[ 
https://issues.apache.org/jira/browse/YARN-2449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14114911#comment-14114911
 ] 

Zhijie Shen commented on YARN-2449:
-----------------------------------

The patch should work, but we can improve the logic a bit.

{code}
-    if (!actualInitializers.equals(initializers)) {
+    if (!actualInitializers.equals(initializers) || modifiedInitialiers) {
{code}

We can set modifiedInitialiers = true when 
TimelineAuthenticationFilterInitializer is added and 
AuthenticationFilterInitializer is skipped. These are only two possible changes.

Then, we don't need to check !actualInitializers.equals(initializers) , but 
only modifiedInitialiers in the aforementioned condition.

Can you add one more case:
{code}
+    driver.put("", TimelineAuthenticationFilterInitializer.class.getName());
{code}

> Timelineserver returns invalid Delegation token in secure kerberos enabled 
> cluster when hadoop.http.filter.initializers are not set
> -----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-2449
>                 URL: https://issues.apache.org/jira/browse/YARN-2449
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: timelineserver
>    Affects Versions: 2.6.0
>         Environment: Deploy security enabled cluster is ATS also enabled and 
> running, but no hadoop.http.filter.initializers set in core-site.xml
>            Reporter: Karam Singh
>            Assignee: Varun Vasudev
>            Priority: Critical
>         Attachments: apache-yarn-2449.0.patch
>
>
> Timelineserver returns invalid Delegation token in secure kerberos enabled 
> cluster when hadoop.http.filter.initializers are not set
> Looks in it is regression from YARN-2397
> After YARN-2397. when no hadoop.http.filter.initializers is set
> Now when try fetch DELEGATION token from timelineserver, it returns invalid 
> token
> Tried to fetch timeline delegation by using curl commands :
> {code}
> 1. curl -i -k -s -b 'timeline-cookie.txt' 
> 'http://atshost:8188/ws/v1/timeline?op=GETDELEGATIONTOKEN&renewer=hrt_qa'
> Or
> 2. curl -i -k -s --negotiate -u : 
> 'http://atshost:8188/ws/v1/timeline?op=GETDELEGATIONTOKEN&renewer=test_user'
> {code}
> Return response is for both queries: 
> {code}
> {"About":"Timeline API"}
> {code}
> Whereas before YARN-2397 or if you set hadoop.http.filter.initializers = 
> TimelineAuthenticationFilterInitializer or AuthenticationFilterInitializer
> First query returns DT and Second used to fail



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to