Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-15390. Yarn RM logs flooded by DelegationTokenRenewer trying to renew KMS tokens (xiaochen via rkanter) 

(cherry picked from commit 7ab08a9c37)
This commit is contained in:
Robert Kanter 2018-04-23 15:44:15 -07:00
parent caf4d5000e
commit ea7ad50499
3 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSTokenRenewer.java
View File

@ -58,9 +58,9 @@ public class KMSTokenRenewer extends TokenRenewer {
try {
if (!(keyProvider instanceof
KeyProviderDelegationTokenExtension.DelegationTokenExtension)) {
LOG.warn("keyProvider {} cannot renew token {}.",
keyProvider == null ? "null" : keyProvider.getClass(), token);
return 0;
throw new IOException(String
.format("keyProvider %s cannot renew token [%s]",
keyProvider == null ? "null" : keyProvider.getClass(), token));
}
return ((KeyProviderDelegationTokenExtension.DelegationTokenExtension)
keyProvider).renewDelegationToken(token);
@ -78,9 +78,9 @@ public class KMSTokenRenewer extends TokenRenewer {
try {
if (!(keyProvider instanceof
KeyProviderDelegationTokenExtension.DelegationTokenExtension)) {
LOG.warn("keyProvider {} cannot cancel token {}.",
keyProvider == null ? "null" : keyProvider.getClass(), token);
return;
throw new IOException(String
.format("keyProvider %s cannot cancel token [%s]",
keyProvider == null ? "null" : keyProvider.getClass(), token));
}
((KeyProviderDelegationTokenExtension.DelegationTokenExtension)
keyProvider).cancelDelegationToken(token);

4
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/DelegationTokenRenewer.java
View File

@ -592,6 +592,10 @@ public class DelegationTokenRenewer extends AbstractService {
throws IOException {
// calculate timer time
long expiresIn = token.expirationDate - System.currentTimeMillis();
if (expiresIn <= 0) {
LOG.info("Will not renew token " + token);
return;
}
long renewIn = token.expirationDate - expiresIn/10; // little bit before the expiration
// need to create new task every time
RenewalTimerTask tTask = new RenewalTimerTask(token);

19
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/security/TestDelegationTokenRenewer.java
View File

@ -20,6 +20,7 @@ package org.apache.hadoop.yarn.server.resourcemanager.security;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.doAnswer;
@ -1401,4 +1402,22 @@ public class TestDelegationTokenRenewer {
.contains(YarnConfiguration.RM_DELEGATION_TOKEN_MAX_CONF_SIZE));
}
}
// Test if the token renewer returned an invalid expiration time, that token's
// renewal should be ignored.
@Test
public void testTokenRenewerInvalidReturn() throws Exception {
DelegationTokenToRenew mockDttr = mock(DelegationTokenToRenew.class);
mockDttr.expirationDate = 0;
delegationTokenRenewer.setTimerForTokenRenewal(mockDttr);
assertNull(mockDttr.timerTask);
mockDttr.expirationDate = -1;
delegationTokenRenewer.setTimerForTokenRenewal(mockDttr);
assertNull(mockDttr.timerTask);
mockDttr.expirationDate = System.currentTimeMillis() - 1;
delegationTokenRenewer.setTimerForTokenRenewal(mockDttr);
assertNull(mockDttr.timerTask);
}
}