hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-3915) QJM: Failover fails with auth error in secure cluster
Date Tue, 11 Sep 2012 03:04:08 GMT

    [ https://issues.apache.org/jira/browse/HDFS-3915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13452675#comment-13452675
] 

Aaron T. Myers commented on HDFS-3915:
--------------------------------------

+1, the patch looks good to me. 
                
> QJM: Failover fails with auth error in secure cluster
> -----------------------------------------------------
>
>                 Key: HDFS-3915
>                 URL: https://issues.apache.org/jira/browse/HDFS-3915
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: ha, security
>    Affects Versions: QuorumJournalManager (HDFS-3077)
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>         Attachments: hdfs-3915.txt
>
>
> When testing failover in a secure cluster with QJM, we ran into the following error:
> {code}
> java.io.IOException: Exception trying to open authenticated connection to http://xxxxx:8480/getJournal?jid=journal&segmentTxId=4325&storageInfo=-40%3A1049822920%3A0%3ACID-d7c84ac3-bb09-4d55-baae-0d561bb55e9b
> 	at org.apache.hadoop.security.SecurityUtil.openSecureHttpConnection(SecurityUtil.java:510)
> 	at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream$URLLog$1.run(EditLogFileInputStream.java:376)
> ...	at org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.doTailEdits(EditLogTailer.java:217)
> 	at org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.catchupDuringFailover(EditLogTailer.java:176)
> 	at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startActiveServices(FSNamesystem.java:635)
> Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos tgt)
> {code}
> The issue is that the EditLogFileInputStream uses the "current" user, which in the case
of the failover trigger is the admin's remote user, rather than the NN's login user.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message