hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Ivanov (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-13487) Hadoop KMS doesn't clean up old delegation tokens stored in Zookeeper
Date Thu, 11 Aug 2016 18:33:20 GMT
Alex Ivanov created HADOOP-13487:
------------------------------------

             Summary: Hadoop KMS doesn't clean up old delegation tokens stored in Zookeeper
                 Key: HADOOP-13487
                 URL: https://issues.apache.org/jira/browse/HADOOP-13487
             Project: Hadoop Common
          Issue Type: Bug
          Components: kms
    Affects Versions: 2.6.0
            Reporter: Alex Ivanov


Configuration:
CDH 5.5.1 (Hadoop 2.6+)
KMS configured to store delegation tokens in Zookeeper
DEBUG logging enabled in /etc/hadoop-kms/conf/kms-log4j.properties

Findings:
It seems to me delegation tokens never get cleaned up from Zookeeper past their renewal date.
I can see in the logs that the removal thread is started with the expected interval:
{code}
2016-08-11 08:15:24,511 INFO  AbstractDelegationTokenSecretManager - Starting expired delegation
token remover thread, tokenRemoverScanInterval=60 min(s)
{code}
However, I don't see any delegation token removals, indicated by the following log message:
org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager --> removeStoredToken(TokenIdent
ident), line 769 [CDH]
{code}
    if (LOG.isDebugEnabled()) {
      LOG.debug("Removing ZKDTSMDelegationToken_"
          + ident.getSequenceNumber());
    }
{code}
Meanwhile, I see a lot of expired delegation tokens in Zookeeper that don't get cleaned up.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message