hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Suresh Srinivas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7510) Tokens should use original hostname provided instead of ip
Date Mon, 26 Sep 2011 04:30:26 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13114454#comment-13114454

Suresh Srinivas commented on HADOOP-7510:

# FileSystem#getCanonicalServiceName() 
#* "The token will not attempt to acquire tokens if the service is null." Needs rewording.
#* getCanonicalServiceName() is poorly named and we are tightly coupling token semantics with
it. I know this is backward incompatible, but given that you have change the semantics to
return token service name, should the method name change to getTokenServiceName() or perhaps
add a new method leaving the exiting method as it is?
#* There is a link to buildDTServiceName(). It returns null service name, if the authority
name is null. Yet getCanonicalServiceName() is saying if file sytem does not implement tokens,
it returns null. Does that mean any file system that has null authority does not support tokens?
This is some what taking cache implementation that we have and trying to define the API behavior.
#* "@see {@link SecurityUtil#buildDTServiceName(URI, int)}" should be "@see SecurityUtil#buildDTServiceName(URI,
# HftpFileSystem.java - minor - You just need one copy of HftpDelegationTokenSelector and
# SecurityUtil.java
#* getTokenServiceAddr(), buildDTServiceName(), buildTokenService() should use makeSocketAddress()?
# Why is NetUtils#getConnectAddres() changed to use makeSocketAddress()?
# DFSClient.java
#* Datanodes makes use of block tokens and not delgation tokens. Do you need to call makeSocketAddr()
for datanode proxy?
# MiniDFSCluster
#* Please add detail about config param use_ip in "//NOTE: the following is only true if use_ip=true"
# HftpFileSystem.java
#* Get rid of TODO: from the comment
#* selectHdfsDelegationToken, selectHftpDelegationToken unnecessarily declares throws IOException
# TestNetUtils
#* There is not need to catch UnknownHostException and ignore it in couple of places

Additional question:
How does token cache functionality work given IP address in the URI? A token with hostname
that already exists in token cache will not match the URI that has IP address right? If so
that is a changed behavior from previous implementation.

> Tokens should use original hostname provided instead of ip
> ----------------------------------------------------------
>                 Key: HADOOP-7510
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7510
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>             Fix For:
>         Attachments: HADOOP-7510-10.patch, HADOOP-7510-2.patch, HADOOP-7510-3.patch,
HADOOP-7510-4.patch, HADOOP-7510-5.patch, HADOOP-7510-6.patch, HADOOP-7510-8.patch, HADOOP-7510-9.patch,
> Tokens currently store the ip:port of the remote server.  This precludes tokens from
being used after a host's ip is changed.  Tokens should store the hostname used to make the
RPC connection.  This will enable new processes to use their existing tokens.

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message