[jira] [Comment Edited] (HADOOP-14987) Improve KMSClientProvider log around delegation token checking

2017-11-02 Thread Xiao Chen (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-14987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16236717#comment-16236717
 ] 

Xiao Chen edited comment on HADOOP-14987 at 11/2/17 10:35 PM:
--

IIRC technically you can review my patch to make it legit. It's just we cannot 
self +1. 

(It seems there's a checkstyle too... I can fix that tonight if you didn't beat 
me to it)


was (Author: xiaochen):
IIRC technically you can review my patch to make it legit. It's just we cannot 
self +1. 

> Improve KMSClientProvider log around delegation token checking
> --
>
> Key: HADOOP-14987
> URL: https://issues.apache.org/jira/browse/HADOOP-14987
> Project: Hadoop Common
>  Issue Type: Improvement
>Affects Versions: 2.7.3
>Reporter: Xiaoyu Yao
>Assignee: Xiaoyu Yao
>Priority: Major
> Attachments: HADOOP-14987.001.patch, HADOOP-14987.002.patch, 
> HADOOP-14987.003.patch, HADOOP-14987.004.patch, HADOOP-14987.005.patch
>
>
> KMSClientProvider#containsKmsDt uses SecurityUtil.buildTokenService(addr) to 
> build the key to look for KMS-DT from the UGI's token map. The token lookup 
> key here varies depending  on the KMSClientProvider's configuration value for 
> hadoop.security.token.service.use_ip. In certain cases, the token obtained 
> with non-matching hadoop.security.token.service.use_ip setting will not be 
> recognized by KMSClientProvider. This ticket is opened to improve logs for 
> troubleshooting KMS delegation token related issues like this.  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Comment Edited] (HADOOP-14987) Improve KMSClientProvider log around delegation token checking

2017-10-30 Thread Xiao Chen (JIRA) 

[ 
https://issues.apache.org/jira/browse/HADOOP-14987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16225846#comment-16225846
 ] 

Xiao Chen edited comment on HADOOP-14987 at 10/30/17 10:19 PM:
---

Thanks Xiaoyu for revving. Output and code looks good.

I was proposing we add {{@InterfaceAudience.Private}} to the new UGI logging 
methods, and {{@Deprecated}} to the one you wanted to remove.

{code}
   // TODO: KMSConfiguration.HTTP_PORT_DEFAULT (9600) is defined in
   // hadoop-kms module, hard code here to avoid introducing dependency.
   int kmsPort = (kmsUrl.getPort() == -1) ? 9600: kmsUrl.getPort();
{code}
Could you explain why we need the change here? 


was (Author: xiaochen):
Thanks Xiaoyu for revving.

I was proposing we add {{@InterfaceAudience.Private}} to the new UGI logging 
methods, and {{@Deprecated}} to the one you wanted to remove.

{code}
   // TODO: KMSConfiguration.HTTP_PORT_DEFAULT (9600) is defined in
   // hadoop-kms module, hard code here to avoid introducing dependency.
   int kmsPort = (kmsUrl.getPort() == -1) ? 9600: kmsUrl.getPort();
{code}
Could you explain why we need the change here? 

> Improve KMSClientProvider log around delegation token checking
> --
>
> Key: HADOOP-14987
> URL: https://issues.apache.org/jira/browse/HADOOP-14987
> Project: Hadoop Common
>  Issue Type: Improvement
>Affects Versions: 2.7.3
>Reporter: Xiaoyu Yao
>Assignee: Xiaoyu Yao
> Attachments: HADOOP-14987.001.patch, HADOOP-14987.002.patch
>
>
> KMSClientProvider#containsKmsDt uses SecurityUtil.buildTokenService(addr) to 
> build the key to look for KMS-DT from the UGI's token map. The token lookup 
> key here varies depending  on the KMSClientProvider's configuration value for 
> hadoop.security.token.service.use_ip. In certain cases, the token obtained 
> with non-matching hadoop.security.token.service.use_ip setting will not be 
> recognized by KMSClientProvider. This ticket is opened to improve logs for 
> troubleshooting KMS delegation token related issues like this.  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org