Tarun Parimi created YARN-10816:
-----------------------------------
Summary: Avoid doing delegation token ops when
yarn.timeline-service.http-authentication.type=simple
Key: YARN-10816
URL: https://issues.apache.org/jira/browse/YARN-10816
Project: Hadoop YARN
Issue Type: Bug
Components: timelineclient
Affects Versions: 3.4.0
Reporter: Tarun Parimi
Assignee: Tarun Parimi
YARN-10339 introduced changes to ensure that PseudoAuthenticationHandler is
used in TimelineClient when
yarn.timeline-service.http-authentication.type=simple
PseudoAuthenticationHandler doesn't support delegation token ops like get,
renew and cancel since those ops strictly require SPNEGO auth to work. We don't
use timeline delegation tokens when simple auth is used.
Prior to YARN-10339, Timeline delegation tokens were unnecessarily used when
yarn.timeline-service.http-authentication.type=simple, but hadoop security was
enabled. After YARN-10339, the tokens are not used when
yarn.timeline-service.http-authentication.type=simple.
In a rolling upgrade scenario, we can have a client which doesn't have
YARN-10339 changes submitting an application and requests a Timeline delegation
token even when yarn.timeline-service.http-authentication.type=simple. RM on
the other hand can have YARN-10339 changes and so will result in error while
trying to renew the token with PseudoAuthenticationHandler.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
