Return-Path: 
 <issues-return-101736-apmail-hbase-issues-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-issues-archive@www.apache.org
Delivered-To: apmail-hbase-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3E4AC1090F
	for <apmail-hbase-issues-archive@www.apache.org>;
 Wed, 19 Jun 2013 06:49:24 +0000 (UTC)
Received: (qmail 44687 invoked by uid 500); 19 Jun 2013 06:49:23 -0000
Delivered-To: apmail-hbase-issues-archive@hbase.apache.org
Received: (qmail 44625 invoked by uid 500); 19 Jun 2013 06:49:22 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 44451 invoked by uid 99); 19 Jun 2013 06:49:21 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jun 2013 06:49:21 +0000
Date: Wed, 19 Jun 2013 06:49:21 +0000 (UTC)
From: "Water Chow (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.12634572.1362039159078.138732.1371624561146@arcas>
In-Reply-To: <JIRA.12634572.1362039159078@arcas>
References: <JIRA.12634572.1362039159078@arcas>
Subject: [jira] [Commented] (HBASE-7963) HBase VerifyReplication not working
 when security enabled
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HBASE-7963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13687675#comment-13687675 ] 

Water Chow commented on HBASE-7963:
-----------------------------------

Yes, Enis Soztutar. It's just because that when security enabled, MR do not have the auth to read the replication paths "/hbase/replication/*" on ZK;
                
> HBase VerifyReplication not working when security enabled
> ---------------------------------------------------------
>
>                 Key: HBASE-7963
>                 URL: https://issues.apache.org/jira/browse/HBASE-7963
>             Project: HBase
>          Issue Type: Bug
>          Components: Replication, security
>    Affects Versions: 0.94.5
>         Environment: Security is enabled on both clusters and all principals are in the same realm.
>            Reporter: Water Chow
>         Attachments: HBASE-7963-0.94.patch, HBASE-7963-0.94-v1.patch
>
>
> When security is enabled, HBase VerifyReplication fails for two reasons:
> 1.MapReduce do not have the auth to read the replication paths "/hbase/replication/*" on ZK;
> 2.VerifyReplication does not get the token for slave cluster, it's different from HBASE-7442, this VerifyReplication does not have the output.
> {noformat}
> WARN [main] org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation: RemoteException connecting to RS
> javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched response.
> 		 at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.readStatus(HBaseSaslRpcClient.java:112)
> 		 at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:174)
> 		 at org.apache.hadoop.hbase.ipc.SecureClient$SecureConnection.setupSaslConnection(SecureClient.java:177)
> 		 at org.apache.hadoop.hbase.ipc.SecureClient$SecureConnection.access$500(SecureClient.java:85)
> 		 at org.apache.hadoop.hbase.ipc.SecureClient$SecureConnection$2.run(SecureClient.java:284)
> 		 at org.apache.hadoop.hbase.ipc.SecureClient$SecureConnection$2.run(SecureClient.java:281)
> 		 at java.security.AccessController.doPrivileged(Native Method)
> 		 at javax.security.auth.Subject.doAs(Subject.java:396)
> 		 at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1232)
> 		 at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
> 		 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 		 at java.lang.reflect.Method.invoke(Method.java:597)
> 		 at org.apache.hadoop.hbase.util.Methods.call(Methods.java:37)
> 		 at org.apache.hadoop.hbase.security.User.call(User.java:586)
> 		 at org.apache.hadoop.hbase.security.User.access$700(User.java:50)
> 		 at org.apache.hadoop.hbase.security.User$SecureHadoopUser.runAs(User.java:440)
> 		 at org.apache.hadoop.hbase.ipc.SecureClient$SecureConnection.setupIOstreams(SecureClient.java:280)
> 		 at org.apache.hadoop.hbase.ipc.HBaseClient.getConnection(HBaseClient.java:1150)
> 		 at org.apache.hadoop.hbase.ipc.HBaseClient.call(HBaseClient.java:1000)
> 		 at org.apache.hadoop.hbase.ipc.SecureRpcEngine$Invoker.invoke(SecureRpcEngine.java:164)
> 		 at $Proxy13.getProtocolVersion(Unknown Source)
> 		 at org.apache.hadoop.hbase.ipc.SecureRpcEngine.getProxy(SecureRpcEngine.java:208)
> 		 at org.apache.hadoop.hbase.ipc.HBaseRPC.getProxy(HBaseRPC.java:335)
> 		 at org.apache.hadoop.hbase.ipc.HBaseRPC.getProxy(HBaseRPC.java:312)
> 		 at org.apache.hadoop.hbase.ipc.HBaseRPC.getProxy(HBaseRPC.java:364)
> 		 at org.apache.hadoop.hbase.ipc.HBaseRPC.waitForProxy(HBaseRPC.java:236)
> 		 at org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation.getHRegionConnection(HConnectionManager.java:1313)
> 		 at org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation.getHRegionConnection(HConnectionManager.java:1269)
> 		 at org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation.getHRegionConnection(HConnectionManager.java:1256)
> 		 at org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation.locateRegionInMeta(HConnectionManager.java:965)
> 		 at org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation.locateRegion(HConnectionManager.java:860)
> 		 at org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation.locateRegionInMeta(HConnectionManager.java:962)
> 		 at org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation.locateRegion(HConnectionManager.java:864)
> 		 at org.apache.hadoop.hbase.client.HConnectionManager$HConnectionImplementation.locateRegion(HConnectionManager.java:821)
> 		 at org.apache.hadoop.hbase.client.HTable.finishSetup(HTable.java:234)
> 		 at org.apache.hadoop.hbase.client.HTable.<init>(HTable.java:174)
> 		 at org.apache.hadoop.hbase.client.HTable.<init>(HTable.java:133)
> 		 at org.apache.hadoop.hbase.mapreduce.replication.VerifyReplication$Verifier$1.connect(VerifyReplication.java:117)
> 		 at org.apache.hadoop.hbase.mapreduce.replication.VerifyReplication$Verifier$1.connect(VerifyReplication.java:110)
> 		 at org.apache.hadoop.hbase.client.HConnectionManager.execute(HConnectionManager.java:360)
> 		 at org.apache.hadoop.hbase.mapreduce.replication.VerifyReplication$Verifier.map(VerifyReplication.java:110)
> 		 at org.apache.hadoop.hbase.mapreduce.replication.VerifyReplication$Verifier.map(VerifyReplication.java:74)
> 		 at org.apache.hadoop.mapreduce.Mapper.run(Mapper.java:144)
> 		 at org.apache.hadoop.mapred.MapTask.runNewMapper(MapTask.java:726)
> 		 at org.apache.hadoop.mapred.MapTask.run(MapTask.java:333)
> 		 at org.apache.hadoop.mapred.YarnChild$2.run(YarnChild.java:154)
> 		 at java.security.AccessController.doPrivileged(Native Method)
> 		 at javax.security.auth.Subject.doAs(Subject.java:396)
> 		 at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1232)
> 		 at org.apache.hadoop.mapred.YarnChild.main(YarnChild.java:149)
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira