[jira] [Updated] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
[ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jing Zhao updated HADOOP-9880: -- Resolution: Fixed Fix Version/s: 2.1.1-beta Hadoop Flags: Reviewed Status: Resolved (was: Patch Available) I've committed this to trunk, branch-2 and branch-2.1-beta. > SASL changes from HADOOP-9421 breaks Secure HA NN > -- > > Key: HADOOP-9880 > URL: https://issues.apache.org/jira/browse/HADOOP-9880 > Project: Hadoop Common > Issue Type: Bug >Affects Versions: 2.1.0-beta >Reporter: Kihwal Lee >Assignee: Daryn Sharp >Priority: Blocker > Fix For: 2.1.1-beta > > Attachments: HADOOP-9880.patch > > > buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. > When create() is called against it, secretManager.checkAvailableForRead() is > called, which fails in HA standby. Thus HA standby nodes cannot be > transitioned to active. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
[ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kihwal Lee updated HADOOP-9880: --- Target Version/s: 2.1.1-beta (was: 2.1.0-beta) > SASL changes from HADOOP-9421 breaks Secure HA NN > -- > > Key: HADOOP-9880 > URL: https://issues.apache.org/jira/browse/HADOOP-9880 > Project: Hadoop Common > Issue Type: Bug >Affects Versions: 2.1.0-beta >Reporter: Kihwal Lee >Assignee: Daryn Sharp >Priority: Blocker > Attachments: HADOOP-9880.patch > > > buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. > When create() is called against it, secretManager.checkAvailableForRead() is > called, which fails in HA standby. Thus HA standby nodes cannot be > transitioned to active. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
[ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daryn Sharp updated HADOOP-9880: Status: Patch Available (was: Open) > SASL changes from HADOOP-9421 breaks Secure HA NN > -- > > Key: HADOOP-9880 > URL: https://issues.apache.org/jira/browse/HADOOP-9880 > Project: Hadoop Common > Issue Type: Bug >Affects Versions: 2.1.0-beta >Reporter: Kihwal Lee >Assignee: Daryn Sharp >Priority: Blocker > Attachments: HADOOP-9880.patch > > > buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. > When create() is called against it, secretManager.checkAvailableForRead() is > called, which fails in HA standby. Thus HA standby nodes cannot be > transitioned to active. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
[ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daryn Sharp updated HADOOP-9880: Attachment: HADOOP-9880.patch This is slightly more appealing hack than HDFS-3083. I've moved the call to the NN-specific {{checkAvailableForRead}} from the RPC layer into the NN's secret manager so it's only called when token auth is being performed. However, the current method signatures only allow {{InvalidToken}} to be thrown. So rather than change a bunch of signatures that may impact other projects, I've tunneled the {{StandyException}} in the cause of an {{InvalidToken}}. The RPC server will unwrap the nested exception. > SASL changes from HADOOP-9421 breaks Secure HA NN > -- > > Key: HADOOP-9880 > URL: https://issues.apache.org/jira/browse/HADOOP-9880 > Project: Hadoop Common > Issue Type: Bug >Affects Versions: 2.1.0-beta >Reporter: Kihwal Lee >Assignee: Daryn Sharp >Priority: Blocker > Attachments: HADOOP-9880.patch > > > buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. > When create() is called against it, secretManager.checkAvailableForRead() is > called, which fails in HA standby. Thus HA standby nodes cannot be > transitioned to active. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
[ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sanjay Radia updated HADOOP-9880: - Summary: SASL changes from HADOOP-9421 breaks Secure HA NN (was: RPC Server should not unconditionally create SaslServer with Token auth.) > SASL changes from HADOOP-9421 breaks Secure HA NN > -- > > Key: HADOOP-9880 > URL: https://issues.apache.org/jira/browse/HADOOP-9880 > Project: Hadoop Common > Issue Type: Bug >Affects Versions: 2.1.0-beta >Reporter: Kihwal Lee >Priority: Blocker > > buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. > When create() is called against it, secretManager.checkAvailableForRead() is > called, which fails in HA standby. Thus HA standby nodes cannot be > transitioned to active. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira