giraph-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eugene Koontz (JIRA)" <>
Subject [jira] [Updated] (GIRAPH-212) Security is busted since GIRAPH-168
Date Fri, 29 Jun 2012 20:41:44 GMT


Eugene Koontz updated GIRAPH-212:

    Attachment: GIRAPH-212.patch

This patch allows Giraph to run on a secure Hadoop 1.0 install. The problem was that Hadoop
1.0 does indeed use SASL authentication at the RPC layer, and this was wrongly being omitted
by GIRAPH-168. This patch fixes the problem by removing the HADOOP_NON_SASL_RPC munge flag,
so that SASL with Hadoop RPC is activated for all secure profiles.

It also reduces the usage of munge by moving secure rpc-related code from the existing RPCCommunications
class to a new  SecureRPCCommunications class that is omitted from compilation in non-secure
profiles (hadoop_non_secure, hadoop_facebook).

A new HADOOP_NON_JOBCONTEXT_IS_INTERFACE munge flag is used to make a distinction that was
formerly covered by HADOOP_NON_SASL_RPC. This new flag distinguishes the Hadoop 1.0 and earlier
set of profiles (hadoop_non_secure, hadoop_0.20.203 and hadoop_1.0) on the one hand, and Facebook
and 2.0+ profiles, on the other (hadoop_facebook, hadoop_2.0.0, hadoop_trunk). 

Passes mvn -PX clean verify for all X:{hadoop_non_secure, hadoop_0.20.203, hadoop_1.0,hadoop_2.0.0,hadoop_trunk}.

Still getting some test errors for hadoop_facebook which I am investigating.
> Security is busted since GIRAPH-168
> -----------------------------------
>                 Key: GIRAPH-212
>                 URL:
>             Project: Giraph
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 0.2.0
>            Reporter: Jakob Homan
>            Assignee: Jakob Homan
>            Priority: Critical
>             Fix For: 0.2.0
>         Attachments: GIRAPH-212.patch, core-site.xml, hdfs-site.xml, mapred-site.xml
> As reported on the mailing list and verified here on our clusters, something's gone screwy
with Giraph jobs on secure hadoop.  I reverted back before GIRAPH-168 and this goes away,
although I've not found out what it is yet (and may not be 168).  
> RPC clients are trying to open connections with the wrong configuration relative to the

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message