[jira] [Updated] (HDFS-5339) WebHDFS URI does not accept logical nameservices when security is enabled
[ https://issues.apache.org/jira/browse/HDFS-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jing Zhao updated HDFS-5339: Resolution: Fixed Fix Version/s: 2.4.0 Hadoop Flags: Reviewed Status: Resolved (was: Patch Available) I've committed this to trunk, branch-2 and branch-2.4.0. WebHDFS URI does not accept logical nameservices when security is enabled - Key: HDFS-5339 URL: https://issues.apache.org/jira/browse/HDFS-5339 Project: Hadoop HDFS Issue Type: Bug Components: webhdfs Affects Versions: 2.2.0 Reporter: Stephen Chu Assignee: Haohui Mai Fix For: 2.4.0 Attachments: HDFS-5339.000.patch, HDFS-5339.001.patch, HDFS-5339.002.patch, HDFS-5339.003.patch, HDFS-5339.004.patch On an insecure, HA setup, we see that this works: {code} [jenkins@hdfs-cdh5-ha-1 ~]$ hdfs dfs -ls webhdfs://ns1/ 13/09/27 15:23:52 INFO web.WebHdfsFileSystem: Retrying connect to namenode: hdfs-cdh5-ha-1.ent.cloudera.com/10.20.190.104:20101. Already tried 0 time(s); retry policy is org.apache.hadoop.io.retry.RetryPolicies$FailoverOnNetworkExceptionRetry@5ebc404e, delay 0ms. Found 5 items drwxr-xr-x - hbase hbase 0 2013-09-23 09:04 webhdfs://ns1/hbase drwxrwxr-x - solr solr0 2013-09-18 12:07 webhdfs://ns1/solr drwxr-xr-x - hdfs supergroup 0 2013-09-19 11:09 webhdfs://ns1/system drwxrwxrwt - hdfs supergroup 0 2013-09-18 16:25 webhdfs://ns1/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-18 15:53 webhdfs://ns1/user [jenkins@hdfs-cdh5-ha-1 ~]$ {code} However, when security is enabled, we get the following error: {code} [jenkins@hdfs-cdh5-ha-secure-1 ~]$ hdfs dfs -ls webhdfs://ns1/ -ls: java.net.UnknownHostException: ns1 Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [path ...] [jenkins@hdfs-cdh5-ha-secure-1 ~]$ {code} I verified that we can use the hdfs://ns1/ URI on the cluster where I see the problem. Also, I verified on a secure, non-HA cluster that we can use the webhdfs uri in secure mode: {code} [jenkins@hdfs-cdh5-secure-1 ~]$ hdfs dfs -ls webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/ drwxr-xr-x - hbase hbase 0 2013-09-25 10:33 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/hbase drwxrwxr-x - solr solr0 2013-09-25 10:34 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/solr drwxrwxrwt - hdfs supergroup 0 2013-09-25 10:39 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-25 11:00 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/user [jenkins@hdfs-cdh5-secure-1 ~]$ {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Updated] (HDFS-5339) WebHDFS URI does not accept logical nameservices when security is enabled
[ https://issues.apache.org/jira/browse/HDFS-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haohui Mai updated HDFS-5339: - Attachment: HDFS-5339.004.patch Good catch, Jing. The v4 patch addresses this issue. WebHDFS URI does not accept logical nameservices when security is enabled - Key: HDFS-5339 URL: https://issues.apache.org/jira/browse/HDFS-5339 Project: Hadoop HDFS Issue Type: Bug Components: webhdfs Affects Versions: 2.2.0 Reporter: Stephen Chu Assignee: Haohui Mai Attachments: HDFS-5339.000.patch, HDFS-5339.001.patch, HDFS-5339.002.patch, HDFS-5339.003.patch, HDFS-5339.004.patch On an insecure, HA setup, we see that this works: {code} [jenkins@hdfs-cdh5-ha-1 ~]$ hdfs dfs -ls webhdfs://ns1/ 13/09/27 15:23:52 INFO web.WebHdfsFileSystem: Retrying connect to namenode: hdfs-cdh5-ha-1.ent.cloudera.com/10.20.190.104:20101. Already tried 0 time(s); retry policy is org.apache.hadoop.io.retry.RetryPolicies$FailoverOnNetworkExceptionRetry@5ebc404e, delay 0ms. Found 5 items drwxr-xr-x - hbase hbase 0 2013-09-23 09:04 webhdfs://ns1/hbase drwxrwxr-x - solr solr0 2013-09-18 12:07 webhdfs://ns1/solr drwxr-xr-x - hdfs supergroup 0 2013-09-19 11:09 webhdfs://ns1/system drwxrwxrwt - hdfs supergroup 0 2013-09-18 