Hey! Yes, there were some issues about expiring tokens in a non-kerberized environment. They should be fixed in Oozie 5.0 where we don't get tokens if they are not required. By setting the renewer to "yarn" we allow the ResourceManager to renew our delegation tokens. This blogpost explains a lot about this issue: https://blog.cloudera.com/blog/2017/12/hadoop-delegation-tokens-explained/
Hope it helps, gp On Wed, Jun 13, 2018 at 5:24 PM Daminato,Josh <josh.damin...@cerner.com.invalid> wrote: > We recently ran into an issue where our launcher task attempted to kick > off map reduce jobs after the delegation token provided by Oozie had > expired. > > We found that we could increase > 'yarn.resourcemanager.delegation.token.renew-interval', but we also started > thinking that maybe it made sense for Oozie itself to renew these tokens. > > Oozie is already monitoring the Java actions that it kicks off, so we > thought why not have it also keep the delegation tokens that it provided to > that action alive while the action is still running. > > We are currently running without Kerberos enabled, and on 4.1.0 version of > Oozie. > > I fiddled around with renewing the token programmatically in the launcher > task, and was able to get it working by pretending to be the fake 'oozie mr > token' user that Oozie sets as the renewer in an insecure cluster. But > switching to that user to renew a delegation token is a hack. > > I also experimented briefly on a cluster with Kerberos enabled, and I > found that Oozie set 'yarn' as the renewer of the 'RM_DELEGATION_TOKEN'. > Not sure why this is. Will the resource manager renew this token? > > > Curious on anyones thoughts about Oozie automagically renewing the > delegation tokens that it passes to Java actions while the actions are > still running. > > > Thanks, > Josh > > > > > CONFIDENTIALITY NOTICE This message and any included attachments are from > Cerner Corporation and are intended only for the addressee. The information > contained in this message is confidential and may constitute inside or > non-public information under international, federal, or state securities > laws. Unauthorized forwarding, printing, copying, distribution, or use of > such information is strictly prohibited and may be unlawful. If you are not > the addressee, please promptly delete this message and notify the sender of > the delivery error by e-mail or you may call Cerner's corporate offices in > Kansas City, Missouri, U.S.A at (+1) (816)221-1024. > -- *Peter Cseh *| Software Engineer cloudera.com <https://www.cloudera.com> [image: Cloudera] <https://www.cloudera.com/> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> ------------------------------
