[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13879136#comment-13879136
]
Brandon Li commented on HDFS-2264:
--
+1 for the branch-1 patch.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Fix For: 2.0.3-alpha
Attachments: HDFS-2264.b1.patch, HDFS-2264.patch, HDFS-2264.patch,
HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13829180#comment-13829180
]
Jing Zhao commented on HDFS-2264:
-
The backported patch passed all the unit tests in my local machine, except
TestStorageRestore which also failed without the patch.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Fix For: 2.0.3-alpha
Attachments: HDFS-2264.b1.patch, HDFS-2264.patch, HDFS-2264.patch,
HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13528870#comment-13528870
]
Hudson commented on HDFS-2264:
--
Integrated in Hadoop-Yarn-trunk #62 (See
[https://builds.apache.org/job/Hadoop-Yarn-trunk/62/])
HDFS-2264. NamenodeProtocol has the wrong value for clientPrincipal in
KerberosInfo annotation. Contributed by Aaron T. Myers. (Revision 1419949)
Result = FAILURE
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1419949
Files :
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Fix For: 2.0.3-alpha
Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13528935#comment-13528935
]
Hudson commented on HDFS-2264:
--
Integrated in Hadoop-Hdfs-trunk #1251 (See
[https://builds.apache.org/job/Hadoop-Hdfs-trunk/1251/])
HDFS-2264. NamenodeProtocol has the wrong value for clientPrincipal in
KerberosInfo annotation. Contributed by Aaron T. Myers. (Revision 1419949)
Result = FAILURE
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1419949
Files :
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Fix For: 2.0.3-alpha
Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13528985#comment-13528985
]
Hudson commented on HDFS-2264:
--
Integrated in Hadoop-Mapreduce-trunk #1282 (See
[https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1282/])
HDFS-2264. NamenodeProtocol has the wrong value for clientPrincipal in
KerberosInfo annotation. Contributed by Aaron T. Myers. (Revision 1419949)
Result = SUCCESS
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1419949
Files :
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Fix For: 2.0.3-alpha
Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13528523#comment-13528523
]
Todd Lipcon commented on HDFS-2264:
---
Patch looks good to me. +1
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13528551#comment-13528551
]
Hudson commented on HDFS-2264:
--
Integrated in Hadoop-trunk-Commit #3109 (See
[https://builds.apache.org/job/Hadoop-trunk-Commit/3109/])
HDFS-2264. NamenodeProtocol has the wrong value for clientPrincipal in
KerberosInfo annotation. Contributed by Aaron T. Myers. (Revision 1419949)
Result = SUCCESS
atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1419949
Files :
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Fix For: 2.0.3-alpha
Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13526426#comment-13526426
]
Daryn Sharp commented on HDFS-2264:
---
I think the change generally looks ok if the test failure is unrelated, but I'd
suggest splitting out the HA changes or redefining the jira.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Attachments: HDFS-2264.patch, HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13526680#comment-13526680
]
Hadoop QA commented on HDFS-2264:
-
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12559903/HDFS-2264.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-hdfs-project/hadoop-hdfs.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HDFS-Build/3620//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3620//console
This message is automatically generated.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13526703#comment-13526703
]
Aaron T. Myers commented on HDFS-2264:
--
The test failure was unrelated and was fixed by HDFS-4282. No tests are
included in this patch since Kerberos is required to test this stuff out.
Daryn, how does this patch look now?
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13526146#comment-13526146
]
Hadoop QA commented on HDFS-2264:
-
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12559800/HDFS-2264.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-hdfs-project/hadoop-hdfs:
org.apache.hadoop.hdfs.server.namenode.TestEditLog
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HDFS-Build/3619//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3619//console
This message is automatically generated.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.0.2-alpha
Reporter: Aaron T. Myers
Assignee: Aaron T. Myers
Attachments: HDFS-2264.patch, HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13493698#comment-13493698
]
Jitendra Nath Pandey commented on HDFS-2264:
I think that is fine. What do you think about configuring ACL for this
protocol, where only superuser group is allowed?
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.24.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13492748#comment-13492748
]
Aaron T. Myers commented on HDFS-2264:
--
Hi Jitendra, does the above approach sound OK to you?
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.24.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13479684#comment-13479684
]
Jitendra Nath Pandey commented on HDFS-2264:
Hey Aaron, sorry for taking this long before responding. I think the general
issue here is that for these protocols, annotation for a single client is too
restrictive. We should support being able to configure multiple clients, or a
group.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.24.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13443610#comment-13443610
]
Aaron T. Myers commented on HDFS-2264:
--
Hey Jitendra, sorry for forgetting about this JIRA for so long (almost exactly
a year!)
