[
https://issues.apache.org/jira/browse/HDFS-10436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15292544#comment-15292544
]
Yiqun Lin edited comment on HDFS-10436 at 5/20/16 2:12 AM:
-----------------------------------------------------------
HI,[~aw], thanks for reporting this. I agree with you. If the UGI security is
enabled and you forget to enable the {{dfs.block.access.token.enable}}, then
still use the default value(here is false). And it will return null here. Like
these:
{code}
private static BlockTokenSecretManager createBlockTokenSecretManager(
final Configuration conf) throws IOException {
final boolean isEnabled = conf.getBoolean(
DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY,
DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_DEFAULT);
LOG.info(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY + "=" + isEnabled);
if (!isEnabled) {
if (UserGroupInformation.isSecurityEnabled()) {
String errMessage = "Security is enabled but block access tokens " +
"(via " + DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY + ") " +
"aren't enabled. This may cause issues " +
"when clients attempt to connect to a DataNode. Aborting NameNode";
throw new IOException(errMessage);
}
return null;
}
{code}
In {{DataNode#checkSecureConfig}}, there is also a similar problem. Attach a
patch for this later.
was (Author: linyiqun):
HI,[~aw], thanks for reporting this. I agree with you. If the UGI security is
enabled and you forget to enable the {{dfs.block.access.token.enable}}, then
still use the default value(here is false). And it will cause the IOException.
Like these:
{code}
private static BlockTokenSecretManager createBlockTokenSecretManager(
final Configuration conf) throws IOException {
final boolean isEnabled = conf.getBoolean(
DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY,
DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_DEFAULT);
LOG.info(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY + "=" + isEnabled);
if (!isEnabled) {
if (UserGroupInformation.isSecurityEnabled()) {
String errMessage = "Security is enabled but block access tokens " +
"(via " + DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY + ") " +
"aren't enabled. This may cause issues " +
"when clients attempt to connect to a DataNode. Aborting NameNode";
throw new IOException(errMessage);
}
return null;
}
{code}
In {{DataNode#checkSecureConfig}}, there is also a similar problem. Attach a
patch for this.
> dfs.block.access.token.enable should default on when security is !simple
> ------------------------------------------------------------------------
>
> Key: HDFS-10436
> URL: https://issues.apache.org/jira/browse/HDFS-10436
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: datanode, namenode
> Affects Versions: 3.0.0-alpha1
> Reporter: Allen Wittenauer
> Assignee: Yiqun Lin
>
> Unless there is a valid configuration where dfs.block.access.token.enable is
> off and security is on, then rather than shutdown we should just enable the
> block access tokens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