16:25 webhdfs://ns1/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-18 15:53 webhdfs://ns1/user [jenkins@hdfs-cdh5-ha-1 ~]$ {code} However, when security is enabled, we get the following error: {code} [jenkins@hdfs-cdh5-ha-secure-1 ~]$ hdfs dfs -ls webhdfs://ns1/ -ls: java.net.UnknownHostException: ns1 Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [path ...] [jenkins@hdfs-cdh5-ha-secure-1 ~]$ {code} I verified that we can use the hdfs://ns1/ URI on the cluster where I see the problem. Also, I verified on a secure, non-HA cluster that we can use the webhdfs uri in secure mode: {code} [jenkins@hdfs-cdh5-secure-1 ~]$ hdfs dfs -ls webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/ drwxr-xr-x - hbase hbase 0 2013-09-25 10:33 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/hbase drwxrwxr-x - solr solr0 2013-09-25 10:34 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/solr drwxrwxrwt - hdfs supergroup 0 2013-09-25 10:39 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-25 11:00 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/user [jenkins@hdfs-cdh5-secure-1 ~]$ {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Updated] (HDFS-5339) WebHDFS URI does not accept logical nameservices when security is enabled
[ https://issues.apache.org/jira/browse/HDFS-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haohui Mai updated HDFS-5339: - Attachment: HDFS-5339.003.patch The v3 patch updates the unit test to cover the changed code path. WebHDFS URI does not accept logical nameservices when security is enabled - Key: HDFS-5339 URL: https://issues.apache.org/jira/browse/HDFS-5339 Project: Hadoop HDFS Issue Type: Bug Components: webhdfs Affects Versions: 2.2.0 Reporter: Stephen Chu Assignee: Haohui Mai Attachments: HDFS-5339.000.patch, HDFS-5339.001.patch, HDFS-5339.002.patch, HDFS-5339.003.patch On an insecure, HA setup, we see that this works: {code} [jenkins@hdfs-cdh5-ha-1 ~]$ hdfs dfs -ls webhdfs://ns1/ 13/09/27 15:23:52 INFO web.WebHdfsFileSystem: Retrying connect to namenode: hdfs-cdh5-ha-1.ent.cloudera.com/10.20.190.104:20101. Already tried 0 time(s); retry policy is org.apache.hadoop.io.retry.RetryPolicies$FailoverOnNetworkExceptionRetry@5ebc404e, delay 0ms. Found 5 items drwxr-xr-x - hbase hbase 0 2013-09-23 09:04 webhdfs://ns1/hbase drwxrwxr-x - solr solr0 2013-09-18 12:07 webhdfs://ns1/solr drwxr-xr-x - hdfs supergroup 0 2013-09-19 11:09 webhdfs://ns1/system drwxrwxrwt - hdfs supergroup 0 2013-09-18 16:25 webhdfs://ns1/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-18 15:53 webhdfs://ns1/user [jenkins@hdfs-cdh5-ha-1 ~]$ {code} However, when security is enabled, we get the following error: {code} [jenkins@hdfs-cdh5-ha-secure-1 ~]$ hdfs dfs -ls webhdfs://ns1/ -ls: java.net.UnknownHostException: ns1 Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [path ...] [jenkins@hdfs-cdh5-ha-secure-1 ~]$ {code} I verified that we can use the hdfs://ns1/ URI on the cluster where I see the problem. Also, I verified on a secure, non-HA cluster that we can use the webhdfs uri in secure mode: {code} [jenkins@hdfs-cdh5-secure-1 ~]$ hdfs dfs -ls webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/ drwxr-xr-x - hbase hbase 0 2013-09-25 10:33 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/hbase drwxrwxr-x - solr solr0 2013-09-25 10:34 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/solr drwxrwxrwt - hdfs supergroup 0 2013-09-25 10:39 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-25 11:00 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/user [jenkins@hdfs-cdh5-secure-1 ~]$ {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Updated] (HDFS-5339) WebHDFS URI does not accept logical nameservices when security is enabled
