[
https://issues.apache.org/jira/browse/YARN-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13647914#comment-13647914
]
Jian He commented on YARN-638:
------------------------------
Simply adding RMDelegationTokens back to DelegationTokenSecretManager is not
enough. We also need to store the master keys, since renewToken method is using
corresponding key of token to generate new password and verify the client is
renewing token with correct password.
The current solution for restoring RMDelegationTokens is to add a separate
RMDelegationSecrectManagerStore in RMStateStore. What it does is to save the
token and the master key whenever they are generated, and remove the states
when token expires and key is rolled over
> Add RMDelegationTokens back to DelegationTokenSecretManager after RM Restart
> ----------------------------------------------------------------------------
>
> Key: YARN-638
> URL: https://issues.apache.org/jira/browse/YARN-638
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: resourcemanager
> Reporter: Jian He
> Assignee: Jian He
> Attachments: YARN-638.1.patch
>
>
> This is missed in YARN-581. After RM restart, RMDelegationTokens need to be
> added both in DelegationTokenRenewer (addressed in YARN-581), and
> delegationTokenSecretManager
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
