[
https://issues.apache.org/jira/browse/YARN-2798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhijie Shen updated YARN-2798:
------------------------------
Attachment: YARN-2798.2.patch
bq. I don't understand why you are using timelineHost to resolve the renewer to
be the ResourceManager.
Good catch! We should use rmHost.
In addition, it's not necessary to parse RM principal every time we request a
timeline DT, move the logic of constructing the renewer to serviceInit.
> YarnClient doesn't need to translate Kerberos name of timeline DT renewer
> -------------------------------------------------------------------------
>
> Key: YARN-2798
> URL: https://issues.apache.org/jira/browse/YARN-2798
> Project: Hadoop YARN
> Issue Type: Bug
> Components: timelineserver
> Reporter: Arpit Gupta
> Assignee: Zhijie Shen
> Priority: Blocker
> Attachments: YARN-2798.1.patch, YARN-2798.2.patch
>
>
> Now YarnClient will automatically get a timeline DT when submitting an app in
> a secure mode. It will try to parse the yarn-site.xml/core-site.xml to get
> the RM daemon operating system user. However, the RM principal and
> auth_to_local may not be properly presented to the client, and the client
> cannot translate the principal to the daemon user properly. On the other
> hand, AbstractDelegationTokenIdentifier will do this translation when create
> the token. However, since the client has already translated the full
> principal into a short user name (which may not be correct), the server can
> no longer apply the translation any more, where RM principal and
> auth_to_local are always correct.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
