[ https://issues.apache.org/jira/browse/YARN-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13647914#comment-13647914 ]
Jian He commented on YARN-638: ------------------------------ Simply adding RMDelegationTokens back to DelegationTokenSecretManager is not enough. We also need to store the master keys, since renewToken method is using corresponding key of token to generate new password and verify the client is renewing token with correct password. The current solution for restoring RMDelegationTokens is to add a separate RMDelegationSecrectManagerStore in RMStateStore. What it does is to save the token and the master key whenever they are generated, and remove the states when token expires and key is rolled over > Add RMDelegationTokens back to DelegationTokenSecretManager after RM Restart > ---------------------------------------------------------------------------- > > Key: YARN-638 > URL: https://issues.apache.org/jira/browse/YARN-638 > Project: Hadoop YARN > Issue Type: Sub-task > Components: resourcemanager > Reporter: Jian He > Assignee: Jian He > Attachments: YARN-638.1.patch > > > This is missed in YARN-581. After RM restart, RMDelegationTokens need to be > added both in DelegationTokenRenewer (addressed in YARN-581), and > delegationTokenSecretManager -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira