hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anatoli Shein (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-11908) libhdfs++: Authentication failure when first NN of kerberized HA cluster is standby
Date Fri, 07 Jul 2017 19:13:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-11908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16078542#comment-16078542
] 

Anatoli Shein commented on HDFS-11908:
--------------------------------------

+1. The patch looks good to me. Nice and straightforward solution. We do need to add some
test coverage though for HA and kerberos stuff soon. 

> libhdfs++: Authentication failure when first NN of kerberized HA cluster is standby
> -----------------------------------------------------------------------------------
>
>                 Key: HDFS-11908
>                 URL: https://issues.apache.org/jira/browse/HDFS-11908
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: hdfs-client
>            Reporter: James Clampffer
>            Assignee: James Clampffer
>         Attachments: HDFS-11908.HDFS-8707.000.patch
>
>
> Library won't properly authenticate to kerberized HA cluster if the first namenode it
tries to connect to is the standby.  RpcConnection ends up attempting to use simple auth.
> Control flow to connect to NN for the first time:
> # RpcConnection constructed with a pointer to the RpcEngine as the only argument
> # RpcConnection::Connect(server endpoints, auth_info, callback called)
> ** auth_info contains the SASL mechanism to use + the delegation token if we already
have one
> Control flow to connect to NN after failover:
> # RpcEngine::NewConnection called, allocates an RpcConnection exactly how step 1 above
would
> # RpcEngine::InitializeConnection called, sets event hooks and a string for cluster name
> # Rpc calls sent using RpcConnection::PreEnqueueRequests called to add RPC message that
didn't make it on last call due to standby exception
> # RpcConnection::ConnectAndFlush called to send RPC packets. This only takes server endpoints,
no auth info
> To fix:
> RpcEngine::InitializeConnection just needs to set RpcConnection::auth_info_ from the
existing RpcEngine::auth_info_, even better would be setting this in the constructor so if
an RpcConnection exists it can be expected to be in a usable state.  I'll get a diff up once
I sort out CI build failures.
> Also really need to get CI test coverage for HA and kerberos because this issue should
not have been around for so long.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message