hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Yoder (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11934) Use of JavaKeyStoreProvider in LdapGroupsMapping causes infinite loop
Date Thu, 07 May 2015 16:20:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14532932#comment-14532932
] 

Mike Yoder commented on HADOOP-11934:
-------------------------------------

Sorry, it's not in the log.  The log shows

{noformat}
STARTUP_MSG:   java = 1.7.0_67
************************************************************/
2015-05-06 17:00:26,732 INFO org.apache.hadoop.hdfs.server.namenode.NameNode: registered UNIX
signal handlers for [TERM, HUP, INT]
2015-05-06 17:00:26,742 INFO org.apache.hadoop.hdfs.server.namenode.NameNode: createNameNode
[]
2015-05-06 17:00:27,157 INFO org.apache.hadoop.metrics2.impl.MetricsConfig: loaded properties
from hadoop-metrics2.properties
2015-05-06 17:00:27,343 INFO org.apache.hadoop.metrics2.impl.MetricsSystemImpl: Scheduled
snapshot period at 10 second(s).
2015-05-06 17:00:27,343 INFO org.apache.hadoop.metrics2.impl.MetricsSystemImpl: NameNode metrics
system started
2015-05-06 17:00:27,348 INFO org.apache.hadoop.hdfs.server.namenode.NameNode: fs.defaultFS
is hdfs://mey-may-4.vpc.cloudera.com:8020
2015-05-06 17:00:27,348 INFO org.apache.hadoop.hdfs.server.namenode.NameNode: Clients are
to use mey-may-4.vpc.cloudera.com:8020 to access this namenode/service.
2015-05-06 17:00:32,144 ERROR org.apache.hadoop.hdfs.server.namenode.NameNode: Failed to start
namenode.
java.lang.StackOverflowError
        at java.lang.String.indexOf(String.java:1698)
        at java.net.URLStreamHandler.parseURL(URLStreamHandler.java:272)
        at sun.net.www.protocol.file.Handler.parseURL(Handler.java:67)
        at java.net.URL.<init>(URL.java:614)
        at java.net.URL.<init>(URL.java:482)
        at sun.misc.URLClassPath$FileLoader.getResource(URLClassPath.java:1057)
        at sun.misc.URLClassPath$FileLoader.findResource(URLClassPath.java:1047)
        at sun.misc.URLClassPath.findResource(URLClassPath.java:176)
        at java.net.URLClassLoader$2.run(URLClassLoader.java:551)
        at java.net.URLClassLoader$2.run(URLClassLoader.java:549)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findResource(URLClassLoader.java:548)
        at java.lang.ClassLoader.getResource(ClassLoader.java:1147)
        at java.net.URLClassLoader.getResourceAsStream(URLClassLoader.java:227)
        at javax.xml.parsers.SecuritySupport$4.run(SecuritySupport.java:94)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.xml.parsers.SecuritySupport.getResourceAsStream(SecuritySupport.java:87)
        at javax.xml.parsers.FactoryFinder.findJarServiceProvider(FactoryFinder.java:283)
        at javax.xml.parsers.FactoryFinder.find(FactoryFinder.java:255)
        at javax.xml.parsers.DocumentBuilderFactory.newInstance(DocumentBuilderFactory.java:121)
        at org.apache.hadoop.conf.Configuration.loadResource(Configuration.java:2425)
        at org.apache.hadoop.conf.Configuration.loadResources(Configuration.java:2402)
        at org.apache.hadoop.conf.Configuration.getProps(Configuration.java:2319)
        at org.apache.hadoop.conf.Configuration.get(Configuration.java:1146)
        at org.apache.hadoop.security.SecurityUtil.getAuthenticationMethod(SecurityUtil.java:605)
        at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:272)
        at org.apache.hadoop.security.UserGroupInformation.ensureInitialized(UserGroupInformation.java:260)
        at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:804)
        at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774)
        at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647)
        at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2753)
        at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2745)
        at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2611)
        at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
        at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
        at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:88)
{noformat}

.... a lot of repetition ....

{noformat}
        at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
        at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:88)
        at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:65)
        at org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:291)
        at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58)
        at org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:1863)
        at org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1843)
        at org.apache.hadoop.security.LdapGroupsMapping.getPassword(LdapGroupsMapping.java:386)
        at org.apache.hadoop.security.LdapGroupsMapping.setConf(LdapGroupsMapping.java:349)
        at org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:73)
        at org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133)
        at org.apache.hadoop.security.Groups.<init>(Groups.java:70)
        at org.apache.hadoop.security.Groups.<init>(Groups.java:66)
        at org.apache.hadoop.security.Groups.getUserToGroupsMappingService(Groups.java:280)
        at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:283)
        at org.apache.hadoop.security.UserGroupInformation.ensureInitialized(UserGroupInformation.java:260)
        at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:804)
        at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774)
        at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647)
        at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2753)
        at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2745)
        at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2611)
        at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
        at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
2015-05-06 17:00:32,183 INFO org.apache.hadoop.util.ExitUtil: Exiting with status 1
2015-05-06 17:00:32,184 INFO org.apache.hadoop.hdfs.server.namenode.NameNode: SHUTDOWN_MSG:

{noformat}


> Use of JavaKeyStoreProvider in LdapGroupsMapping causes infinite loop
> ---------------------------------------------------------------------
>
>                 Key: HADOOP-11934
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11934
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Mike Yoder
>            Assignee: Larry McCay
>
> I was attempting to use the LdapGroupsMapping code and the JavaKeyStoreProvider at the
same time, and hit a really interesting, yet fatal, issue.  The code goes into what ought
to have been an infinite loop, were it not for it overflowing the stack and Java ending the
loop.  Here is a snippet of the stack; my annotations are at the bottom.
> {noformat}
> 	at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
> 	at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:88)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:65)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:291)
> 	at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58)
> 	at org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:1863)
> 	at org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1843)
> 	at org.apache.hadoop.security.LdapGroupsMapping.getPassword(LdapGroupsMapping.java:386)
> 	at org.apache.hadoop.security.LdapGroupsMapping.setConf(LdapGroupsMapping.java:349)
> 	at org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:73)
> 	at org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133)
> 	at org.apache.hadoop.security.Groups.<init>(Groups.java:70)
> 	at org.apache.hadoop.security.Groups.<init>(Groups.java:66)
> 	at org.apache.hadoop.security.Groups.getUserToGroupsMappingService(Groups.java:280)
> 	at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:283)
> 	at org.apache.hadoop.security.UserGroupInformation.ensureInitialized(UserGroupInformation.java:260)
> 	at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:804)
> 	at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774)
> 	at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647)
> 	at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2753)
> 	at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2745)
> 	at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2611)
> 	at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
> 	at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:88)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:65)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:291)
> 	at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58)
> 	at org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:1863)
> 	at org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1843)
> 	at org.apache.hadoop.security.LdapGroupsMapping.getPassword(LdapGroupsMapping.java:386)
> 	at org.apache.hadoop.security.LdapGroupsMapping.setConf(LdapGroupsMapping.java:349)
> 	at org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:73)
> 	at org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133)
> 	at org.apache.hadoop.security.Groups.<init>(Groups.java:70)
> 	at org.apache.hadoop.security.Groups.<init>(Groups.java:66)
> 	at org.apache.hadoop.security.Groups.getUserToGroupsMappingService(Groups.java:280)
> 	at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:283)
> 	at org.apache.hadoop.security.UserGroupInformation.ensureInitialized(UserGroupInformation.java:260)
> 	at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:804)
> 	at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774)
> 	at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647)
> 	at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2753)
> 	at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2745)
> 	at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2611)
> 	at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
> 	at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296){noformat}
> Here's my annotation, going from bottom to top.
> * Somehow we enter Path.getFileSystem()
> * This goes to FileSystem cache stuff, and then it wants the current user
> * So we get to UserGroupInformation.getCurrentUser(), which as you can imagine gets to
> * getUserToGroupsMappingService and thence to LdapGroupsMapping.setConf().
> * That code gets the needed passwords, and we're using the CredentialProvider, so unsurprisingly
we get to
> * getPasswordFromCredentialProviders() - which chooses the JavaKeyStoreProvider like
I told it to.
> * The JavaKeyStoreProvider, in its constructor, does "fs = path.getFileSystem(conf);"
> * And guess what, we're back in Path.getFileSystem, where we started at the beginning.
> Please let me know if I've somehow configured something incorrectly, but if I have I
can't figure out what it is...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message