[ https://issues.apache.org/jira/browse/YARN-2704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14363707#comment-14363707 ]
Jian He commented on YARN-2704: ------------------------------- bq. Why not guard the call of requestNewHdfsDelegationToken with hasProxyUserPrivileges Isn't this guarded already ? see below code {code} private void requestNewHdfsDelegationToken(ApplicationId applicationId, String user, boolean shouldCancelAtEnd) throws IOException, InterruptedException { if (!hasProxyUserPrivileges) { LOG.info("RM proxy-user privilege is not enabled. Skip requesting hdfs tokens."); return; } {code} > Localization and log-aggregation will fail if hdfs delegation token expired > after token-max-life-time > ------------------------------------------------------------------------------------------------------ > > Key: YARN-2704 > URL: https://issues.apache.org/jira/browse/YARN-2704 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Jian He > Assignee: Jian He > Priority: Critical > Fix For: 2.6.0 > > Attachments: YARN-2704.1.patch, YARN-2704.2.patch, YARN-2704.2.patch, > YARN-2704.3.patch, YARN-2704.4.patch > > > In secure mode, YARN requires the hdfs-delegation token to do localization > and log aggregation on behalf of the user. But the hdfs delegation token will > eventually expire after max-token-life-time. So, localization and log > aggregation will fail after the token expires. -- This message was sent by Atlassian JIRA (v6.3.4#6332)