HADOOP-12665. Document hadoop.security.token.service.use_ip. (#3187)
Reviewed-by: Masatake Iwasaki <iwasakims@apache.org>
Reviewed-by: Chris Nauroth <cnauroth@apache.org>
(cherry picked from commit c81f82e21d
)
This commit is contained in:
parent
aa6a9cac72
commit
a1f90883f0
@ -692,6 +692,27 @@
|
||||
</description>
|
||||
</property>
|
||||
|
||||
<property>
|
||||
<name>hadoop.security.token.service.use_ip</name>
|
||||
<value>true</value>
|
||||
<description>
|
||||
Controls whether tokens always use IP addresses.
|
||||
DNS changes will not be detected if this option is enabled.
|
||||
Existing client connections that break will always reconnect
|
||||
to the IP of the original host. New clients will connect
|
||||
to the host's new IP but fail to locate a token.
|
||||
Disabling this option will allow existing and new clients
|
||||
to detect an IP change and continue to locate the new host's token.
|
||||
|
||||
In secure multi-homed environments, this parameter will need to
|
||||
be set to false on both cluster servers and clients (see HADOOP-7733).
|
||||
If it is not set correctly, the symptom will be inability to
|
||||
submit an application to YARN from an external client
|
||||
(with error "client host not a member of the Hadoop cluster"),
|
||||
or even from an in-cluster client if server failover occurs.
|
||||
</description>
|
||||
</property>
|
||||
|
||||
<property>
|
||||
<name>hadoop.workaround.non.threadsafe.getpwuid</name>
|
||||
<value>true</value>
|
||||
|
Loading…
Reference in New Issue
Block a user