[ https://issues.apache.org/jira/browse/HDFS-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haohui Mai updated HDFS-5339: - Attachment: HDFS-5339.002.patch WebHDFS URI does not accept logical nameservices when security is enabled - Key: HDFS-5339 URL: https://issues.apache.org/jira/browse/HDFS-5339 Project: Hadoop HDFS Issue Type: Bug Components: webhdfs Affects Versions: 2.2.0 Reporter: Stephen Chu Assignee: Haohui Mai Attachments: HDFS-5339.000.patch, HDFS-5339.001.patch, HDFS-5339.002.patch On an insecure, HA setup, we see that this works: {code} [jenkins@hdfs-cdh5-ha-1 ~]$ hdfs dfs -ls webhdfs://ns1/ 13/09/27 15:23:52 INFO web.WebHdfsFileSystem: Retrying connect to namenode: hdfs-cdh5-ha-1.ent.cloudera.com/10.20.190.104:20101. Already tried 0 time(s); retry policy is org.apache.hadoop.io.retry.RetryPolicies$FailoverOnNetworkExceptionRetry@5ebc404e, delay 0ms. Found 5 items drwxr-xr-x - hbase hbase 0 2013-09-23 09:04 webhdfs://ns1/hbase drwxrwxr-x - solr solr0 2013-09-18 12:07 webhdfs://ns1/solr drwxr-xr-x - hdfs supergroup 0 2013-09-19 11:09 webhdfs://ns1/system drwxrwxrwt - hdfs supergroup 0 2013-09-18 16:25 webhdfs://ns1/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-18 15:53 webhdfs://ns1/user [jenkins@hdfs-cdh5-ha-1 ~]$ {code} However, when security is enabled, we get the following error: {code} [jenkins@hdfs-cdh5-ha-secure-1 ~]$ hdfs dfs -ls webhdfs://ns1/ -ls: java.net.UnknownHostException: ns1 Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [path ...] [jenkins@hdfs-cdh5-ha-secure-1 ~]$ {code} I verified that we can use the hdfs://ns1/ URI on the cluster where I see the problem. Also, I verified on a secure, non-HA cluster that we can use the webhdfs uri in secure mode: {code} [jenkins@hdfs-cdh5-secure-1 ~]$ hdfs dfs -ls webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/ drwxr-xr-x - hbase hbase 0 2013-09-25 10:33 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/hbase drwxrwxr-x - solr solr0 2013-09-25 10:34 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/solr drwxrwxrwt - hdfs supergroup 0 2013-09-25 10:39 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-25 11:00 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/user [jenkins@hdfs-cdh5-secure-1 ~]$ {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Updated] (HDFS-5339) WebHDFS URI does not accept logical nameservices when security is enabled
[ https://issues.apache.org/jira/browse/HDFS-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haohui Mai updated HDFS-5339: - Attachment: (was: HDFS-5339.001.patch) WebHDFS URI does not accept logical nameservices when security is enabled - Key: HDFS-5339 URL: https://issues.apache.org/jira/browse/HDFS-5339 Project: Hadoop HDFS Issue Type: Bug Components: webhdfs Affects Versions: 2.2.0 Reporter: Stephen Chu Assignee: Haohui Mai Attachments: HDFS-5339.000.patch, HDFS-5339.001.patch On an insecure, HA setup, we see that this works: {code} [jenkins@hdfs-cdh5-ha-1 ~]$ hdfs dfs -ls webhdfs://ns1/ 13/09/27 15:23:52 INFO web.WebHdfsFileSystem: Retrying connect to namenode: hdfs-cdh5-ha-1.ent.cloudera.com/10.20.190.104:20101. Already tried 0 time(s); retry policy is org.apache.hadoop.io.retry.RetryPolicies$FailoverOnNetworkExceptionRetry@5ebc404e, delay 0ms. Found 5 items drwxr-xr-x - hbase hbase 0 2013-09-23 09:04 webhdfs://ns1/hbase drwxrwxr-x - solr solr0 2013-09-18 12:07 webhdfs://ns1/solr drwxr-xr-x - hdfs supergroup 0 2013-09-19 11:09 webhdfs://ns1/system drwxrwxrwt - hdfs supergroup 0 2013-09-18 16:25 webhdfs://ns1/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-18 15:53 webhdfs://ns1/user [jenkins@hdfs-cdh5-ha-1 ~]$ {code} However, when security is enabled, we get the following error: {code} [jenkins@hdfs-cdh5-ha-secure-1 ~]$ hdfs dfs -ls webhdfs://ns1/ -ls: java.net.UnknownHostException: ns1 Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [path ...] [jenkins@hdfs-cdh5-ha-secure-1 ~]$ {code} I verified that we can use the hdfs://ns1/ URI on the cluster where I see the problem. Also, I verified on a secure, non-HA