Return-Path: 
 <hdfs-issues-return-141804-apmail-hadoop-hdfs-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 62E0E1848C
	for <apmail-hadoop-hdfs-issues-archive@minotaur.apache.org>;
 Tue, 20 Oct 2015 01:24:33 +0000 (UTC)
Received: (qmail 78348 invoked by uid 500); 20 Oct 2015 01:24:28 -0000
Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org
Received: (qmail 78274 invoked by uid 500); 20 Oct 2015 01:24:28 -0000
Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:hdfs-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:hdfs-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:hdfs-issues@hadoop.apache.org>
List-Id: <hdfs-issues.hadoop.apache.org>
Reply-To: hdfs-issues@hadoop.apache.org
Delivered-To: mailing list hdfs-issues@hadoop.apache.org
Received: (qmail 78206 invoked by uid 99); 20 Oct 2015 01:24:28 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Oct 2015 01:24:28 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id D8E762C1F6F
	for <hdfs-issues@hadoop.apache.org>; Tue, 20 Oct 2015 01:24:27 +0000 (UTC)
Date: Tue, 20 Oct 2015 01:24:27 +0000 (UTC)
From: "Xiao Chen (JIRA)" <jira@apache.org>
To: hdfs-issues@hadoop.apache.org
Message-ID: <JIRA.12545531.1331138004000.3379.1445304267885@Atlassian.JIRA>
In-Reply-To: <JIRA.12545531.1331138004000@Atlassian.JIRA>
References: <JIRA.12545531.1331138004000@Atlassian.JIRA>
 <JIRA.12545531.1331138004977@arcas>
Subject: [jira] [Updated] (HDFS-3059) ssl-server.xml causes NullPointer
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HDFS-3059?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Xiao Chen updated HDFS-3059:
----------------------------
    Status: Open  (was: Patch Available)

> ssl-server.xml causes NullPointer
> ---------------------------------
>
>                 Key: HDFS-3059
>                 URL: https://issues.apache.org/jira/browse/HDFS-3059
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, security
>    Affects Versions: 2.7.1
>         Environment: in core-site.xml:
> {code:xml}
>   <property>
>     <name>hadoop.security.authentication</name>
>     <value>kerberos</value>
>   </property>
>   <property>
>     <name>hadoop.security.authorization</name>
>     <value>true</value>
>   </property>
> {code}
> in hdfs-site.xml:
> {code:xml}
>   <property>
>     <name>dfs.https.server.keystore.resource</name>
>     <value>/etc/hadoop/conf/ssl-server.xml</value>
>   </property>
>   <property>
>     <name>dfs.https.enable</name>
>     <value>true</value>
>   </property>
>   <property>
>     ...other security props
>   </property>
> {code}
>            Reporter: Evert Lammerts
>            Assignee: Xiao Chen
>            Priority: Minor
>              Labels: BB2015-05-TBR
>         Attachments: HDFS-3059.02.patch, HDFS-3059.03.patch, HDFS-3059.04.patch, HDFS-3059.05.patch, HDFS-3059.06.patch, HDFS-3059.07.patch, HDFS-3059.patch, HDFS-3059.patch.2
>
>
> If ssl is enabled (dfs.https.enable) but ssl-server.xml is not available, a DN will crash during startup while setting up an SSL socket with a NullPointerException:
> {noformat}12/03/07 17:08:36 DEBUG security.Krb5AndCertsSslSocketConnector: useKerb = false, useCerts = true
> jetty.ssl.password : jetty.ssl.keypassword : 12/03/07 17:08:36 INFO mortbay.log: jetty-6.1.26.cloudera.1
> 12/03/07 17:08:36 INFO mortbay.log: Started SelectChannelConnector@p-worker35.alley.sara.nl:1006
> 12/03/07 17:08:36 DEBUG security.Krb5AndCertsSslSocketConnector: Creating new KrbServerSocket for: 0.0.0.0
> 12/03/07 17:08:36 WARN mortbay.log: java.lang.NullPointerException
> 12/03/07 17:08:36 WARN mortbay.log: failed Krb5AndCertsSslSocketConnector@0.0.0.0:50475: java.io.IOException: !JsseListener: java.lang.NullPointerException
> 12/03/07 17:08:36 WARN mortbay.log: failed Server@604788d5: java.io.IOException: !JsseListener: java.lang.NullPointerException
> 12/03/07 17:08:36 INFO mortbay.log: Stopped Krb5AndCertsSslSocketConnector@0.0.0.0:50475
> 12/03/07 17:08:36 INFO mortbay.log: Stopped SelectChannelConnector@p-worker35.alley.sara.nl:1006
> 12/03/07 17:08:37 INFO datanode.DataNode: Waiting for threadgroup to exit, active threads is 0{noformat}
> The same happens if I set an absolute path to an existing dfs.https.server.keystore.resource - in this case the file cannot be found but not even a WARN is given.
> Since in dfs.https.server.keystore.resource we know we need to have 4 properties specified (ssl.server.truststore.location, ssl.server.keystore.location, ssl.server.keystore.password, and ssl.server.keystore.keypassword) we should check if they are set and throw an IOException if they are not.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)