subject:"\[jira\] \[Updated\] \(HDFS\-10424\) DatanodeLifelineProtocol not able to use under security cluster"

[jira] [Updated] (HDFS-10424) DatanodeLifelineProtocol not able to use under security cluster

2016-05-19 Thread Chris Nauroth (JIRA)


 [ 
https://issues.apache.org/jira/browse/HDFS-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Chris Nauroth updated HDFS-10424:
-
Attachment: HDFS-10424.001.patch

[~gu chi], thank you for the bug report.  I was able to reproduce it in a 
secured cluster, and then I verified that the attached patch fixes it.

This patch also includes a new test suite designed to catch similar kinds of 
bugs in the future.  It works by scanning the list of protocol classes covered 
by {{HDFSPolicyProvider}} and then comparing that to *Protocol interfaces 
implemented by known RPC server classes.  If it finds a protocol interface 
implemented by a server, but not covered in the policy, then it fails.  This 
way, if we add new protocols, but forget to update {{HDFSPolicyProvider}}, then 
the test will fail during pre-commit.

Interestingly, this test immediately exposed another potential offender: 
{{ReconfigurationProtocol}}.  I've coded the test to skip checking that one for 
now in the interest of expediting the patch here.  I'll file a separate JIRA 
for follow-up on that one and contact contributors who have worked on 
reconfiguration.

> DatanodeLifelineProtocol not able to use under security cluster
> ---
>
> Key: HDFS-10424
> URL: https://issues.apache.org/jira/browse/HDFS-10424
> Project: Hadoop HDFS
>  Issue Type: Bug
>Affects Versions: 2.8.0
>Reporter: gu-chi
>Priority: Blocker
> Attachments: HDFS-10424.001.patch
>
>
> {quote}
> protocol org.apache.hadoop.hdfs.server.protocol.DatanodeLifelineProtocol is 
> unauthorized for user * (auth:KERBEROS) | Server.java:1979
> {quote}
> I am using security cluster authenticate with kerberos, as I checked the the 
> code, if security auth enabled, because the DatanodeLifelineProtocol is not 
> inside HDFSPolicyProvider, when authorize in ServiceAuthorizationManager, 
> AuthorizationException will be thrown at line 96.
> Please point me out if I am wrong



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Updated] (HDFS-10424) DatanodeLifelineProtocol not able to use under security cluster

2016-05-19 Thread Chris Nauroth (JIRA)


 [ 
https://issues.apache.org/jira/browse/HDFS-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Chris Nauroth updated HDFS-10424:
-
Status: Patch Available  (was: Open)

> DatanodeLifelineProtocol not able to use under security cluster
> ---
>
> Key: HDFS-10424
> URL: https://issues.apache.org/jira/browse/HDFS-10424
> Project: Hadoop HDFS
>  Issue Type: Bug
>Affects Versions: 2.8.0
>Reporter: gu-chi
>Priority: Blocker
> Attachments: HDFS-10424.001.patch
>
>
> {quote}
> protocol org.apache.hadoop.hdfs.server.protocol.DatanodeLifelineProtocol is 
> unauthorized for user * (auth:KERBEROS) | Server.java:1979
> {quote}
> I am using security cluster authenticate with kerberos, as I checked the the 
> code, if security auth enabled, because the DatanodeLifelineProtocol is not 
> inside HDFSPolicyProvider, when authorize in ServiceAuthorizationManager, 
> AuthorizationException will be thrown at line 96.
> Please point me out if I am wrong



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Updated] (HDFS-10424) DatanodeLifelineProtocol not able to use under security cluster

2016-05-19 Thread Chris Nauroth (JIRA)


 [ 
https://issues.apache.org/jira/browse/HDFS-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Chris Nauroth updated HDFS-10424:
-
Attachment: HDFS-10424-branch-2.8.001.patch

[~arpitagarwal], thank you for the code review.  I just noticed that I need a 
separate patch for branch-2.8, because {{ReconfigurationProtocol}} doesn't 
exist there.  I'm attaching that now.  Are you +1 for the branch-2.8 patch too?

> DatanodeLifelineProtocol not able to use under security cluster
> ---
>
> Key: HDFS-10424
> URL: https://issues.apache.org/jira/browse/HDFS-10424
> Project: Hadoop HDFS
>  Issue Type: Bug
>Affects Versions: 2.8.0
>Reporter: gu-chi
>Assignee: Chris Nauroth
>Priority: Blocker
> Attachments: HDFS-10424-branch-2.8.001.patch, HDFS-10424.001.patch
>
>
> {quote}
> protocol org.apache.hadoop.hdfs.server.protocol.DatanodeLifelineProtocol is 
> unauthorized for user * (auth:KERBEROS) | Server.java:1979
> {quote}
> I am using security cluster authenticate with kerberos, as I checked the the 
> code, if security auth enabled, because the DatanodeLifelineProtocol is not 
> inside HDFSPolicyProvider, when authorize in ServiceAuthorizationManager, 
> AuthorizationException will be thrown at line 96.
> Please point me out if I am wrong



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Updated] (HDFS-10424) DatanodeLifelineProtocol not able to use under security cluster

2016-05-20 Thread Chris Nauroth (JIRA)


 [ 
https://issues.apache.org/jira/browse/HDFS-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Chris Nauroth updated HDFS-10424:
-
   Resolution: Fixed
 Hadoop Flags: Reviewed
Fix Version/s: 2.8.0
   Status: Resolved  (was: Patch Available)

[~arpitagarwal] and [~vinayrpet], thank you for the code reviews.  I have 
committed this to trunk, branch-2 and branch-2.8.

> DatanodeLifelineProtocol not able to use under security cluster
> ---
>
> Key: HDFS-10424
> URL: https://issues.apache.org/jira/browse/HDFS-10424
> Project: Hadoop HDFS
>  Issue Type: Bug
>Affects Versions: 2.8.0
>Reporter: gu-chi
>Assignee: Chris Nauroth
>Priority: Blocker
> Fix For: 2.8.0
>
> Attachments: HDFS-10424-branch-2.8.001.patch, HDFS-10424.001.patch
>
>
> {quote}
> protocol org.apache.hadoop.hdfs.server.protocol.DatanodeLifelineProtocol is 
> unauthorized for user * (auth:KERBEROS) | Server.java:1979
> {quote}
> I am using security cluster authenticate with kerberos, as I checked the the 
> code, if security auth enabled, because the DatanodeLifelineProtocol is not 
> inside HDFSPolicyProvider, when authorize in ServiceAuthorizationManager, 
> AuthorizationException will be thrown at line 96.
> Please point me out if I am wrong



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Updated] (HDFS-10424) DatanodeLifelineProtocol not able to use under security cluster

[jira] [Updated] (HDFS-10424) DatanodeLifelineProtocol not able to use under security cluster

[jira] [Updated] (HDFS-10424) DatanodeLifelineProtocol not able to use under security cluster

[jira] [Updated] (HDFS-10424) DatanodeLifelineProtocol not able to use under security cluster

4 matches

Site Navigation

Mail list logo

Footer information