HADOOP-12665. Document hadoop.security.token.service.use_ip. (#3187)

Reviewed-by: Masatake Iwasaki <iwasakims@apache.org>
Reviewed-by: Chris Nauroth <cnauroth@apache.org>
(cherry picked from commit c81f82e21d)
This commit is contained in:
Akira Ajisaka 2021-07-12 10:16:13 +09:00
parent aa6a9cac72
commit a1f90883f0
No known key found for this signature in database
GPG Key ID: C1EDBB9CA400FD50

View File

@ -692,6 +692,27 @@
</description> </description>
</property> </property>
<property>
<name>hadoop.security.token.service.use_ip</name>
<value>true</value>
<description>
Controls whether tokens always use IP addresses.
DNS changes will not be detected if this option is enabled.
Existing client connections that break will always reconnect
to the IP of the original host. New clients will connect
to the host's new IP but fail to locate a token.
Disabling this option will allow existing and new clients
to detect an IP change and continue to locate the new host's token.
In secure multi-homed environments, this parameter will need to
be set to false on both cluster servers and clients (see HADOOP-7733).
If it is not set correctly, the symptom will be inability to
submit an application to YARN from an external client
(with error "client host not a member of the Hadoop cluster"),
or even from an in-cluster client if server failover occurs.
</description>
</property>
<property> <property>
<name>hadoop.workaround.non.threadsafe.getpwuid</name> <name>hadoop.workaround.non.threadsafe.getpwuid</name>
<value>true</value> <value>true</value>