hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7073) Allow falling back to a non-SASL connection on DataTransferProtocol in several edge cases.
Date Sat, 20 Sep 2014 16:02:37 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14142070#comment-14142070
] 

Hudson commented on HDFS-7073:
------------------------------

FAILURE: Integrated in Hadoop-Mapreduce-trunk #1902 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1902/])
HDFS-7073. Allow falling back to a non-SASL connection on DataTransferProtocol in several
edge cases. Contributed by Chris Nauroth. (cnauroth: rev f85cc14eb49a46e81d2edcdc1ffe4d0852f193a5)
* hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/RpcEngine.java
* hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestSaslDataTransfer.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/ConfiguredFailoverProxyProvider.java
* hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestRPC.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/balancer/NameNodeConnector.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HAUtil.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NamenodeFsck.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/NameNodeProxies.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
* hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/RPC.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/balancer/Dispatcher.java
* hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/ha/TestRetryCacheWithHA.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DNConf.java
* hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/WritableRpcEngine.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
* hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/ha/AbstractNNFailoverProxyProvider.java
* hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/ProtobufRpcEngine.java
* hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
* hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt


> Allow falling back to a non-SASL connection on DataTransferProtocol in several edge cases.
> ------------------------------------------------------------------------------------------
>
>                 Key: HDFS-7073
>                 URL: https://issues.apache.org/jira/browse/HDFS-7073
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, hdfs-client, security
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>             Fix For: 2.6.0
>
>         Attachments: HDFS-7073.1.patch, HDFS-7073.2.patch, HDFS-7073.3.patch
>
>
> HDFS-2856 implemented general SASL support on DataTransferProtocol.  Part of that work
also included a fallback mode in case the remote cluster is running under a different configuration
without SASL.  I've discovered a few edge case configurations that this did not support:
> * Cluster is unsecured, but has block access tokens enabled.  This is not something I've
seen done in practice, but I've heard historically it has been allowed.  The HDFS-2856 code
relied on seeing an empty block access token to trigger fallback, and this doesn't work if
the unsecured cluster actually is using block access tokens.
> * The DataNode has an unpublicized testing configuration property that could be used
to skip the privileged port check.  However, the HDFS-2856 code is still enforcing requirement
of SASL when the ports are not privileged, so this would force existing configurations to
make changes to activate SASL.
> This patch will restore the old behavior so that these edge case configurations will
continue to work the same way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message