hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11017) KMS delegation token secret manager should be able to use zookeeper as store
Date Sat, 20 Sep 2014 02:50:34 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14141695#comment-14141695
] 

Alejandro Abdelnur commented on HADOOP-11017:
---------------------------------------------

*SecretManager.java*:
*  the introduced constants shouldn't be here as they are not used here

*ZKDelegationTokenSecretManager.java*:
* The {{if (authType.equals("sasl")) }} has an {{else}} block, it should have an {{else if
(authType.equals("none"))}} block and the final else should throw an exception.

*DelegationTokenAuthenticationHandler.java*:
* I keep insisting that the following conf setup is not need it. Please check using KMS to
verify. Also, in case they are needed, they are wrong, the set property is always {{UPDATE_INTERVAL}}

{code}
    conf.setLong(SecretManager.UPDATE_INTERVAL,
        conf.getLong(configPrefix + SecretManager.UPDATE_INTERVAL,
            SecretManager.UPDATE_INTERVAL_DEFAULT));
    conf.setLong(SecretManager.UPDATE_INTERVAL,
        conf.getLong(configPrefix + SecretManager.MAX_LIFETIME,
            SecretManager.MAX_LIFETIME_DEFAULT));
    conf.setLong(SecretManager.UPDATE_INTERVAL,
        conf.getLong(configPrefix + SecretManager.RENEW_INTERVAL,
            SecretManager.RENEW_INTERVAL_DEFAULT));
    conf.setLong(SecretManager.UPDATE_INTERVAL, conf.getLong(
        configPrefix + SecretManager.REMOVAL_SCAN_INTERVAL,
        SecretManager.REMOVAL_SCAN_INTERVAL_DEFAULT));
{code}

+1 after these things are addressed. Please open up a follow up JIRAs for doing a KMS test
and for use a single DT_ tree in ZK.

> KMS delegation token secret manager should be able to use zookeeper as store
> ----------------------------------------------------------------------------
>
>                 Key: HADOOP-11017
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11017
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-11017.1.patch, HADOOP-11017.2.patch, HADOOP-11017.3.patch,
HADOOP-11017.4.patch, HADOOP-11017.5.patch, HADOOP-11017.6.patch, HADOOP-11017.7.patch, HADOOP-11017.WIP.patch
>
>
> This will allow supporting multiple KMS instances behind a load balancer.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message