hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4448) HA NN does not start with wildcard address configured for other NN when security is enabled
Date Tue, 29 Jan 2013 14:41:13 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13565405#comment-13565405
] 

Daryn Sharp commented on HDFS-4448:
-----------------------------------

Does this present any issues for kerberos authentication on the multiple interfaces?  I think
we'd need principals for each canonical hostname of all interfaces, which I'm not sure the
security infrastructure will support?  Although perhaps I'm misunderstanding the issue.
                
> HA NN does not start with wildcard address configured for other NN when security is enabled
> -------------------------------------------------------------------------------------------
>
>                 Key: HDFS-4448
>                 URL: https://issues.apache.org/jira/browse/HDFS-4448
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: ha, namenode, security
>    Affects Versions: 2.0.3-alpha
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: HDFS-4448.patch, HDFS-4448.patch
>
>
> Currently if one tries to configure HA NNs use the wildcard HTTP address when security
is enabled, the NN will fail to start with an error like the following:
> {code}
> java.lang.IllegalArgumentException: java.io.IOException: Cannot use a wildcard address
with security. Must explicitly set bind address for Kerberos
> {code}
> This is the case even if one configures an actual address for the other NN's HTTP address.
There's no good reason for this, since we now check for the local address being set to 0.0.0.0
and determine the canonical hostname for Kerberos purposes using {{InetAddress.getLocalHost().getCanonicalHostName()}},
so we should remove the restriction.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message