[
https://issues.apache.org/jira/browse/HDDS-10328?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang updated HDDS-10328:
-----------------------------------
Description:
When issuing Ozone commands across clusters in different Kerberos realm, it
produces the following error:
{noformat}
# hdfs dfs -ls ofs://ozone1707264383/
24/02/07 18:47:36 INFO retry.RetryInvocationHandler:
com.google.protobuf.ServiceException: java.io.IOException: DestHost:destPort
ccycloud-1.weichiu-dst.root.comops.site:9862 , LocalHost:localPort
ccycloud-1.weichiu-src.local/10.140.99.144:0. Failed on local exception:
java.io.IOException: Couldn't set up IO streams:
java.lang.IllegalArgumentException: Server has invalid Kerberos principal:
om/[email protected], expecting:
OM/ccycloud-1.weichiu-dst.local@REALM, while invoking $Proxy10.submitRequest
over nodeId=om26,nodeAddress=ccycloud-1.weichiu-dst.local:9862 after 3 failover
attempts. Trying to failover immediately.
{noformat}
This is because ozone.om.kerberos.principal is not defined properly.
On the contrary, HDFS does not have this issue because HDFS-7546 already added
the default value for dfs.namenode.kerberos.principal.pattern which is wildcard.
We should do the same for ozone.om.kerberos.principal.pattern.
was:
When issuing Ozone commands across clusters in different Kerberos realm, it
produces the following error:
{noformat}
# hdfs dfs -ls ofs://ozone1707264383/
24/02/07 18:47:36 INFO retry.RetryInvocationHandler:
com.google.protobuf.ServiceException: java.io.IOException: DestHost:destPort
ccycloud-1.weichiu-dst.root.comops.site:9862 , LocalHost:localPort
ccycloud-1.weichiu-src.local/10.140.99.144:0. Failed on local exception:
java.io.IOException: Couldn't set up IO streams:
java.lang.IllegalArgumentException: Server has invalid Kerberos principal:
om/[email protected], expecting:
OM/ccycloud-1.weichiu-dst.local@REALM, while invoking $Proxy10.submitRequest
over nodeId=om26,nodeAddress=ccycloud-1.weichiu-dst.local:9862 after 3 failover
attempts. Trying to failover immediately.
{noformat}
This is because ozone.om.kerberos.principal is not defined properly.
On the contrary, HDFS does not have this issue because HDFS-7546 already added
the default value for dfs.namenode.kerberos.principal.pattern which is wildcard.
We should do the same for ozone.om.kerberos.principal.
> Add the default value for configuration property ozone.om.kerberos.principal
> to support cross realm
> ---------------------------------------------------------------------------------------------------
>
> Key: HDDS-10328
> URL: https://issues.apache.org/jira/browse/HDDS-10328
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Priority: Major
>
> When issuing Ozone commands across clusters in different Kerberos realm, it
> produces the following error:
> {noformat}
> # hdfs dfs -ls ofs://ozone1707264383/
> 24/02/07 18:47:36 INFO retry.RetryInvocationHandler:
> com.google.protobuf.ServiceException: java.io.IOException: DestHost:destPort
> ccycloud-1.weichiu-dst.root.comops.site:9862 , LocalHost:localPort
> ccycloud-1.weichiu-src.local/10.140.99.144:0. Failed on local exception:
> java.io.IOException: Couldn't set up IO streams:
> java.lang.IllegalArgumentException: Server has invalid Kerberos principal:
> om/[email protected], expecting:
> OM/ccycloud-1.weichiu-dst.local@REALM, while invoking $Proxy10.submitRequest
> over nodeId=om26,nodeAddress=ccycloud-1.weichiu-dst.local:9862 after 3
> failover attempts. Trying to failover immediately.
> {noformat}
> This is because ozone.om.kerberos.principal is not defined properly.
> On the contrary, HDFS does not have this issue because HDFS-7546 already
> added the default value for dfs.namenode.kerberos.principal.pattern which is
> wildcard.
> We should do the same for ozone.om.kerberos.principal.pattern.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