I just encountered this issue again in a user's cluster. My new thinking is
that we should just remove the expected client principal from the
NamenodeProtocol entirely. I think this makes sense the 2NN, SBN, BN, and
balancer all potentially use this interface, so there's no single client
principal that could reasonably be expected. The balancer, in particular,
should be able to be run from any node, even one not running a daemon at all.
I think to do what I propose here all we have to do is remove the
clientPrincipal parameter from the SecurityInfo annotation on the
NamenodeProtocol, and make sure that all of the methods exposed by this
interface definitely check for super user privileges. I think most of them do,
but we should ensure that they all do.
How does this sound to you?
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.24.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13091641#comment-13091641
]
Jitendra Nath Pandey commented on HDFS-2264:
I think for vip failover same kerberos principal like hdfs/vip-hostn...@bar.com
should be used. For some other failover scheme a different principal may work
but using same principal except for the hostname as in hdfs/_h...@bar.com, will
be simpler.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.23.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13092067#comment-13092067
]
Aaron T. Myers commented on HDFS-2264:
--
Yep, I think we're in agreement then. Thanks, Jitendra.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.23.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13091425#comment-13091425
]
Aaron T. Myers commented on HDFS-2264:
--
bq. In the context of HA, BN should be using same principal as the primary
namenode, because on a failover, it becomes the primary.
When you say use the same principal, do you mean the same configured value of
dfs.namenode.kerberos.principal ? Or literally the same Kerberos principal,
e.g. hdfs/host1.foo.bar@bar.com ?
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.23.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13089769#comment-13089769
]
Aaron T. Myers commented on HDFS-2264:
--
Hey Harsh, that seems like a fine plan to me.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.23.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13086521#comment-13086521
]
Jitendra Nath Pandey commented on HDFS-2264:
NamenodeProtocol is also used by Balancer. If we put SNN config in
clientPrincipal, we will be forced to run Balancer with SNN principal. An
alternative fix could be to use protocolAcl.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.23.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13086567#comment-13086567
]
Aaron T. Myers commented on HDFS-2264:
--
Good point, Jitendra.
I notice, however, that the balancer only appears to use the
{{versionRequest}}, {{getBlockKeys}}, and {{getBlocks}} methods of the
{{NamenodeProtocol}}. Of these, I believe the 2NN only uses {{versionRequest}}.
Might it make sense, then, to move the {{getBlockKeys}} and {{getBlocks}}
methods out of {{NamenodeProtocol}} and add a new protocol interface, perhaps
{{BalancerProtocol}}?
It seems to me now that {{getBlockKeys}} and {{getBlocks}} should have never
been added to {{NamenodeProtocol}} in the first place. At least, the comment at
the top of {{NamenodeProtocol}} is incorrect with those methods in there:
{code}
/*
* Protocol that a secondary NameNode uses to communicate with the NameNode.
* It's used to get part of the name node state
*/
{code}
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.23.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13086752#comment-13086752
]
Jitendra Nath Pandey commented on HDFS-2264:
I missed to mention earlier that Checkpointer and BackupNode are also using
this protocol. Although, it is reasonable that SNN and Balancer should use
different protocols but we should not add different protocols for each of
these. Protocol Acls solve this issue, and will allow different principals for
different clients talking NamenodeProtocol to the namenode.
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.23.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13086801#comment-13086801
]
Harsh J commented on HDFS-2264:
---
Thanks [~jnp] and [~atm], so since BN/CN are not available on the 0.20 branch,
can we introduce changes that split out balancer methods to its own protocol
and then applies separated configs to namenode protocol and balancer protocols
for their individual principals? I can open a new JIRA for the proto split if
this is OK.
Also, its highly unlikely that more than 1 of SNN/BN/CN run on the same node,
so a generic 'checkpoint'-ish configuration can also make sense here, which all
three nodes can share.
The other, last way is as you propose, to get rid of the clientPrincipal
altogether and use only acls.
I feel going with a split + separated config for nodes + balancer would be a
good way, thoughts?
NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo
annotation
---
Key: HDFS-2264
URL: https://issues.apache.org/jira/browse/HDFS-2264
Project: Hadoop HDFS
Issue Type: Bug
Components: name-node
Affects Versions: 0.23.0
Reporter: Aaron T. Myers
Assignee: Harsh J
Fix For: 0.23.0
Attachments: HDFS-2264.r1.diff
The {{@KerberosInfo}} annotation specifies the expected server and client
principals for a given protocol in order to look up the correct principal
name from the config. The {{NamenodeProtocol}} has the wrong value for the
client config key. This wasn't noticed because most setups actually use the
same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}),
in which the {{_HOST}} part gets replaced at run-time. This bug therefore
only manifests itself on secure setups which explicitly specify the NN and
2NN principals.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
