hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse Yates (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-10383) Secure Bulk Load for 'completebulkload' fails for version 0.94.15
Date Thu, 23 Jan 2014 22:17:45 GMT

    [ https://issues.apache.org/jira/browse/HBASE-10383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13880432#comment-13880432
] 

Jesse Yates edited comment on HBASE-10383 at 1/23/14 10:16 PM:
---------------------------------------------------------------

Sat with Lars for a little while and figured out what was going on.  The changes that need
to be made are:
* Adding in [~kashifjs@huawei.com]'s changes - definitely needed
* remove setting the UserProvider and add back in the boolean override flag
** the default provider already says security is false in minicluster (so no tokens are created,
which is currently happening). Setting the provider also messes with the mini-cluster configuration.
* SecureBulkLoadEndpoint does not honor DoNotRetryIOExceptions, so that needs to be rethrown
to avoid endless retries (lines 172-200).
** This case is covered in TestLoadIncrementalHFiles#testNonexistentColumnFamilyLoad()
** It not clear how this worked at all...Essentially, the secure client has to do a doAs call,
but that just ignores any exception thrown and returns false, which means "recoverable exception"
from the HRegion return value. Unfortunately, its an annonymous inner class, so we have to
do a little hacky to make it work around return values (but that's java for ya!). 
* SecureBulkLoads don't need an extra retry loop on the server callable
** Actually, not strictly necessary, but does help the retry fix above. 
** The callable is actually wrapped in two layers (one from the BulkLoad client and one from
the SecureBulkLoad client), leading to many more retries than necessary.

I'll look into TestSecureLoadIncrementalHFilesSplitRecovery to see if that also needs a similar
fix for the user provider (probably for the UP stuff, at a minimum).


was (Author: jesse_yates):
Sat with Lars for a little while and figured out what was going on.  The changes that need
to be made are:
* Adding in [~kashifjs@huawei.com]'s changes - definitely needed
* remove setting the UserProvider and add back in the boolean override flag
** the default provider already says security is false in minicluster (so no tokens are created,
which is currently happening). Setting the provider also messes with the mini-cluster configuration.
* SecureBulkLoadEndpoint does not honor DoNotRetryIOExceptions, so that needs to be rethrown
to avoid endless retries (lines 172-200).
** This case is covered in TestLoadIncrementalHFiles#testNonexistentColumnFamilyLoad()
** It not clear how this worked at all...Essentially, the secure client has to do a doAs call,
but that just ignores any exception thrown and returns false, which means "recoverable exception"
from the HRegion return value. Unfortunately, its an annonymous inner class, so we have to
do a little hacky to make it work around return values (but that's java for ya!). 
* SecureBulkLoads don't need an extra retry loop on the server callable
** Actually, not strictly necessary, but does help the retry fix above. 
**The callable is actually wrapped in two layers (one from the BulkLoad client and one from
the SecureBulkLoad client), leading to many more retries than necessary.

I'll look into TestSecureLoadIncrementalHFilesSplitRecovery to see if that also needs a similar
fix for the user provider (probably for the UP stuff, at a minimum).

> Secure Bulk Load for 'completebulkload' fails for version 0.94.15
> -----------------------------------------------------------------
>
>                 Key: HBASE-10383
>                 URL: https://issues.apache.org/jira/browse/HBASE-10383
>             Project: HBase
>          Issue Type: Bug
>          Components: Coprocessors
>    Affects Versions: 0.94.15
>            Reporter: Kashif J S
>            Assignee: Kashif J S
>            Priority: Critical
>             Fix For: 0.94.17
>
>         Attachments: 10383.txt, HBASE-10383-v2.patch
>
>
> Secure Bulk Load with kerberos enabled fails for Complete Bulk LoadLoadIncrementalHfile
with following exception         ERROR org.apache.hadoop.hbase.regionserver.HRegionServer:

> org.apache.hadoop.hbase.ipc.HBaseRPC$UnknownProtocolException: No matching handler for
protocol org.apache.hadoop.hbase.security.access.SecureBulkLoadProtocol in region t1,,1389699438035.28bb0284d971d0676cf562efea80199b.
>  at org.apache.hadoop.hbase.regionserver.HRegion.exec(HRegion.java)
>  at org.apache.hadoop.hbase.regionserver.HRegionServer.execCoprocessor(HRegionServer.java)
>  at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
>  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java)
>  at java.lang.reflect.Method.invoke(Method.java)
>  at org.apache.hadoop.hbase.ipc.SecureRpcEngine$Server.call(SecureRpcEngine.java)
>  at org.apache.hadoop.hbase.ipc.HBaseServer$Handler.run(HBaseServer.java) 



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message