[jira] [Comment Edited] (HDFS-14129) RBF: Create new policy provider for router
[ https://issues.apache.org/jira/browse/HDFS-14129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16742984#comment-16742984 ] Surendra Singh Lilhore edited comment on HDFS-14129 at 1/15/19 11:20 AM: - Thanks [~RANith] for contribution!. Thanks [~elgoiri] for review. Committed in HDFS-13891 branch. was (Author: surendrasingh): Thanks [~RANith] for contribution!. Thanks [~elgoiri] for review. > RBF: Create new policy provider for router > -- > > Key: HDFS-14129 > URL: https://issues.apache.org/jira/browse/HDFS-14129 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: namenode >Affects Versions: HDFS-13532 >Reporter: Surendra Singh Lilhore >Assignee: Ranith Sardar >Priority: Major > Fix For: HDFS-13891 > > Attachments: HDFS-14129-HDFS-13891.001.patch, > HDFS-14129-HDFS-13891.002.patch, HDFS-14129-HDFS-13891.003.patch, > HDFS-14129-HDFS-13891.004.patch, HDFS-14129-HDFS-13891.005.patch, > HDFS-14129-HDFS-13891.006.patch, HDFS-14129-HDFS-13891.006.patch, > HDFS-14129-HDFS-13891.007.patch, HDFS-14129-HDFS-13891.008.patch, > HDFS-14129-HDFS-13891.008.patch, HDFS-14129-HDFS-13891.009.patch, > HDFS-14129-HDFS-13891.010.patch, HDFS-14129-HDFS-13891.011.patch, > HDFS-14129-HDFS-13891.012.patch > > > Router is using *{{HDFSPolicyProvider}}*. We can't add new protocol in this > class for router, its better to create in policy provider for Router. > {code:java} > // Set service-level authorization security policy > if (conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false)) { > this.adminServer.refreshServiceAcl(conf, new HDFSPolicyProvider()); > } > {code} > I got this issue when I am verified HDFS-14079 with secure cluster. > {noformat} > ./bin/hdfs dfsrouteradmin -ls / > ls: Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol > is not known. > org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): > Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol is > not known. > at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1520) > at org.apache.hadoop.ipc.Client.call(Client.java:1466) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HDFS-14129) RBF: Create new policy provider for router
[ https://issues.apache.org/jira/browse/HDFS-14129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16727585#comment-16727585 ] Ranith Sardar edited comment on HDFS-14129 at 12/22/18 11:47 PM: - Updated the Patch. {quote}UT should verify the "security.router.admin.protocol.acl" property. You can configure property with some dummy value{quote}UT verified with "*security.router.admin.protocol.acl*" "*security.client.protocol.acl*". As RouterPolicyProvider extending HDFSPolicyProvider, Checked with properties of HDFSPolicyProvider. Please check once. was (Author: ranith): Updated the Patch. {quote}quoted text{quote}UT verified with "*security.router.admin.protocol.acl*" "*security.client.protocol.acl*". As RouterPolicyProvider extending HDFSPolicyProvider, Checked with properties of HDFSPolicyProvider. Please check once. > RBF: Create new policy provider for router > -- > > Key: HDFS-14129 > URL: https://issues.apache.org/jira/browse/HDFS-14129 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: namenode >Affects Versions: HDFS-13532 >Reporter: Surendra Singh Lilhore >Assignee: Ranith Sardar >Priority: Major > Attachments: HDFS-14129-HDFS-13891.001.patch, > HDFS-14129-HDFS-13891.002.patch, HDFS-14129-HDFS-13891.003.patch > > > Router is using *{{HDFSPolicyProvider}}*. We can't add new protocol in this > class for router, its better to create in policy provider for Router. > {code:java} > // Set service-level authorization security policy > if (conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false)) { > this.adminServer.refreshServiceAcl(conf, new HDFSPolicyProvider()); > } > {code} > I got this issue when I am verified HDFS-14079 with secure cluster. > {noformat} > ./bin/hdfs dfsrouteradmin -ls / > ls: Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol > is not known. > org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): > Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol is > not known. > at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1520) > at org.apache.hadoop.ipc.Client.call(Client.java:1466) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HDFS-14129) RBF: Create new policy provider for router
[ https://issues.apache.org/jira/browse/HDFS-14129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16714310#comment-16714310 ] Surendra Singh Lilhore edited comment on HDFS-14129 at 12/10/18 5:37 AM: - Thanks [~RANith] for patch Some comments from my side 1. Change this property to "*security.router.admin.protocol.acl*". {code:java} + public static final String SECURITY_ROUTERADMIN_PROTOCOL_ACL = + "security.routeradmin.protocol.acl";{code} 2. Please add {{InterfaceAudience}} for {{RouterPolicyProvider.}} 3. I think by mistake you given wrong protocol name here, pls change {{ReconfigurationProtocol.class}} to {{RouterAdminProtocol.class}} {code:java} + new Service( +CommonConfigurationKeys.SECURITY_ROUTERADMIN_PROTOCOL_ACL, +ReconfigurationProtocol.class){code} 4. Change Policy provider object in {{RouterRpcServer}} also. 5. Pls fix the check style, whitespace and find bugs warnings. 6. pls add UT for the change. was (Author: surendrasingh): Thanks [~RANith] for patch Some comments from my side 1. Change this property to "*security.router.admin.protocol.acl*". {code:java} + public static final String SECURITY_ROUTERADMIN_PROTOCOL_ACL = + "security.routeradmin.protocol.acl";{code} 2. Please add {{InterfaceAudience}} for {{RouterPolicyProvider.}} 3. I think by mistake you given wrong protocol name here, pls change {{ReconfigurationProtocol.class}} to {{RouterAdminProtocol.class}} {code:java} + new Service( +CommonConfigurationKeys.SECURITY_ROUTERADMIN_PROTOCOL_ACL, +ReconfigurationProtocol.class){code} 4. Change Policy provider object in {{RouterRpcServer}} also. 5. Pls fix the check style, whitespace and find bugs warnings. > RBF: Create new policy provider for router > -- > > Key: HDFS-14129 > URL: https://issues.apache.org/jira/browse/HDFS-14129 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: namenode >Affects Versions: HDFS-13532 >Reporter: Surendra Singh Lilhore >Assignee: Ranith Sardar >Priority: Major > Attachments: HDFS-14129-HDFS-13891.001.patch > > > Router is using *{{HDFSPolicyProvider}}*. We can't add new protocol in this > class for router, its better to create in policy provider for Router. > {code:java} > // Set service-level authorization security policy > if (conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false)) { > this.adminServer.refreshServiceAcl(conf, new HDFSPolicyProvider()); > } > {code} > I got this issue when I am verified HDFS-14079 with secure cluster. > {noformat} > ./bin/hdfs dfsrouteradmin -ls / > ls: Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol > is not known. > org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): > Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol is > not known. > at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1520) > at org.apache.hadoop.ipc.Client.call(Client.java:1466) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org