Created on 12-16-2019 07:52 AM - last edited on 12-21-2019 07:36 AM by ask_bill_brooks
How should I set dfs.namenode.delegation.token.renew-interval &
dfs.namenode.delegation.token.max-lifetime in gui of Cloudera Manager for HDFS ?
I have set them in advanced configuration snippets for HDFS Service Advanced Configuration Snippet ( safety valve) for hdfs-site.xml
Thanks
Created 12-16-2019 02:14 PM
Hi @GrahamB ,
Could you please share your environment information? For example, what is CM/CDH version?
Also, could you please share the details about the safety valve you added? The "HDFS Service Advanced Configuration Snippet (Safety Valve) for hdfs-site.xml" seems to be the right place. Did you make sure to deploy the client configuration after saving the changes?
You said it did not work, what do you mean exactly?
Thanks,
Li
Li Wang, Technical Solution Manager
Created 12-17-2019 12:21 AM
Created 12-18-2019 03:51 PM
Hi @GrahamB ,
I am not sure if you are modifying the right configuration to achieve your goal. I suggest you taking a look at this blog in regarding to delegation token:
https://blog.cloudera.com/hadoop-delegation-tokens-explained/
Thanks,
Li
Li Wang, Technical Solution Manager
Created 12-18-2019 10:13 PM
Created 12-20-2019 10:46 AM
Hi @GrahamB ,
You may want to download the client configuration file for HDFS service to confirm whether your changes are applied:
https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/cm_mc_client_config.html
However, my point is whether setting those two values are the right methods for the testing scenarios you are trying to achieve.
Thanks,
Li
Li Wang, Technical Solution Manager
Created 12-20-2019 11:01 AM
Created on 12-20-2019 01:02 PM - edited 12-20-2019 01:02 PM
No you don't need to wait for 24 hours to destroy a kerberos ticket you will need to run on the Kerberos server as the user
Check valid ticketTo list all of the entries in the default credentials cache
$ klist
You should have some out here
To delete the default credentials cache for the user
$ kdestroy
Then to obtain a ticket-granting ticket with a lifetime of 10 hours, which is renewable for five days, type:
$ kinit -l 10h -r 5d your_principal
HTH
Created 12-20-2019 01:03 PM
Created on 06-15-2020 10:57 PM - edited 06-15-2020 11:38 PM
Hi, I have the same experience. I set it, I see that it is kicked in:
<property>
<name>dfs.namenode.delegation.token.renew-interval</name>
<value>36000000</value>
<source>hdfs-site.xml</source>
</property>
But when submitting spark application the log still says 24h instead of 10h:
INFO - 20/06/16 07:41:40 INFO security.HadoopFSDelegationTokenProvider: Renewal interval is 86400000 for token HDFS_DELEGATION_TOKEN
Did you manage to find a solution?