Jason Lowe created YARN-3103:
Summary: AMRMClientImpl does not update AMRM token properly
Project: Hadoop YARN
Issue Type: Bug
Affects Versions: 2.6.0
Reporter: Jason Lowe
Assignee: Jason Lowe
AMRMClientImpl.updateAMRMToken updates the token service _before_ storing it to
the credentials, so the token is mapped using the newly updated service rather
than the empty service that was used when the RM created the original AMRM
token. This leads to two AMRM tokens in the credentials and can still fail if
the AMRMTokenSelector picks the wrong one.
In addition the AMRMClientImpl grabs the login user rather than the current
user when security is enabled, so it's likely the UGI being updated is not the
UGI that will be used when reconnecting to the RM.
The end result is that AMs can fail with invalid token errors when trying to
reconnect to an RM after a new AMRM secret has been activated.
This message was sent by Atlassian JIRA