[
https://issues.apache.org/jira/browse/GIRAPH-211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eugene Koontz updated GIRAPH-211:
---------------------------------
Attachment: GIRAPH-211.patch
Avery, modified your patch to fix one problem: a NPE in
NettyClient.sendWritableRequest() when the supplied destWorkerId param is null.
This null param happens when requests are made to the master when
sendWritableRequest() is called by NettyClient.authenticateOnChannel().
With Avery's fix for GIRAPH-360, we associate each request with the taskId of
the worker that is making the request, and use a pair <taskid,requestid> as the
key for tracking requests in the clientRequestIdRequestInfoMap. However, the
Giraph master is not associated with a taskId, and so its taskid is null.
It wouldn't be a problem that the master has a null task id for normal Giraph
requests, but for authentication, workers need to authenticate with the master
just as they must do with the other workers.
This patch works around the problem by simply not registering authentication
requests (requests with type=SASL_TOKEN_MESSAGE_REQUEST) with the
clientRequestIdRequestInfoMap. In other words, it's another workaround like the
"-2" presence in my previous patches. I know this is not ideal, but I wanted to
keep the momentum going for this JIRA.
Rather than this workaround, I thought a possible solution would be a separate
client-side pipeline component that handles request tracking. We'd move the
clientRequestIdRequestInfoMap into this component, which would handles the
tracking functionality that currently is spread across
NettyClient.sendWritableRequest(), .waitAllRequests(), and
ResponseClientHandler.messageReceived().
Or, maybe I'm missing something obvious and easy :)
Tested this patch successfully with:
{code}
mvn -Phadoop_non_secure clean verify && mvn -Phadoop_0.20.203 clean verify &&
mvn -Phadoop_1.0 clean verify && mvn -Phadoop0.23 clean verify && mvn
-Phadoop_2.0.0 clean verify && mvn -Phadoop_2.0.1 clean verify && mvn
-Phadoop_2.0.2 clean verify
{code}
> Add secure authentication to Netty IPC
> --------------------------------------
>
> Key: GIRAPH-211
> URL: https://issues.apache.org/jira/browse/GIRAPH-211
> Project: Giraph
> Issue Type: Improvement
> Reporter: Eugene Koontz
> Assignee: Eugene Koontz
> Fix For: 0.2.0
>
> Attachments: GIRAPH-211.2.patch, GIRAPH-211.3.patch,
> GIRAPH-211.4.patch, GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211.patch,
> GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211.patch,
> GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211.patch, GIRAPH-211-proposal.txt
>
>
> Gianmarco De Francisci Morales asked on the user list:
> bq. I am getting the exception in the subject when running my giraph program
> bq. on a cluster with Kerberos authentication.
> This leads to the idea of having Kerberos authentication supported within
> GIRAPH. Hopefully it would use our fast GIRAPH-37 IPC, but could also
> interoperate with Hadoop security.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
