[
https://issues.apache.org/jira/browse/HDFS-3618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15816079#comment-15816079
]
Wei-Chiu Chuang edited comment on HDFS-3618 at 1/10/17 8:35 PM:
----------------------------------------------------------------
I like the idea of making ssh fencing command configurable.
* Is it vulnerable to remote command injection?
* Some Linux distro do not support nc with -z option. Should we also make that
configurable? Like for example, make default value of
{{dfs.ha.fencing.ssh.nc-command}} as {{nc -z}}.
Please also consider making it more portable to other Linux distros or other
platforms, so that it's easier to workaround future issues like this :)
was (Author: jojochuang):
I like the idea of making ssh fencing command configurable.
* Is it vulnerable to remote command injection?
* Some Linux distro do not support nc with -z option. Should we also make that
configurable? Like for example, make default value of
{{dfs.ha.fencing.ssh.nc-command}} as {{nc -z}}.
> SSH fencing option may incorrectly succeed if nc (netcat) command not present
> -----------------------------------------------------------------------------
>
> Key: HDFS-3618
> URL: https://issues.apache.org/jira/browse/HDFS-3618
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: auto-failover
> Affects Versions: 2.0.0-alpha
> Reporter: Brahma Reddy Battula
> Assignee: Vinayakumar B
> Labels: BB2015-05-TBR
> Attachments: HDFS-3618-04.patch, HDFS-3618.patch, HDFS-3618.patch,
> HDFS-3618.patch, zkfc.txt, zkfc_threaddump.out
>
>
> Started NN's and zkfc's in Suse11.
> Suse11 will have netcat installation and netcat -z will work(but nc -z wn't
> work)..
> While executing following command, got command not found hence rc will be
> other than zero and assuming that server was down..Here we are ending up
> without checking whether service is down or not..
> {code}
> LOG.info(
> "Indeterminate response from trying to kill service. " +
> "Verifying whether it is running using nc...");
> rc = execCommand(session, "nc -z " + serviceAddr.getHostName() +
> " " + serviceAddr.getPort());
> if (rc == 0) {
> // the service is still listening - we are unable to fence
> LOG.warn("Unable to fence - it is running but we cannot kill it");
> return false;
> } else {
> LOG.info("Verified that the service is down.");
> return true;
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
