[ 
https://issues.apache.org/jira/browse/HDFS-14017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16672008#comment-16672008
 ] 

Chen Liang commented on HDFS-14017:
-----------------------------------

Post v001 patch. The patch is to address two things:
1. To work with IPFailover proxy provider. Basically, to address the two issues 
mentioned in the description part. The key issue is that in IPFailover, 
currently, client is only aware of the virtual IP. But with Observer read, the 
client needs to know all the NN addresses, so client can no longer only use 
defaultFS, but needs to check for all configured RPC addresses.
2. To work with delegation token. Both NN only issue DT with the virtual IP, in 
current IPFailover, since client only talks to the virtual IP, so this is fine. 
But in Observer read, when client actually tries to reach to a NN, it will be 
looking for DT with the physical address of that particular NN, causing the 
client to skip the DT it was given (which has the virtual IP). The solution in 
the patch, is the same as how current ConfiguredFailoverProxy works, it clones 
the DT of the virtual address to all the other configured addresses.

On a side note, with this change, ObserverReadProxyProviderWithIPFailover works 
in a very similar way as Configured failover, (again, because Observer read 
client will look for physical addresses of all NNs, which is already not 
IPFailover is for), only that it works with IPFailover configurations. 

> ObserverReadProxyProviderWithIPFailover should work with HA configuration
> -------------------------------------------------------------------------
>
>                 Key: HDFS-14017
>                 URL: https://issues.apache.org/jira/browse/HDFS-14017
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>            Reporter: Chen Liang
>            Assignee: Chen Liang
>            Priority: Major
>         Attachments: HDFS-14017-HDFS-12943.001.patch
>
>
> Currently {{ObserverReadProxyProviderWithIPFailover}} extends 
> {{ObserverReadProxyProvider}}, and the only difference is changing the proxy 
> factory to use {{IPFailoverProxyProvider}}. However this is not enough 
> because when calling constructor of {{ObserverReadProxyProvider}} in 
> super(...), the follow line:
> {code:java}
> nameNodeProxies = getProxyAddresses(uri,
>         HdfsClientConfigKeys.DFS_NAMENODE_RPC_ADDRESS_KEY);
> {code}
> will try to resolve the all configured NN addresses to do configured 
> failover. But in the case of IPFailover, this does not really apply.
>  
> A second issue closely related is about delegation token. For example, in 
> current IPFailover setup, say we have a virtual host nn.xyz.com, which points 
> to either of two physical nodes nn1.xyz.com or nn2.xyz.com. In current HDFS, 
> there is always only one DT being exchanged, which has hostname nn.xyz.com. 
> Server only issues this DT, and client only knows the host nn.xyz.com, so all 
> is good. But in Observer read, even with IPFailover, the client will no 
> longer contacting nn.xyz.com, but will actively reaching to nn1.xyz.com and 
> nn2.xyz.com. During this process, current code will look for DT associated 
> with hostname nn1.xyz.com or nn2.xyz.com, which is different from the DT 
> given by NN. causing Token authentication to fail. This happens in 
> {{AbstractDelegationTokenSelector#selectToken}}. New IPFailover proxy 
> provider will need to resolve this as well.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to