[
https://issues.apache.org/jira/browse/YARN-10816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tarun Parimi updated YARN-10816:
--------------------------------
Attachment: YARN-10816.001.patch
> Avoid doing delegation token ops when
> yarn.timeline-service.http-authentication.type=simple
> -------------------------------------------------------------------------------------------
>
> Key: YARN-10816
> URL: https://issues.apache.org/jira/browse/YARN-10816
> Project: Hadoop YARN
> Issue Type: Bug
> Components: timelineclient
> Affects Versions: 3.4.0
> Reporter: Tarun Parimi
> Assignee: Tarun Parimi
> Priority: Major
> Attachments: YARN-10816.001.patch
>
>
> YARN-10339 introduced changes to ensure that PseudoAuthenticationHandler is
> used in TimelineClient when
> yarn.timeline-service.http-authentication.type=simple
> PseudoAuthenticationHandler doesn't support delegation token ops like get,
> renew and cancel since those ops strictly require SPNEGO auth to work. We
> don't use timeline delegation tokens when simple auth is used.
> Prior to YARN-10339, Timeline delegation tokens were unnecessarily used when
> yarn.timeline-service.http-authentication.type=simple, but hadoop security
> was enabled. After YARN-10339, the tokens are not used when
> yarn.timeline-service.http-authentication.type=simple.
> In a rolling upgrade scenario, we can have a client which doesn't have
> YARN-10339 changes submitting an application and requests a Timeline
> delegation token even when
> yarn.timeline-service.http-authentication.type=simple. RM on the other hand
> can have YARN-10339 changes and so will result in error while trying to renew
> the token with PseudoAuthenticationHandler.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
