hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jitendra Nath Pandey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-2856) Fix block protocol so that Datanodes don't require root or jsvc
Date Fri, 27 Jun 2014 17:56:28 GMT

    [ https://issues.apache.org/jira/browse/HDFS-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14046201#comment-14046201

Jitendra Nath Pandey commented on HDFS-2856:

- For the specialized encrypted handshake, it seems the encrypted key is obtained from namenode
via rpc for every block. That makes it now two RPC calls to namenode for every new block to
write. For a given file, the key should be same and could be obtained only once?
- getEncryptedStreams doesn't use access token. IMO the user and the password should be derived
from the accesstoken rather than the key.
- It might make sense to define the defaults for the new configuration variables in hdfs-default
and/or as constants. It helps in code reading at times.
- Log.debug should be wrapped inside if (Log.isDebugEnabled()) condition.
- checkTrustAndSend obtains new encryption key, irrespective of the qop needed. I believe
the encryption key is needed only for specialized encryption case. 
- SaslDataTransferClient object in  NameNodeConnector.java seems out of place, the NameNodeConnector
is supposed to encapsulate only namenode connections. Can we avoid the saslClient in this
- RemotePeerFactory.java: Javadoc needs update. 
- Minor nit: checkTrustAndSend returns null for skipping handshake which has to be checked
in the caller. It could just return the same stream pair, which otherwise every caller has
to do.

> Fix block protocol so that Datanodes don't require root or jsvc
> ---------------------------------------------------------------
>                 Key: HDFS-2856
>                 URL: https://issues.apache.org/jira/browse/HDFS-2856
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: datanode, security
>    Affects Versions: 3.0.0, 2.4.0
>            Reporter: Owen O'Malley
>            Assignee: Chris Nauroth
>         Attachments: Datanode-Security-Design.pdf, Datanode-Security-Design.pdf, Datanode-Security-Design.pdf,
HDFS-2856-Test-Plan-1.pdf, HDFS-2856.1.patch, HDFS-2856.2.patch, HDFS-2856.3.patch, HDFS-2856.4.patch,
HDFS-2856.5.patch, HDFS-2856.prototype.patch
> Since we send the block tokens unencrypted to the datanode, we currently start the datanode
as root using jsvc and get a secure (< 1024) port.
> If we have the datanode generate a nonce and send it on the connection and the sends
an hmac of the nonce back instead of the block token it won't reveal any secrets. Thus, we
wouldn't require a secure port and would not require root or jsvc.

This message was sent by Atlassian JIRA

View raw message