-4477.patch, HDFS-4477.patch
>
>
> Upon inspection of a fsimage created by a secondary namenode, we've
> discovered it contains very old tokens. These are probably the ones that were
> not explicitly canceled. It may be related to the optimization done to avoid
> loading fsimage from scratch every time checkpointing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