cluster that we can use the webhdfs uri in secure mode: {code} [jenkins@hdfs-cdh5-secure-1 ~]$ hdfs dfs -ls webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/ drwxr-xr-x - hbase hbase 0 2013-09-25 10:33 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/hbase drwxrwxr-x - solr solr0 2013-09-25 10:34 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/solr drwxrwxrwt - hdfs supergroup 0 2013-09-25 10:39 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-25 11:00 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/user [jenkins@hdfs-cdh5-secure-1 ~]$ {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Updated] (HDFS-5339) WebHDFS URI does not accept logical nameservices when security is enabled
[ https://issues.apache.org/jira/browse/HDFS-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haohui Mai updated HDFS-5339: - Attachment: HDFS-5339.001.patch WebHDFS URI does not accept logical nameservices when security is enabled - Key: HDFS-5339 URL: https://issues.apache.org/jira/browse/HDFS-5339 Project: Hadoop HDFS Issue Type: Bug Components: webhdfs Affects Versions: 2.2.0 Reporter: Stephen Chu Assignee: Haohui Mai Attachments: HDFS-5339.000.patch, HDFS-5339.001.patch On an insecure, HA setup, we see that this works: {code} [jenkins@hdfs-cdh5-ha-1 ~]$ hdfs dfs -ls webhdfs://ns1/ 13/09/27 15:23:52 INFO web.WebHdfsFileSystem: Retrying connect to namenode: hdfs-cdh5-ha-1.ent.cloudera.com/10.20.190.104:20101. Already tried 0 time(s); retry policy is org.apache.hadoop.io.retry.RetryPolicies$FailoverOnNetworkExceptionRetry@5ebc404e, delay 0ms. Found 5 items drwxr-xr-x - hbase hbase 0 2013-09-23 09:04 webhdfs://ns1/hbase drwxrwxr-x - solr solr0 2013-09-18 12:07 webhdfs://ns1/solr drwxr-xr-x - hdfs supergroup 0 2013-09-19 11:09 webhdfs://ns1/system drwxrwxrwt - hdfs supergroup 0 2013-09-18 16:25 webhdfs://ns1/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-18 15:53 webhdfs://ns1/user [jenkins@hdfs-cdh5-ha-1 ~]$ {code} However, when security is enabled, we get the following error: {code} [jenkins@hdfs-cdh5-ha-secure-1 ~]$ hdfs dfs -ls webhdfs://ns1/ -ls: java.net.UnknownHostException: ns1 Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [path ...] [jenkins@hdfs-cdh5-ha-secure-1 ~]$ {code} I verified that we can use the hdfs://ns1/ URI on the cluster where I see the problem. Also, I verified on a secure, non-HA cluster that we can use the webhdfs uri in secure mode: {code} [jenkins@hdfs-cdh5-secure-1 ~]$ hdfs dfs -ls webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/ drwxr-xr-x - hbase hbase 0 2013-09-25 10:33 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/hbase drwxrwxr-x - solr solr0 2013-09-25 10:34 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/solr drwxrwxrwt - hdfs supergroup 0 2013-09-25 10:39 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-25 11:00 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/user [jenkins@hdfs-cdh5-secure-1 ~]$ {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Updated] (HDFS-5339) WebHDFS URI does not accept logical nameservices when security is enabled
[ https://issues.apache.org/jira/browse/HDFS-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haohui Mai updated HDFS-5339: - Status: Patch Available (was: Open) WebHDFS URI does not accept logical nameservices when security is enabled - Key: HDFS-5339 URL: https://issues.apache.org/jira/browse/HDFS-5339 Project: Hadoop HDFS Issue Type: Bug Components: webhdfs Affects Versions: 2.2.0 Reporter: Stephen Chu Assignee: Haohui Mai Attachments: HDFS-5339.000.patch On an insecure, HA setup, we see that this works: {code} [jenkins@hdfs-cdh5-ha-1 ~]$ hdfs dfs -ls webhdfs://ns1/ 13/09/27 15:23:52 INFO web.WebHdfsFileSystem: Retrying connect to namenode: hdfs-cdh5-ha-1.ent.cloudera.com/10.20.190.104:20101. Already tried 0 time(s); retry policy is org.apache.hadoop.io.retry.RetryPolicies$FailoverOnNetworkExceptionRetry@5ebc404e, delay 