[
https://issues.apache.org/jira/browse/HDFS-13972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16810023#comment-16810023
]
CR Hota commented on HDFS-13972:
--------------------------------
[~elgoiri] Thanks for taking a look.
getDatanodeReport in secured cluster will need superuser creds irrespective of
code path. In chooseDatanode there is loginUser.doAs which is fundamentally
using user creds and NOT superuser creds. Even if that is removed,
RouterRpcClient will still use ugi that belongs to end user and not router
superuser in the invokeConcurrent method. This happens because ugi is
constructed in RouterRpcClient by doing
{code:java}
final UserGroupInformation ugi = RouterRpcServer.getRemoteUser();
{code}
Hence this change is necessary for router to talk to namenode with super user
privilege. As per the change this is ONLY for getDatanodeReport.
> RBF: Support for Delegation Token (WebHDFS)
> -------------------------------------------
>
> Key: HDFS-13972
> URL: https://issues.apache.org/jira/browse/HDFS-13972
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Reporter: Íñigo Goiri
> Assignee: CR Hota
> Priority: Major
> Attachments: HDFS-13972-HDFS-13891.001.patch,
> HDFS-13972-HDFS-13891.002.patch, HDFS-13972-HDFS-13891.003.patch,
> HDFS-13972-HDFS-13891.004.patch, HDFS-13972-HDFS-13891.005.patch,
> HDFS-13972-HDFS-13891.006.patch, HDFS-13972-HDFS-13891.007.patch,
> HDFS-13972-HDFS-13891.008.patch, HDFS-13972-HDFS-13891.009.patch,
> HDFS-13972-HDFS-13891.010.patch, HDFS-13972-HDFS-13891.011.patch,
> TestRouterWebHDFSContractTokens.java
>
>
> HDFS Router should support issuing HDFS delegation tokens through WebHDFS.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
