[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13879136#comment-13879136 ] Brandon Li commented on HDFS-2264: -- +1 for the branch-1 patch. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Fix For: 2.0.3-alpha Attachments: HDFS-2264.b1.patch, HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13829180#comment-13829180 ] Jing Zhao commented on HDFS-2264: - The backported patch passed all the unit tests in my local machine, except TestStorageRestore which also failed without the patch. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Fix For: 2.0.3-alpha Attachments: HDFS-2264.b1.patch, HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13528870#comment-13528870 ] Hudson commented on HDFS-2264: -- Integrated in Hadoop-Yarn-trunk #62 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/62/]) HDFS-2264. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation. Contributed by Aaron T. Myers. (Revision 1419949) Result = FAILURE atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1419949 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Fix For: 2.0.3-alpha Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13528935#comment-13528935 ] Hudson commented on HDFS-2264: -- Integrated in Hadoop-Hdfs-trunk #1251 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1251/]) HDFS-2264. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation. Contributed by Aaron T. Myers. (Revision 1419949) Result = FAILURE atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1419949 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Fix For: 2.0.3-alpha Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13528985#comment-13528985 ] Hudson commented on HDFS-2264: -- Integrated in Hadoop-Mapreduce-trunk #1282 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1282/]) HDFS-2264. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation. Contributed by Aaron T. Myers. (Revision 1419949) Result = SUCCESS atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1419949 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Fix For: 2.0.3-alpha Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13528523#comment-13528523 ] Todd Lipcon commented on HDFS-2264: --- Patch looks good to me. +1 NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13528551#comment-13528551 ] Hudson commented on HDFS-2264: -- Integrated in Hadoop-trunk-Commit #3109 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/3109/]) HDFS-2264. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation. Contributed by Aaron T. Myers. (Revision 1419949) Result = SUCCESS atm : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1419949 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Fix For: 2.0.3-alpha Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13526426#comment-13526426 ] Daryn Sharp commented on HDFS-2264: --- I think the change generally looks ok if the test failure is unrelated, but I'd suggest splitting out the HA changes or redefining the jira. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Attachments: HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13526680#comment-13526680 ] Hadoop QA commented on HDFS-2264: - {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12559903/HDFS-2264.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:red}-1 tests included{color}. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in hadoop-hdfs-project/hadoop-hdfs. {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/3620//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3620//console This message is automatically generated. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13526703#comment-13526703 ] Aaron T. Myers commented on HDFS-2264: -- The test failure was unrelated and was fixed by HDFS-4282. No tests are included in this patch since Kerberos is required to test this stuff out. Daryn, how does this patch look now? NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Attachments: HDFS-2264.patch, HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13526146#comment-13526146 ] Hadoop QA commented on HDFS-2264: - {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12559800/HDFS-2264.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:red}-1 tests included{color}. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.hdfs.server.namenode.TestEditLog {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/3619//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3619//console This message is automatically generated. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.0.2-alpha Reporter: Aaron T. Myers Assignee: Aaron T. Myers Attachments: HDFS-2264.patch, HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13493698#comment-13493698 ] Jitendra Nath Pandey commented on HDFS-2264: I think that is fine. What do you think about configuring ACL for this protocol, where only superuser group is allowed? NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.24.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13492748#comment-13492748 ] Aaron T. Myers commented on HDFS-2264: -- Hi Jitendra, does the above approach sound OK to you? NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.24.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13479684#comment-13479684 ] Jitendra Nath Pandey commented on HDFS-2264: Hey Aaron, sorry for taking this long before responding. I think the general issue here is that for these protocols, annotation for a single client is too restrictive. We should support being able to configure multiple clients, or a group. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.24.