From common-issues-return-147225-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org Fri Jan 26 00:38:06 2018 Return-Path: X-Original-To: archive-asf-public@eu.ponee.io Delivered-To: archive-asf-public@eu.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by mx-eu-01.ponee.io (Postfix) with ESMTP id B3A43180676 for ; Fri, 26 Jan 2018 00:38:06 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id A16F6160C3D; Thu, 25 Jan 2018 23:38:06 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id EB590160C4F for ; Fri, 26 Jan 2018 00:38:05 +0100 (CET) Received: (qmail 84557 invoked by uid 500); 25 Jan 2018 23:38:04 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 84513 invoked by uid 99); 25 Jan 2018 23:38:04 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Jan 2018 23:38:04 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 4EA71180948 for ; Thu, 25 Jan 2018 23:38:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -110.311 X-Spam-Level: X-Spam-Status: No, score=-110.311 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id imf3nGRRJqdD for ; Thu, 25 Jan 2018 23:38:03 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id EFAA85F5F8 for ; Thu, 25 Jan 2018 23:38:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id A65F8E0F6D for ; Thu, 25 Jan 2018 23:38:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 4089C2410C for ; Thu, 25 Jan 2018 23:38:00 +0000 (UTC) Date: Thu, 25 Jan 2018 23:38:00 +0000 (UTC) From: "Xiaoyu Yao (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-14969) Improve diagnostics in secure DataNode startup MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-14969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16340297#comment-16340297 ] Xiaoyu Yao commented on HADOOP-14969: ------------------------------------- Thanks [~ajayydv] for working on this. Patch v4 looks good to me, just two minor issue: Datanode.java Line 1482: can we add a LOG.info("Privileged Resources = {}, saslPropsResolver = {}", haveResources, haveSaslProps) for troubleshooting? Line 1505: should be "and SSL for HTTP" > Improve diagnostics in secure DataNode startup > ---------------------------------------------- > > Key: HADOOP-14969 > URL: https://issues.apache.org/jira/browse/HADOOP-14969 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Ajay Kumar > Assignee: Ajay Kumar > Priority: Major > Attachments: HADOOP-14969.001.patch, HADOOP-14969.002.patch, HADOOP-14969.003.patch, HADOOP-14969.004.patch > > > When DN secure mode configuration is incorrect, it throws the following exception from Datanode#checkSecureConfig > {code} > private static void checkSecureConfig(DNConf dnConf, Configuration conf, > SecureResources resources) throws RuntimeException { > if (!UserGroupInformation.isSecurityEnabled()) { > return; > } > ... > throw new RuntimeException("Cannot start secure DataNode without " + > "configuring either privileged resources or SASL RPC data transfer " + > "protection and SSL for HTTP. Using privileged resources in " + > "combination with SASL RPC data transfer protection is not supported."); > {code} > The DN should print more useful diagnostics as to what exactly what went wrong. > Also when starting secure DN with resources then the startup scripts should launch the SecureDataNodeStarter class. If no SASL is configured and SecureDataNodeStarter is not used, then we could mention that too. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org