Tarun Parimi created YARN-10816: ----------------------------------- Summary: Avoid doing delegation token ops when yarn.timeline-service.http-authentication.type=simple Key: YARN-10816 URL: https://issues.apache.org/jira/browse/YARN-10816 Project: Hadoop YARN Issue Type: Bug Components: timelineclient Affects Versions: 3.4.0 Reporter: Tarun Parimi Assignee: Tarun Parimi
YARN-10339 introduced changes to ensure that PseudoAuthenticationHandler is used in TimelineClient when yarn.timeline-service.http-authentication.type=simple PseudoAuthenticationHandler doesn't support delegation token ops like get, renew and cancel since those ops strictly require SPNEGO auth to work. We don't use timeline delegation tokens when simple auth is used. Prior to YARN-10339, Timeline delegation tokens were unnecessarily used when yarn.timeline-service.http-authentication.type=simple, but hadoop security was enabled. After YARN-10339, the tokens are not used when yarn.timeline-service.http-authentication.type=simple. In a rolling upgrade scenario, we can have a client which doesn't have YARN-10339 changes submitting an application and requests a Timeline delegation token even when yarn.timeline-service.http-authentication.type=simple. RM on the other hand can have YARN-10339 changes and so will result in error while trying to renew the token with PseudoAuthenticationHandler. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org