|
|
@@ -701,6 +701,27 @@
|
|
|
</description>
|
|
|
</property>
|
|
|
|
|
|
+ <property>
|
|
|
+ <name>hadoop.security.token.service.use_ip</name>
|
|
|
+ <value>true</value>
|
|
|
+ <description>
|
|
|
+ Controls whether tokens always use IP addresses.
|
|
|
+ DNS changes will not be detected if this option is enabled.
|
|
|
+ Existing client connections that break will always reconnect
|
|
|
+ to the IP of the original host. New clients will connect
|
|
|
+ to the host's new IP but fail to locate a token.
|
|
|
+ Disabling this option will allow existing and new clients
|
|
|
+ to detect an IP change and continue to locate the new host's token.
|
|
|
+
|
|
|
+ In secure multi-homed environments, this parameter will need to
|
|
|
+ be set to false on both cluster servers and clients (see HADOOP-7733).
|
|
|
+ If it is not set correctly, the symptom will be inability to
|
|
|
+ submit an application to YARN from an external client
|
|
|
+ (with error "client host not a member of the Hadoop cluster"),
|
|
|
+ or even from an in-cluster client if server failover occurs.
|
|
|
+ </description>
|
|
|
+ </property>
|
|
|
+
|
|
|
<property>
|
|
|
<name>hadoop.workaround.non.threadsafe.getpwuid</name>
|
|
|
<value>true</value>
|
Akira Ajisaka