[jira] [Updated] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
[ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jing Zhao updated HADOOP-9880: -- Resolution: Fixed Fix Version/s: 2.1.1-beta Hadoop Flags: Reviewed Status: Resolved (was: Patch Available) I've committed this to trunk, branch-2 and branch-2.1-beta. > SASL changes from HADOOP-9421 breaks Secure HA NN > -- > > Key: HADOOP-9880 > URL: https://issues.apache.org/jira/browse/HADOOP-9880 > Project: Hadoop Common > Issue Type: Bug >Affects Versions: 2.1.0-beta >Reporter: Kihwal Lee >Assignee: Daryn Sharp >Priority: Blocker > Fix For: 2.1.1-beta > > Attachments: HADOOP-9880.patch > > > buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. > When create() is called against it, secretManager.checkAvailableForRead() is > called, which fails in HA standby. Thus HA standby nodes cannot be > transitioned to active. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
[ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kihwal Lee updated HADOOP-9880: --- Target Version/s: 2.1.1-beta (was: 2.1.0-beta) > SASL changes from HADOOP-9421 breaks Secure HA NN > -- > > Key: HADOOP-9880 > URL: https://issues.apache.org/jira/browse/HADOOP-9880 > Project: Hadoop Common > Issue Type: Bug >Affects Versions: 2.1.0-beta >Reporter: Kihwal Lee >Assignee: Daryn Sharp >Priority: Blocker > Attachments: HADOOP-9880.patch > > > buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. > When create() is called against it, secretManager.checkAvailableForRead() is > called, which fails in HA standby. Thus HA standby nodes cannot be > transitioned to active. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
[ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daryn Sharp updated HADOOP-9880: Status: Patch Available (was: Open) > SASL changes from HADOOP-9421 breaks Secure HA NN > -- > > Key: HADOOP-9880 > URL: https://issues.apache.org/jira/browse/HADOOP-9880 > Project: Hadoop Common > Issue Type: Bug >Affects Versions: 2.1.0-beta >Reporter: Kihwal Lee >Assignee: Daryn Sharp >Priority: Blocker > Attachments: HADOOP-9880.patch > > > buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. > When create() is called against it, secretManager.checkAvailableForRead() is > called, which fails in HA standby. Thus HA standby nodes cannot be > transitioned to active. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
[
https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daryn Sharp updated HADOOP-9880:
Attachment: HADOOP-9880.patch
This is slightly more appealing hack than HDFS-3083.
I've moved the call to the NN-specific {{checkAvailableForRead}} from the RPC
layer into the NN's secret manager so it's only called when token auth is being
performed.
However, the current method signatures only allow {{InvalidToken}} to be
thrown. So rather than change a bunch of signatures that may impact other
projects, I've tunneled the {{StandyException}} in the cause of an
{{InvalidToken}}. The RPC server will unwrap the nested exception.
> SASL changes from HADOOP-9421 breaks Secure HA NN
> --
>
> Key: HADOOP-9880
> URL: https://issues.apache.org/jira/browse/HADOOP-9880
> Project: Hadoop Common
> Issue Type: Bug
>Affects Versions: 2.1.0-beta
>Reporter: Kihwal Lee
>Assignee: Daryn Sharp
>Priority: Blocker
> Attachments: HADOOP-9880.patch
>
>
> buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth.
> When create() is called against it, secretManager.checkAvailableForRead() is
> called, which fails in HA standby. Thus HA standby nodes cannot be
> transitioned to active.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-9880) SASL changes from HADOOP-9421 breaks Secure HA NN
[ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sanjay Radia updated HADOOP-9880: - Summary: SASL changes from HADOOP-9421 breaks Secure HA NN (was: RPC Server should not unconditionally create SaslServer with Token auth.) > SASL changes from HADOOP-9421 breaks Secure HA NN > -- > > Key: HADOOP-9880 > URL: https://issues.apache.org/jira/browse/HADOOP-9880 > Project: Hadoop Common > Issue Type: Bug >Affects Versions: 2.1.0-beta >Reporter: Kihwal Lee >Priority: Blocker > > buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. > When create() is called against it, secretManager.checkAvailableForRead() is > called, which fails in HA standby. Thus HA standby nodes cannot be > transitioned to active. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
