Ahmed Hussein created HADOOP-17368: -------------------------------------- Summary: Zookeeper secret manager attempts to reuse token sequence numbers Key: HADOOP-17368 URL: https://issues.apache.org/jira/browse/HADOOP-17368 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Ahmed Hussein Assignee: Ahmed Hussein
[~daryn] reported that the ZK delegation token secret manager uses a {{SharedCounter}} to synchronize increments of a monotonically increasing sequence number for new tokens. Yet the KMS logs occasionally, depending on load, contains an odd error indicating collisions: {code:bash} org.apache.zookeeper.KeeperException$NodeExistsException: KeeperErrorCode = NodeExists for /zkdtsm/ZKDTSMRoot/ZKDTSMTokensRoot/DT_137547444 {code} ZKDTSM does a CAS get and set of the sequence number. Rather than return the value it set, it returns the current value which may have already been incremented by another KMS. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org