From common-issues-return-146754-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org Fri Jan 12 12:25:10 2018 Return-Path: X-Original-To: archive-asf-public@eu.ponee.io Delivered-To: archive-asf-public@eu.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by mx-eu-01.ponee.io (Postfix) with ESMTP id F0446180621 for ; Fri, 12 Jan 2018 12:25:09 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id E03FE160C33; Fri, 12 Jan 2018 11:25:09 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 32C1F160C30 for ; Fri, 12 Jan 2018 12:25:09 +0100 (CET) Received: (qmail 40266 invoked by uid 500); 12 Jan 2018 11:25:08 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 40254 invoked by uid 99); 12 Jan 2018 11:25:08 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Jan 2018 11:25:08 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id A34081808D0 for ; Fri, 12 Jan 2018 11:25:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -107.911 X-Spam-Level: X-Spam-Status: No, score=-107.911 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_ASCII_DIVIDERS=0.8, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 7qIc-3f5TP6k for ; Fri, 12 Jan 2018 11:25:06 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 328825F250 for ; Fri, 12 Jan 2018 11:25:06 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 68A04E039B for ; Fri, 12 Jan 2018 11:25:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 2BE1B240CA for ; Fri, 12 Jan 2018 11:25:00 +0000 (UTC) Date: Fri, 12 Jan 2018 11:25:00 +0000 (UTC) From: "Steve Loughran (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-14969) Improve diagnostics in secure DataNode startup MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-14969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16323840#comment-16323840 ] Steve Loughran commented on HADOOP-14969: ----------------------------------------- I'd prefer IOEs to get thrown, its what more things expect and catch. I know that{{checkSecureConfig}} doesn't throw IOEs, but as it is only called from the DN constructor, it's easy to add and nothing can break > Improve diagnostics in secure DataNode startup > ---------------------------------------------- > > Key: HADOOP-14969 > URL: https://issues.apache.org/jira/browse/HADOOP-14969 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Ajay Kumar > Assignee: Ajay Kumar > Attachments: HADOOP-14969.001.patch, HADOOP-14969.002.patch, HADOOP-14969.003.patch, HADOOP-14969.004.patch > > > When DN secure mode configuration is incorrect, it throws the following exception from Datanode#checkSecureConfig > {code} > private static void checkSecureConfig(DNConf dnConf, Configuration conf, > SecureResources resources) throws RuntimeException { > if (!UserGroupInformation.isSecurityEnabled()) { > return; > } > ... > throw new RuntimeException("Cannot start secure DataNode without " + > "configuring either privileged resources or SASL RPC data transfer " + > "protection and SSL for HTTP. Using privileged resources in " + > "combination with SASL RPC data transfer protection is not supported."); > {code} > The DN should print more useful diagnostics as to what exactly what went wrong. > Also when starting secure DN with resources then the startup scripts should launch the SecureDataNodeStarter class. If no SASL is configured and SecureDataNodeStarter is not used, then we could mention that too. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org