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13443610#comment-13443610 ] Aaron T. Myers commented on HDFS-2264: -- Hey Jitendra, sorry for forgetting about this JIRA for so long (almost exactly a year!) I just encountered this issue again in a user's cluster. My new thinking is that we should just remove the expected client principal from the NamenodeProtocol entirely. I think this makes sense the 2NN, SBN, BN, and balancer all potentially use this interface, so there's no single client principal that could reasonably be expected. The balancer, in particular, should be able to be run from any node, even one not running a daemon at all. I think to do what I propose here all we have to do is remove the clientPrincipal parameter from the SecurityInfo annotation on the NamenodeProtocol, and make sure that all of the methods exposed by this interface definitely check for super user privileges. I think most of them do, but we should ensure that they all do. How does this sound to you? NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.24.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13091641#comment-13091641 ] Jitendra Nath Pandey commented on HDFS-2264: I think for vip failover same kerberos principal like hdfs/vip-hostn...@bar.com should be used. For some other failover scheme a different principal may work but using same principal except for the hostname as in hdfs/_h...@bar.com, will be simpler. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.23.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13092067#comment-13092067 ] Aaron T. Myers commented on HDFS-2264: -- Yep, I think we're in agreement then. Thanks, Jitendra. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.23.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13091425#comment-13091425 ] Aaron T. Myers commented on HDFS-2264: -- bq. In the context of HA, BN should be using same principal as the primary namenode, because on a failover, it becomes the primary. When you say use the same principal, do you mean the same configured value of dfs.namenode.kerberos.principal ? Or literally the same Kerberos principal, e.g. hdfs/host1.foo.bar@bar.com ? NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.23.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13089769#comment-13089769 ] Aaron T. Myers commented on HDFS-2264: -- Hey Harsh, that seems like a fine plan to me. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.23.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13086521#comment-13086521 ] Jitendra Nath Pandey commented on HDFS-2264: NamenodeProtocol is also used by Balancer. If we put SNN config in clientPrincipal, we will be forced to run Balancer with SNN principal. An alternative fix could be to use protocolAcl. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.23.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13086567#comment-13086567 ] Aaron T. Myers commented on HDFS-2264: -- Good point, Jitendra. I notice, however, that the balancer only appears to use the {{versionRequest}}, {{getBlockKeys}}, and {{getBlocks}} methods of the {{NamenodeProtocol}}. Of these, I believe the 2NN only uses {{versionRequest}}. Might it make sense, then, to move the {{getBlockKeys}} and {{getBlocks}} methods out of {{NamenodeProtocol}} and add a new protocol interface, perhaps {{BalancerProtocol}}? It seems to me now that {{getBlockKeys}} and {{getBlocks}} should have never been added to {{NamenodeProtocol}} in the first place. At least, the comment at the top of {{NamenodeProtocol}} is incorrect with those methods in there: {code} /* * Protocol that a secondary NameNode uses to communicate with the NameNode. * It's used to get part of the name node state */ {code} NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.23.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13086752#comment-13086752 ] Jitendra Nath Pandey commented on HDFS-2264: I missed to mention earlier that Checkpointer and BackupNode are also using this protocol. Although, it is reasonable that SNN and Balancer should use different protocols but we should not add different protocols for each of these. Protocol Acls solve this issue, and will allow different principals for different clients talking NamenodeProtocol to the namenode. NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.23.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
[ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13086801#comment-13086801 ] Harsh J commented on HDFS-2264: --- Thanks [~jnp] and [~atm], so since BN/CN are not available on the 0.20 branch, can we introduce changes that split out balancer methods to its own protocol and then applies separated configs to namenode protocol and balancer protocols for their individual principals? I can open a new JIRA for the proto split if this is OK. Also, its highly unlikely that more than 1 of SNN/BN/CN run on the same node, so a generic 'checkpoint'-ish configuration can also make sense here, which all three nodes can share. The other, last way is as you propose, to get rid of the clientPrincipal altogether and use only acls. I feel going with a split + separated config for nodes + balancer would be a good way, thoughts? NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation --- Key: HDFS-2264 URL: https://issues.apache.org/jira/browse/HDFS-2264 Project: Hadoop HDFS Issue Type: Bug Components: name-node Affects Versions: 0.23.0 Reporter: Aaron T. Myers Assignee: Harsh J Fix For: 0.23.0 Attachments: HDFS-2264.r1.diff The {{@KerberosInfo}} annotation specifies the expected server and client principals for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}} has the wrong value for the client config key. This wasn't noticed because most setups actually use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on secure setups which explicitly specify the NN and 2NN principals. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira