dpengpeng commented on PR #18664: URL: https://github.com/apache/flink/pull/18664#issuecomment-2286470231
> The token framework stores everything in-memory and it's not compatible with `HADOOP_TOKEN_FILE_LOCATION`. Such case the new container will load the file content with old tokens (YARN can keep them valid for 7 days). When the TM container then registers itself at the JM then it receives a new initial token set. When there is an HDFS access between these 2 steps then it will blow up. > > My suggestion is to either use Flink delegation token framework or use external token management which is for example `HADOOP_TOKEN_FILE_LOCATION`. > > I encourage you to either use the mailing list or slack. @gaborgsomogyi Hello,Thank you for your response. I have subscribed and sent an email to [email protected], but there has been no response for several days. I would like to consult whether your new delegation framework can solve scenarios where YARN containers fail to start when the HDFS delegation token expiring after 7 days. The phenomenon indicates that the delegation token is used when starting the container. I am using Flink's default Kerberos feature (security.kerberos.fetch.delegation-token=true), and I have not specified the use of external token management, such as HADOOP_TOKEN_FILE_LOCATION. I have now merged your code from the link provided(https://issues.apache.org/jira/browse/FLINK-21232), but I have not seen any effect. Could you please explain how the new framework takes effect during container startup? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
