hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kihwal Lee (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
Date Wed, 19 Feb 2014 22:57:19 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13741810#comment-13741810
] 

Kihwal Lee edited comment on HADOOP-9880 at 2/19/14 10:55 PM:
--------------------------------------------------------------

This is slightly more appealing hack than HDFS-3083.

I've moved the call to the NN-specific {{checkAvailableForRead}} from the RPC layer into the
NN's secret manager so it's only called when token auth is being performed.

However, the current method signatures only allow {{InvalidToken}} to be thrown.  So rather
than change a bunch of signatures that may impact other projects, I've tunneled the {{StandyException}}
in the cause of an {{InvalidToken}}.  The RPC server will unwrap the nested exception..


was (Author: daryn):
This is slightly more appealing hack than HDFS-3083.

I've moved the call to the NN-specific {{checkAvailableForRead}} from the RPC layer into the
NN's secret manager so it's only called when token auth is being performed.

However, the current method signatures only allow {{InvalidToken}} to be thrown.  So rather
than change a bunch of signatures that may impact other projects, I've tunneled the {{StandyException}}
in the cause of an {{InvalidToken}}.  The RPC server will unwrap the nested exception.

> SASL changes from HADOOP-9421 breaks Secure HA NN 
> --------------------------------------------------
>
>                 Key: HADOOP-9880
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9880
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.1.0-beta
>            Reporter: Kihwal Lee
>            Assignee: Daryn Sharp
>            Priority: Blocker
>             Fix For: 2.1.1-beta
>
>         Attachments: HADOOP-9880.patch
>
>
> buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. When create()
is called against it, secretManager.checkAvailableForRead() is called, which fails in HA standby.
Thus HA standby nodes cannot be transitioned to active.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message