[jira] [Commented] (YARN-2798) YarnClient doesn't need to translate Kerberos name of timeline DT renewer

Tue, 04 Nov 2014 03:52:43 -0800 

    [ 
https://issues.apache.org/jira/browse/YARN-2798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14196020#comment-14196020
 ] 

Hudson commented on YARN-2798:
------------------------------

SUCCESS: Integrated in Hadoop-Yarn-trunk #733 (See 
[https://builds.apache.org/job/Hadoop-Yarn-trunk/733/])
YARN-2798. Fixed YarnClient to populate the renewer correctly for Timeline 
delegation tokens. Contributed by Zhijie Shen. (vinodkv: rev 
71fbb474f531f60c5d908cf724f18f90dfd5fa9f)
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/security/TestYARNTokenIdentifier.java
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestYarnClient.java
* hadoop-yarn-project/CHANGES.txt
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/YarnClientImpl.java


> YarnClient doesn't need to translate Kerberos name of timeline DT renewer
> -------------------------------------------------------------------------
>
>                 Key: YARN-2798
>                 URL: https://issues.apache.org/jira/browse/YARN-2798
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: timelineserver
>            Reporter: Arpit Gupta
>            Assignee: Zhijie Shen
>            Priority: Blocker
>             Fix For: 2.6.0
>
>         Attachments: YARN-2798.1.patch, YARN-2798.2.patch
>
>
> Now YarnClient will automatically get a timeline DT when submitting an app in 
> a secure mode. It will try to parse the yarn-site.xml/core-site.xml to get 
> the RM daemon operating system user. However, the RM principal and 
> auth_to_local may not be properly presented to the client, and the client 
> cannot translate the principal to the daemon user properly. On the other 
> hand, AbstractDelegationTokenIdentifier will do this translation when create 
> the token. However, since the client has already translated the full 
> principal into a short user name (which may not be correct), the server can 
> no longer apply the translation any more, where RM principal and 
> auth_to_local are always correct.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to