hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arpit Agarwal (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HDFS-9254) HDFS Secure Mode Documentation updates
Date Fri, 23 Oct 2015 16:38:27 GMT

    [ https://issues.apache.org/jira/browse/HDFS-9254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14971312#comment-14971312
] 

Arpit Agarwal edited comment on HDFS-9254 at 10/23/15 4:37 PM:
---------------------------------------------------------------

So yes it looks like at least the {{SaslRpcClient}} doesn't like principals without a host
component.

{code}
192.168.56.80:8485: Failed on local exception: java.io.IOException: java.lang.IllegalArgumentException:
Kerberos principal name does NOT have the expected hostname part: jn@EXAMPLE.COM; Host Details
: local host is: "cm0.example.com/192.168.56.80"; destination host is: "cm0.example.com":8485;
        at org.apache.hadoop.hdfs.qjournal.client.QuorumException.create(QuorumException.java:81)
        at org.apache.hadoop.hdfs.qjournal.client.QuorumCall.rethrowException(QuorumCall.java:223)
        at org.apache.hadoop.hdfs.qjournal.client.QuorumJournalManager.hasSomeData(QuorumJournalManager.java:232)
        at org.apache.hadoop.hdfs.server.common.Storage.confirmFormat(Storage.java:899)
{code}

Whereas SecurityUtil handles them fine. We should be consistent. I'll file a separate bug
to fix the {{SaslRpcClient}}, and any other components I run into, but also update the doc
patch for now. Thanks for the catch.


was (Author: arpitagarwal):
So yes it looks like at least the Journal Node doesn't like principals without a host component.

{code}
192.168.56.80:8485: Failed on local exception: java.io.IOException: java.lang.IllegalArgumentException:
Kerberos principal name does NOT have the expected hostname part: jn@EXAMPLE.COM; Host Details
: local host is: "cm0.example.com/192.168.56.80"; destination host is: "cm0.example.com":8485;
        at org.apache.hadoop.hdfs.qjournal.client.QuorumException.create(QuorumException.java:81)
        at org.apache.hadoop.hdfs.qjournal.client.QuorumCall.rethrowException(QuorumCall.java:223)
        at org.apache.hadoop.hdfs.qjournal.client.QuorumJournalManager.hasSomeData(QuorumJournalManager.java:232)
        at org.apache.hadoop.hdfs.server.common.Storage.confirmFormat(Storage.java:899)
{code}

Whereas SecurityUtil handles them fine. We should be consistent. I'll file a separate bug
to fix the JN, and any other components I run into, but also update the doc patch for now.
Thanks for the catch.

> HDFS Secure Mode Documentation updates
> --------------------------------------
>
>                 Key: HDFS-9254
>                 URL: https://issues.apache.org/jira/browse/HDFS-9254
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: documentation
>    Affects Versions: 2.7.1
>            Reporter: Arpit Agarwal
>            Assignee: Arpit Agarwal
>         Attachments: HDFS-9254.01.patch
>
>
> Some Kerberos configuration parameters are not documented well enough. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message