hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-3059) ssl-server.xml causes NullPointer
Date Wed, 07 Mar 2012 17:24:58 GMT

    [ https://issues.apache.org/jira/browse/HDFS-3059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13224518#comment-13224518
] 

Aaron T. Myers commented on HDFS-3059:
--------------------------------------

Hey Evert, good find. The patch looks pretty good to me. I think it could be improved a little
bit by having the error message include what actual config parameter(s) are missing from ssl-server.xml.
Otherwise, users are still going to have to look at the code to figure out what they need
to change. Do you agree?

Also, you mention that this patch would need to be ported to 1.0 as well, but it looks to
me like this patch isn't written against trunk. What version of Hadoop was it written for?
In general, we require that all patches first be provided for trunk, and then be back-ported
to maintenance branches like branch-1.0.
                
> ssl-server.xml causes NullPointer
> ---------------------------------
>
>                 Key: HDFS-3059
>                 URL: https://issues.apache.org/jira/browse/HDFS-3059
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: data-node, security
>    Affects Versions: 0.20.205.0, 1.0.0
>         Environment: in core-site.xml:
> {code:xml}
>   <property>
>     <name>hadoop.security.authentication</name>
>     <value>kerberos</value>
>   </property>
>   <property>
>     <name>hadoop.security.authorization</name>
>     <value>true</value>
>   </property>
> {code}
> in hdfs-site.xml:
> {code:xml}
>   <property>
>     <name>dfs.https.server.keystore.resource</name>
>     <value>/etc/hadoop/conf/ssl-server.xml</value>
>   </property>
>   <property>
>     <name>dfs.https.enable</name>
>     <value>true</value>
>   </property>
>   <property>
>     ...other security props
>   </property>
> {code}
>            Reporter: Evert Lammerts
>            Priority: Minor
>         Attachments: HDFS-3059.patch
>
>
> If ssl is enabled (dfs.https.enable) but ssl-server.xml is not available, a DN will crash
during startup while setting up an SSL socket with a NullPointerException:
> {noformat}12/03/07 17:08:36 DEBUG security.Krb5AndCertsSslSocketConnector: useKerb =
false, useCerts = true
> jetty.ssl.password : jetty.ssl.keypassword : 12/03/07 17:08:36 INFO mortbay.log: jetty-6.1.26.cloudera.1
> 12/03/07 17:08:36 INFO mortbay.log: Started SelectChannelConnector@p-worker35.alley.sara.nl:1006
> 12/03/07 17:08:36 DEBUG security.Krb5AndCertsSslSocketConnector: Creating new KrbServerSocket
for: 0.0.0.0
> 12/03/07 17:08:36 WARN mortbay.log: java.lang.NullPointerException
> 12/03/07 17:08:36 WARN mortbay.log: failed Krb5AndCertsSslSocketConnector@0.0.0.0:50475:
java.io.IOException: !JsseListener: java.lang.NullPointerException
> 12/03/07 17:08:36 WARN mortbay.log: failed Server@604788d5: java.io.IOException: !JsseListener:
java.lang.NullPointerException
> 12/03/07 17:08:36 INFO mortbay.log: Stopped Krb5AndCertsSslSocketConnector@0.0.0.0:50475
> 12/03/07 17:08:36 INFO mortbay.log: Stopped SelectChannelConnector@p-worker35.alley.sara.nl:1006
> 12/03/07 17:08:37 INFO datanode.DataNode: Waiting for threadgroup to exit, active threads
is 0{noformat}
> The same happens if I set an absolute path to an existing dfs.https.server.keystore.resource
- in this case the file cannot be found but not even a WARN is given.
> Since in dfs.https.server.keystore.resource we know we need to have 4 properties specified
(ssl.server.truststore.location, ssl.server.keystore.location, ssl.server.keystore.password,
and ssl.server.keystore.keypassword) we should check if they are set and throw an IOException
if they are not.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message