[jira] [Commented] (HADOOP-11754) RM fails to start in non-secure mode due to authentication filter failure

[Zhijie Shen (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-11754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14382879#comment-14382879
 ] 

Zhijie Shen commented on HADOOP-11754:
--------------------------------------

bq. There are two ways to do this

Prefer the second way. We still want to load  auth filter with pseudo auth 
handler to accept "user.name=blah blah". Moreover, before HADOOP-10670, the 
semantics is falling back to random secret if no customized secret is given, no 
matter it's from config directly, or read from a configured secret file. After 
that jira, the semantics changed to also failing when error happens in reading 
the secret file. So previously if secret file is empty, it will work. Now even 
though no read failure happens, I'm afraid the empty secret file will still 
bring down the auth filter with null secret object.



> RM fails to start in non-secure mode due to authentication filter failure
> -------------------------------------------------------------------------
>
>                 Key: HADOOP-11754
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11754
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.7.0
>            Reporter: Sangjin Lee
>            Assignee: Haohui Mai
>            Priority: Blocker
>         Attachments: HADOOP-11754-v1.patch, HADOOP-11754-v2.patch
>
>
> RM fails to start in the non-secure mode with the following exception:
> {noformat}
> 2015-03-25 22:02:42,526 WARN org.mortbay.log: failed RMAuthenticationFilter: 
> javax.servlet.ServletException: java.lang.RuntimeException: Could not read 
> signature secret file: /Users/sjlee/hadoop-http-auth-signature-secret
> 2015-03-25 22:02:42,526 WARN org.mortbay.log: Failed startup of context 
> org.mortbay.jetty.webapp.WebAppContext@6de50b08{/,jar:file:/Users/sjlee/hadoop-3.0.0-SNAPSHOT/share/hadoop/yarn/hadoop-yarn-common-3.0.0-SNAPSHOT.jar!/webapps/cluster}
> javax.servlet.ServletException: java.lang.RuntimeException: Could not read 
> signature secret file: /Users/sjlee/hadoop-http-auth-signature-secret
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeSecretProvider(AuthenticationFilter.java:266)
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:225)
>       at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.init(DelegationTokenAuthenticationFilter.java:161)
>       at 
> org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.init(RMAuthenticationFilter.java:53)
>       at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
>       at 
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
>       at 
> org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
>       at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
>       at 
> org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
>       at 
> org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
>       at 
> org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
>       at 
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
>       at 
> org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
>       at 
> org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
>       at 
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
>       at 
> org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
>       at org.mortbay.jetty.Server.doStart(Server.java:224)
>       at 
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
>       at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:773)
>       at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:274)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.startWepApp(ResourceManager.java:974)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1074)
>       at 
> org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1208)
> Caused by: java.lang.RuntimeException: Could not read signature secret file: 
> /Users/sjlee/hadoop-http-auth-signature-secret
>       at 
> org.apache.hadoop.security.authentication.util.FileSignerSecretProvider.init(FileSignerSecretProvider.java:59)
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeSecretProvider(AuthenticationFilter.java:264)
>       ... 23 more
> ...
> 2015-03-25 22:02:42,538 FATAL 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager: Error starting 
> ResourceManager
> org.apache.hadoop.yarn.webapp.WebAppException: Error starting http server
>       at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:279)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.startWepApp(ResourceManager.java:974)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1074)
>       at 
> org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1208)
> Caused by: java.io.IOException: Problem in starting http server. Server 
> handlers failed
>       at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:785)
>       at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:274)
>       ... 4 more
> {noformat}
> This is likely a regression introduced by HADOOP-10670.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)