Return-Path: X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C2E6311F3F for ; Wed, 24 Sep 2014 22:59:34 +0000 (UTC) Received: (qmail 20727 invoked by uid 500); 24 Sep 2014 22:59:34 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 20670 invoked by uid 500); 24 Sep 2014 22:59:34 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 20658 invoked by uid 99); 24 Sep 2014 22:59:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Sep 2014 22:59:34 +0000 Date: Wed, 24 Sep 2014 22:59:34 +0000 (UTC) From: "Yongjun Zhang (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HDFS-7036) HDFS-6776 fix requires to upgrade insecure cluster, which means quite some user pain MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-7036?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14147038#comment-14147038 ] Yongjun Zhang commented on HDFS-7036: ------------------------------------- Hi [~wheat9], One example I described several times and in my previous comment is issuing {{hadoop fs -ls }} from secure cluster side. It's broken for the same reason. Do you suggest to hack the fsshell too or leave it as broken as is? In addition, imagine user could write their own applications to access data in both secure and insecure cluster. Would you please provide some *concrete" example of potential damage? Thanks. > HDFS-6776 fix requires to upgrade insecure cluster, which means quite some user pain > ------------------------------------------------------------------------------------ > > Key: HDFS-7036 > URL: https://issues.apache.org/jira/browse/HDFS-7036 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs > Affects Versions: 2.5.1 > Reporter: Yongjun Zhang > Assignee: Yongjun Zhang > Attachments: HDFS-7036.001.patch > > > Issuing command > {code} > hadoop fs -lsr webhdfs:// > {code} > at a secure cluster side fails with message "Failed to get the token ...", similar symptom as reported in HDFS-6776. > If the fix of HDFS-6776 is applied to only the secure cluster, doing > {code} > distcp webhdfs:// > {code} > would fail same way. > Basically running any application in secure cluster to access insecure cluster via webhdfs would fail the same way, if the HDFS-6776 fix is not applied to the insecure cluster. > This could be quite some user pain. Filing this jira for a solution to make user's life easier. > One proposed solution was to add a msg-parsing mechanism in webhdfs, which is a bit hacky. The other proposed solution is to do the same kind of hack at application side, which means the same hack need to be applied in each application. > Thanks [~daryn], [~wheat9], [~jingzhao], [~tucu00] and [~atm] for the discussion in HDFS-6776. > -- This message was sent by Atlassian JIRA (v6.3.4#6332)