[
https://issues.apache.org/jira/browse/YARN-2704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14363707#comment-14363707
]
Jian He commented on YARN-2704:
-------------------------------
bq. Why not guard the call of requestNewHdfsDelegationToken with
hasProxyUserPrivileges
Isn't this guarded already ? see below code
{code}
private void requestNewHdfsDelegationToken(ApplicationId applicationId,
String user, boolean shouldCancelAtEnd) throws IOException,
InterruptedException {
if (!hasProxyUserPrivileges) {
LOG.info("RM proxy-user privilege is not enabled. Skip requesting hdfs
tokens.");
return;
}
{code}
> Localization and log-aggregation will fail if hdfs delegation token expired
> after token-max-life-time
> ------------------------------------------------------------------------------------------------------
>
> Key: YARN-2704
> URL: https://issues.apache.org/jira/browse/YARN-2704
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Jian He
> Assignee: Jian He
> Priority: Critical
> Fix For: 2.6.0
>
> Attachments: YARN-2704.1.patch, YARN-2704.2.patch, YARN-2704.2.patch,
> YARN-2704.3.patch, YARN-2704.4.patch
>
>
> In secure mode, YARN requires the hdfs-delegation token to do localization
> and log aggregation on behalf of the user. But the hdfs delegation token will
> eventually expire after max-token-life-time. So, localization and log
> aggregation will fail after the token expires.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
