hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kihwal Lee (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
Date Fri, 16 Aug 2013 21:19:49 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13742613#comment-13742613
] 

Kihwal Lee commented on HADOOP-9880:
------------------------------------

bq. However, the client-side does know how to deal with StandbyException (ie it tries on the
other side). So we need to fix the client side to catch the InvalidToken unwrap the cause
and then retry.

Isn't this patch already unwrap InvalidToken from server and throw the cause if it is set?
So I thought clients would get StandbyException. Please correct me if I am wrong.

I've deployed a secure HA cluster with this patch and it appears to be working.
                
> SASL changes from HADOOP-9421 breaks Secure HA NN 
> --------------------------------------------------
>
>                 Key: HADOOP-9880
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9880
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.1.0-beta
>            Reporter: Kihwal Lee
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9880.patch
>
>
> buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. When create()
is called against it, secretManager.checkAvailableForRead() is called, which fails in HA standby.
Thus HA standby nodes cannot be transitioned to active.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message