hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haohui Mai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11754) RM fails to start in non-secure mode due to authentication filter failure
Date Fri, 27 Mar 2015 19:25:55 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14384455#comment-14384455
] 

Haohui Mai commented on HADOOP-11754:
-------------------------------------

bq. I'm not sure why we want to prevent using the random secret in the secure mode. 

This is for fallback only. The behavior is consistent with the previous behavior. The authentication
filter bails out when the secret is not found. This is true for both RM and other users of
the authentication filters.

bq. As is mentioned above, it's an incompatible semantics change, which will break RM web
interface and timeline server secure deployment. 

Can you be more specific? What are the behaviors before and after the changes?

bq. To be specific, timeline server never has a default secret file before. This patch will
forces it to have one.

I'm confused. What does timeline server has to do with {{RMFilterInitializer}}? I think it
is a separate issue and we can look at it in a separate jira.

> RM fails to start in non-secure mode due to authentication filter failure
> -------------------------------------------------------------------------
>
>                 Key: HADOOP-11754
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11754
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.7.0
>            Reporter: Sangjin Lee
>            Assignee: Haohui Mai
>            Priority: Blocker
>         Attachments: HADOOP-11754-v1.patch, HADOOP-11754-v2.patch, HADOOP-11754.000.patch,
HADOOP-11754.001.patch
>
>
> RM fails to start in the non-secure mode with the following exception:
> {noformat}
> 2015-03-25 22:02:42,526 WARN org.mortbay.log: failed RMAuthenticationFilter: javax.servlet.ServletException:
java.lang.RuntimeException: Could not read signature secret file: /Users/sjlee/hadoop-http-auth-signature-secret
> 2015-03-25 22:02:42,526 WARN org.mortbay.log: Failed startup of context org.mortbay.jetty.webapp.WebAppContext@6de50b08{/,jar:file:/Users/sjlee/hadoop-3.0.0-SNAPSHOT/share/hadoop/yarn/hadoop-yarn-common-3.0.0-SNAPSHOT.jar!/webapps/cluster}
> javax.servlet.ServletException: java.lang.RuntimeException: Could not read signature
secret file: /Users/sjlee/hadoop-http-auth-signature-secret
> 	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeSecretProvider(AuthenticationFilter.java:266)
> 	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:225)
> 	at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.init(DelegationTokenAuthenticationFilter.java:161)
> 	at org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.init(RMAuthenticationFilter.java:53)
> 	at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
> 	at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> 	at org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
> 	at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
> 	at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
> 	at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
> 	at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
> 	at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> 	at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
> 	at org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
> 	at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> 	at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
> 	at org.mortbay.jetty.Server.doStart(Server.java:224)
> 	at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> 	at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:773)
> 	at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:274)
> 	at org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.startWepApp(ResourceManager.java:974)
> 	at org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1074)
> 	at org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)
> 	at org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1208)
> Caused by: java.lang.RuntimeException: Could not read signature secret file: /Users/sjlee/hadoop-http-auth-signature-secret
> 	at org.apache.hadoop.security.authentication.util.FileSignerSecretProvider.init(FileSignerSecretProvider.java:59)
> 	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeSecretProvider(AuthenticationFilter.java:264)
> 	... 23 more
> ...
> 2015-03-25 22:02:42,538 FATAL org.apache.hadoop.yarn.server.resourcemanager.ResourceManager:
Error starting ResourceManager
> org.apache.hadoop.yarn.webapp.WebAppException: Error starting http server
> 	at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:279)
> 	at org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.startWepApp(ResourceManager.java:974)
> 	at org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1074)
> 	at org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)
> 	at org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1208)
> Caused by: java.io.IOException: Problem in starting http server. Server handlers failed
> 	at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:785)
> 	at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:274)
> 	... 4 more
> {noformat}
> This is likely a regression introduced by HADOOP-10670.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message