[jira] [Comment Edited] (HDFS-14129) RBF: Create new policy provider for router
[
https://issues.apache.org/jira/browse/HDFS-14129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16742984#comment-16742984
]
Surendra Singh Lilhore edited comment on HDFS-14129 at 1/15/19 11:20 AM:
-
Thanks [~RANith] for contribution!. Thanks [~elgoiri] for review.
Committed in HDFS-13891 branch.
was (Author: surendrasingh):
Thanks [~RANith] for contribution!.
Thanks [~elgoiri] for review.
> RBF: Create new policy provider for router
> --
>
> Key: HDFS-14129
> URL: https://issues.apache.org/jira/browse/HDFS-14129
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode
>Affects Versions: HDFS-13532
>Reporter: Surendra Singh Lilhore
>Assignee: Ranith Sardar
>Priority: Major
> Fix For: HDFS-13891
>
> Attachments: HDFS-14129-HDFS-13891.001.patch,
> HDFS-14129-HDFS-13891.002.patch, HDFS-14129-HDFS-13891.003.patch,
> HDFS-14129-HDFS-13891.004.patch, HDFS-14129-HDFS-13891.005.patch,
> HDFS-14129-HDFS-13891.006.patch, HDFS-14129-HDFS-13891.006.patch,
> HDFS-14129-HDFS-13891.007.patch, HDFS-14129-HDFS-13891.008.patch,
> HDFS-14129-HDFS-13891.008.patch, HDFS-14129-HDFS-13891.009.patch,
> HDFS-14129-HDFS-13891.010.patch, HDFS-14129-HDFS-13891.011.patch,
> HDFS-14129-HDFS-13891.012.patch
>
>
> Router is using *{{HDFSPolicyProvider}}*. We can't add new protocol in this
> class for router, its better to create in policy provider for Router.
> {code:java}
> // Set service-level authorization security policy
> if (conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false)) {
> this.adminServer.refreshServiceAcl(conf, new HDFSPolicyProvider());
> }
> {code}
> I got this issue when I am verified HDFS-14079 with secure cluster.
> {noformat}
> ./bin/hdfs dfsrouteradmin -ls /
> ls: Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol
> is not known.
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol is
> not known.
> at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1520)
> at org.apache.hadoop.ipc.Client.call(Client.java:1466)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HDFS-14129) RBF: Create new policy provider for router
[
https://issues.apache.org/jira/browse/HDFS-14129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16727585#comment-16727585
]
Ranith Sardar edited comment on HDFS-14129 at 12/22/18 11:47 PM:
-
Updated the Patch.
{quote}UT should verify the "security.router.admin.protocol.acl" property. You
can configure property with some dummy value{quote}UT verified with
"*security.router.admin.protocol.acl*" "*security.client.protocol.acl*". As
RouterPolicyProvider extending HDFSPolicyProvider, Checked with properties of
HDFSPolicyProvider.
Please check once.
was (Author: ranith):
Updated the Patch.
{quote}quoted text{quote}UT verified with
"*security.router.admin.protocol.acl*" "*security.client.protocol.acl*". As
RouterPolicyProvider extending HDFSPolicyProvider, Checked with properties of
HDFSPolicyProvider.
Please check once.
> RBF: Create new policy provider for router
> --
>
> Key: HDFS-14129
> URL: https://issues.apache.org/jira/browse/HDFS-14129
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode
>Affects Versions: HDFS-13532
>Reporter: Surendra Singh Lilhore
>Assignee: Ranith Sardar
>Priority: Major
> Attachments: HDFS-14129-HDFS-13891.001.patch,
> HDFS-14129-HDFS-13891.002.patch, HDFS-14129-HDFS-13891.003.patch
>
>
> Router is using *{{HDFSPolicyProvider}}*. We can't add new protocol in this
> class for router, its better to create in policy provider for Router.
> {code:java}
> // Set service-level authorization security policy
> if (conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false)) {
> this.adminServer.refreshServiceAcl(conf, new HDFSPolicyProvider());
> }
> {code}
> I got this issue when I am verified HDFS-14079 with secure cluster.
> {noformat}
> ./bin/hdfs dfsrouteradmin -ls /
> ls: Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol
> is not known.
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol is
> not known.
> at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1520)
> at org.apache.hadoop.ipc.Client.call(Client.java:1466)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HDFS-14129) RBF: Create new policy provider for router
[
https://issues.apache.org/jira/browse/HDFS-14129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16714310#comment-16714310
]
Surendra Singh Lilhore edited comment on HDFS-14129 at 12/10/18 5:37 AM:
-
Thanks [~RANith] for patch
Some comments from my side
1. Change this property to "*security.router.admin.protocol.acl*".
{code:java}
+ public static final String SECURITY_ROUTERADMIN_PROTOCOL_ACL =
+ "security.routeradmin.protocol.acl";{code}
2. Please add {{InterfaceAudience}} for {{RouterPolicyProvider.}}
3. I think by mistake you given wrong protocol name here, pls change
{{ReconfigurationProtocol.class}} to {{RouterAdminProtocol.class}}
{code:java}
+ new Service(
+CommonConfigurationKeys.SECURITY_ROUTERADMIN_PROTOCOL_ACL,
+ReconfigurationProtocol.class){code}
4. Change Policy provider object in {{RouterRpcServer}} also.
5. Pls fix the check style, whitespace and find bugs warnings.
6. pls add UT for the change.
was (Author: surendrasingh):
Thanks [~RANith] for patch
Some comments from my side
1. Change this property to "*security.router.admin.protocol.acl*".
{code:java}
+ public static final String SECURITY_ROUTERADMIN_PROTOCOL_ACL =
+ "security.routeradmin.protocol.acl";{code}
2. Please add {{InterfaceAudience}} for {{RouterPolicyProvider.}}
3. I think by mistake you given wrong protocol name here, pls change
{{ReconfigurationProtocol.class}} to {{RouterAdminProtocol.class}}
{code:java}
+ new Service(
+CommonConfigurationKeys.SECURITY_ROUTERADMIN_PROTOCOL_ACL,
+ReconfigurationProtocol.class){code}
4. Change Policy provider object in {{RouterRpcServer}} also.
5. Pls fix the check style, whitespace and find bugs warnings.
> RBF: Create new policy provider for router
> --
>
> Key: HDFS-14129
> URL: https://issues.apache.org/jira/browse/HDFS-14129
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode
>Affects Versions: HDFS-13532
>Reporter: Surendra Singh Lilhore
>Assignee: Ranith Sardar
>Priority: Major
> Attachments: HDFS-14129-HDFS-13891.001.patch
>
>
> Router is using *{{HDFSPolicyProvider}}*. We can't add new protocol in this
> class for router, its better to create in policy provider for Router.
> {code:java}
> // Set service-level authorization security policy
> if (conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false)) {
> this.adminServer.refreshServiceAcl(conf, new HDFSPolicyProvider());
> }
> {code}
> I got this issue when I am verified HDFS-14079 with secure cluster.
> {noformat}
> ./bin/hdfs dfsrouteradmin -ls /
> ls: Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol
> is not known.
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> Protocol interface org.apache.hadoop.hdfs.protocolPB.RouterAdminProtocol is
> not known.
> at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1520)
> at org.apache.hadoop.ipc.Client.call(Client.java:1466)
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
