HADOOP-12665. Document hadoop.security.token.service.use_ip. (#3187)

Reviewed-by: Masatake Iwasaki <iwasakims@apache.org>
Reviewed-by: Chris Nauroth <cnauroth@apache.org>
(cherry picked from commit c81f82e21d)
This commit is contained in:
Akira Ajisaka 2021-07-12 10:16:13 +09:00
parent 6c7f192f0f
commit a9505cf5d1
No known key found for this signature in database
GPG Key ID: C1EDBB9CA400FD50
1 changed files with 21 additions and 0 deletions

View File

@ -655,6 +655,27 @@
</description> </description>
</property> </property>
<property>
<name>hadoop.security.token.service.use_ip</name>
<value>true</value>
<description>
Controls whether tokens always use IP addresses.
DNS changes will not be detected if this option is enabled.
Existing client connections that break will always reconnect
to the IP of the original host. New clients will connect
to the host's new IP but fail to locate a token.
Disabling this option will allow existing and new clients
to detect an IP change and continue to locate the new host's token.
In secure multi-homed environments, this parameter will need to
be set to false on both cluster servers and clients (see HADOOP-7733).
If it is not set correctly, the symptom will be inability to
submit an application to YARN from an external client
(with error "client host not a member of the Hadoop cluster"),
or even from an in-cluster client if server failover occurs.
</description>
</property>
<property> <property>
<name>hadoop.workaround.non.threadsafe.getpwuid</name> <name>hadoop.workaround.non.threadsafe.getpwuid</name>
<value>true</value> <value>true</value>