[
https://issues.apache.org/jira/browse/HDFS-3813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13469220#comment-13469220
]
Hadoop QA commented on HDFS-3813:
---------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12547690/HDFS-3813.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-hdfs-project/hadoop-hdfs.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HDFS-Build/3266//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3266//console
This message is automatically generated.
> Log error message if security and WebHDFS are enabled but principal/keytab
> are not configured
> ---------------------------------------------------------------------------------------------
>
> Key: HDFS-3813
> URL: https://issues.apache.org/jira/browse/HDFS-3813
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security, webhdfs
> Affects Versions: 2.0.0-alpha
> Reporter: Stephen Chu
> Assignee: Stephen Chu
> Labels: newbie
> Fix For: 3.0.0
>
> Attachments: HDFS-3813.patch
>
>
> I configured a secure HDFS cluster, but failed to start the NameNode because
> I had enabled WebHDFS without specifying
> _dfs.web.authentication.kerberos.principal_ in hdfs-site.xml.
> In the NN logs, I saw:
> {noformat}
> 2012-05-28 17:50:13,021 INFO
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler:
> Login using keytab /etc/hdfs.keytab, for principal
> HTTP/c1225.hal.cloudera....@hal.cloudera.com
> 2012-05-28 17:50:13,030 INFO
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler:
> Initialized, principal [HTTP/c1225.hal.cloudera....@hal.cloudera.com] from
> keytab [/etc/hdfs.keytab]
> 2012-05-28 17:50:13,031 WARN
> org.apache.hadoop.security.authentication.server.AuthenticationFilter:
> 'signature.secret' configuration not set, using a random value as secret
> 2012-05-28 17:50:13,032 WARN org.mortbay.log: failed SPNEGO:
> javax.servlet.ServletException: javax.servlet.ServletException: Principal not
> defined in configuration
> 2012-05-28 17:50:13,033 WARN org.mortbay.log: Failed startup of context
> org.mortbay.jetty.webapp.WebAppContext@21453d72{/,file:/usr/lib/hadoop-hdfs/webapps/hdfs}
> javax.servlet.ServletException: javax.servlet.ServletException: Principal not
> defined in configuration
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:185)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:146)
> at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at
> org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
> at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
> at
> org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
> at
> org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
> at
> org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at
> org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
> at
> org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at
> org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
> at org.mortbay.jetty.Server.doStart(Server.java:224)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at org.apache.hadoop.http.HttpServer.start(HttpServer.java:617)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer.start(NameNodeHttpServer.java:173)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.startHttpServer(NameNode.java:529)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.startCommonServices(NameNode.java:471)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.initialize(NameNode.java:434)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:590)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:571)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.createNameNode(NameNode.java:1134)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.main(NameNode.java:1193)
> Caused by: javax.servlet.ServletException: Principal not defined in
> configuration
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:146)
> ... 24 more
> 2012-05-28 17:50:13,034 WARN org.mortbay.log: Nested in
> javax.servlet.ServletException: javax.servlet.ServletException: Principal not
> defined in configuration:
> javax.servlet.ServletException: Principal not defined in configuration
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:146)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:146)
> at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at
> org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
> at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
> at
> org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
> at
> org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
> at
> org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at
> org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
> at
> org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at
> org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
> at org.mortbay.jetty.Server.doStart(Server.java:224)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at org.apache.hadoop.http.HttpServer.start(HttpServer.java:617)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer.start(NameNodeHttpServer.java:173)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.startHttpServer(NameNode.java:529)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.startCommonServices(NameNode.java:471)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.initialize(NameNode.java:434)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:590)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:571)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.createNameNode(NameNode.java:1134)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNode.main(NameNode.java:1193)
> 2012-05-28 17:50:13,041 INFO org.mortbay.log: Started
> selectchannelconnec...@c1225.hal.cloudera.com:50070
> 2012-05-28 17:50:13,041 INFO org.apache.hadoop.hdfs.server.namenode.NameNode:
> Web-server up at: c1225.hal.cloudera.com:50070
> 2012-05-28 17:50:13,042 INFO org.apache.hadoop.ipc.Server: IPC Server
> Responder: starting
> 2012-05-28 17:50:13,042 INFO org.apache.hadoop.ipc.Server: IPC Server
> listener on 17020: starting
> 2012-05-28 17:50:13,045 INFO org.apache.hadoop.hdfs.server.namenode.NameNode:
> NameNode up at: c1225.hal.cloudera.com/172.29.98.216:17020
> 2012-05-28 17:50:13,045 INFO
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem: Starting services
> required for standby state
> 2012-05-28 17:50:13,048 INFO
> org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer: Will roll logs on
> active node at c1226.hal.cloudera.com/172.29.98.217:17020 every 120 seconds.
> 2012-05-28 17:50:13,058 INFO
> org.apache.hadoop.hdfs.server.namenode.ha.StandbyCheckpointer: Starting
> standby checkpoint thread...
> Checkpointing active NN at c1226.hal.cloudera.com:50070
> Serving checkpoints at c1225.hal.cloudera.com/172.29.98.216:50070
> {noformat}
> I couldn't figure out what I had misconfigured, but ATM found that I was
> missing _dfs.web.authentication.kerberos.principal_.
> Logging an error if this property is not configured when WebHDFS and security
> are enabled would be useful for future users running into the same problem.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
