hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-3915) QJM: Failover fails with auth error in secure cluster
Date Mon, 10 Sep 2012 22:30:07 GMT
Todd Lipcon created HDFS-3915:
---------------------------------

             Summary: QJM: Failover fails with auth error in secure cluster
                 Key: HDFS-3915
                 URL: https://issues.apache.org/jira/browse/HDFS-3915
             Project: Hadoop HDFS
          Issue Type: Sub-task
          Components: ha, security
    Affects Versions: QuorumJournalManager (HDFS-3077)
            Reporter: Todd Lipcon
            Assignee: Todd Lipcon
         Attachments: hdfs-3915.txt

When testing failover in a secure cluster with QJM, we ran into the following error:
{code}
java.io.IOException: Exception trying to open authenticated connection to http://xxxxx:8480/getJournal?jid=journal&segmentTxId=4325&storageInfo=-40%3A1049822920%3A0%3ACID-d7c84ac3-bb09-4d55-baae-0d561bb55e9b
	at org.apache.hadoop.security.SecurityUtil.openSecureHttpConnection(SecurityUtil.java:510)
	at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream$URLLog$1.run(EditLogFileInputStream.java:376)
...	at org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.doTailEdits(EditLogTailer.java:217)
	at org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.catchupDuringFailover(EditLogTailer.java:176)
	at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startActiveServices(FSNamesystem.java:635)
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any
Kerberos tgt)
{code}

The issue is that the EditLogFileInputStream uses the "current" user, which in the case of
the failover trigger is the admin's remote user, rather than the NN's login user.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message