hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-6666) Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.
Date Tue, 14 Apr 2015 17:13:13 GMT

     [ https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Chris Nauroth updated HDFS-6666:
--------------------------------
    Release Note: NameNode and DataNode now abort during startup if attempting to run in secure
mode, but block access tokens are not enabled by setting configuration property dfs.block.access.token.enable
to true in hdfs-site.xml.  Previously, this case logged a warning, because this would be an
insecure configuration.  (was: The patch has the following changes:
* Abort namenode and datanode startup if kerberos is enabled but block tokens are not enabled.
* Test case that verifies the appropriate exception is thrown when the cluster is brought
up with kerberos enabled and block tokens disabled (using Chris N's suggestion in the comments))

> Abort NameNode and DataNode startup if security is enabled but block access token is
not enabled.
> -------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-6666
>                 URL: https://issues.apache.org/jira/browse/HDFS-6666
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, namenode, security
>    Affects Versions: 2.7.1
>            Reporter: Chris Nauroth
>            Assignee: Vijay Bhat
>            Priority: Minor
>             Fix For: 2.8.0
>
>         Attachments: HDFS-6666.001.patch, HDFS-6666.002.patch, HDFS-6666.003.patch, HDFS-6666.004.patch,
HDFS-6666.005.patch
>
>
> Currently, if security is enabled by setting hadoop.security.authentication to kerberos,
but HDFS block access tokens are disabled by setting dfs.block.access.token.enable to false
(which is the default), then the NameNode logs an error and proceeds, and the DataNode proceeds
without even logging an error.  This jira proposes that this it's invalid to turn on security
but not turn on block access tokens, and that it would be better to fail fast and abort the
daemons during startup if this happens.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message