[
https://issues.apache.org/jira/browse/YARN-9708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583956#comment-17583956
]
ASF GitHub Bot commented on YARN-9708:
--------------------------------------
slfan1989 commented on code in PR #4746:
URL: https://github.com/apache/hadoop/pull/4746#discussion_r953266280
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/MemoryFederationStateStore.java:
##########
@@ -370,6 +385,142 @@ public GetReservationsHomeSubClusterResponse
getReservationsHomeSubCluster(
return GetReservationsHomeSubClusterResponse.newInstance(result);
}
+ @Override
+ public RouterMasterKeyResponse storeNewMasterKey(RouterMasterKeyRequest
request)
+ throws YarnException, IOException {
+
+ // Restore the DelegationKey from the request
+ RouterMasterKey masterKey = request.getRouterMasterKey();
+ ByteBuffer keyByteBuf = masterKey.getKeyBytes();
Review Comment:
Thanks for your suggestion, I will refactor this part of the code.
> Yarn Router Support DelegationToken
> -----------------------------------
>
> Key: YARN-9708
> URL: https://issues.apache.org/jira/browse/YARN-9708
> Project: Hadoop YARN
> Issue Type: New Feature
> Components: router
> Affects Versions: 3.1.1
> Reporter: Xie YiFan
> Assignee: fanshilun
> Priority: Minor
> Labels: pull-request-available
> Attachments: Add_getDelegationToken_and_SecureLogin_in_router.patch,
> RMDelegationTokenSecretManager_storeNewMasterKey.svg,
> RouterDelegationTokenSecretManager_storeNewMasterKey.svg
>
>
> 1.we use router as proxy to manage multiple cluster which be independent of
> each other in order to apply unified client. Thus, we implement our
> customized AMRMProxyPolicy that doesn't broadcast ResourceRequest to other
> cluster.
> 2.Our production environment need kerberos. But router doesn't support
> SecureLogin for now.
> https://issues.apache.org/jira/browse/YARN-6539 desn't work. So we
> improvement it.
> 3.Some framework like oozie would get Token via yarnclient#getDelegationToken
> which router doesn't support. Our solution is that adding homeCluster to
> ApplicationSubmissionContextProto & GetDelegationTokenRequestProto. Job would
> be submitted with specified clusterid so that router knows which cluster to
> submit this job. Router would get Token from one RM according to specified
> clusterid when client call getDelegation meanwhile apply some mechanism to
> save this token in memory.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