0ms. Found 5 items drwxr-xr-x - hbase hbase 0 2013-09-23 09:04 webhdfs://ns1/hbase drwxrwxr-x - solr solr0 2013-09-18 12:07 webhdfs://ns1/solr drwxr-xr-x - hdfs supergroup 0 2013-09-19 11:09 webhdfs://ns1/system drwxrwxrwt - hdfs supergroup 0 2013-09-18 16:25 webhdfs://ns1/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-18 15:53 webhdfs://ns1/user [jenkins@hdfs-cdh5-ha-1 ~]$ {code} However, when security is enabled, we get the following error: {code} [jenkins@hdfs-cdh5-ha-secure-1 ~]$ hdfs dfs -ls webhdfs://ns1/ -ls: java.net.UnknownHostException: ns1 Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [path ...] [jenkins@hdfs-cdh5-ha-secure-1 ~]$ {code} I verified that we can use the hdfs://ns1/ URI on the cluster where I see the problem. Also, I verified on a secure, non-HA cluster that we can use the webhdfs uri in secure mode: {code} [jenkins@hdfs-cdh5-secure-1 ~]$ hdfs dfs -ls webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/ drwxr-xr-x - hbase hbase 0 2013-09-25 10:33 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/hbase drwxrwxr-x - solr solr0 2013-09-25 10:34 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/solr drwxrwxrwt - hdfs supergroup 0 2013-09-25 10:39 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-25 11:00 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/user [jenkins@hdfs-cdh5-secure-1 ~]$ {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Updated] (HDFS-5339) WebHDFS URI does not accept logical nameservices when security is enabled
[ https://issues.apache.org/jira/browse/HDFS-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haohui Mai updated HDFS-5339: - Attachment: HDFS-5339.000.patch The v0 version of the patch. Here are the notable changes: # TokenAspect accepts a {{tokenServiceName}} as a parameter. The token selector will select the token based on it. As a result, there is no excessive DNS resolution for tokens in the HA set ups. # Webhdfs / swebhdfs sets the {{tokenServiceName}} accordingly depending on whether HA is enabled. # When the token selector fails to find the token of hftp / hsftp / webhdfs / swebhdfs, it no longer falls back to the HDFS delegation token. I've tested the hftp / hsftp / webhdfs / swebhdfs in both secure and non secure HA set ups by running {{hadoop -ls}}. The patch works as expected. WebHDFS URI does not accept logical nameservices when security is enabled - Key: HDFS-5339 URL: https://issues.apache.org/jira/browse/HDFS-5339 Project: Hadoop HDFS Issue Type: Bug Components: webhdfs Affects Versions: 2.2.0 Reporter: Stephen Chu Assignee: Haohui Mai Attachments: HDFS-5339.000.patch On an insecure, HA setup, we see that this works: {code} [jenkins@hdfs-cdh5-ha-1 ~]$ hdfs dfs -ls webhdfs://ns1/ 13/09/27 15:23:52 INFO web.WebHdfsFileSystem: Retrying connect to namenode: hdfs-cdh5-ha-1.ent.cloudera.com/10.20.190.104:20101. Already tried 0 time(s); retry policy is org.apache.hadoop.io.retry.RetryPolicies$FailoverOnNetworkExceptionRetry@5ebc404e, delay 0ms. Found 5 items drwxr-xr-x - hbase hbase 0 2013-09-23 09:04 webhdfs://ns1/hbase drwxrwxr-x - solr solr0 2013-09-18 12:07 webhdfs://ns1/solr drwxr-xr-x - hdfs supergroup 0 2013-09-19 11:09 webhdfs://ns1/system drwxrwxrwt - hdfs supergroup 0 2013-09-18 16:25 webhdfs://ns1/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-18 15:53 webhdfs://ns1/user [jenkins@hdfs-cdh5-ha-1 ~]$ {code} However, when security is enabled, we get the following error: {code} [jenkins@hdfs-cdh5-ha-secure-1 ~]$ hdfs dfs -ls webhdfs://ns1/ -ls: java.net.UnknownHostException: ns1 Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [path ...] [jenkins@hdfs-cdh5-ha-secure-1 ~]$ {code} I verified that we can use the hdfs://ns1/ URI on the cluster where I see the problem. Also, I verified on a secure, non-HA cluster that we can use the webhdfs uri in secure mode: {code} [jenkins@hdfs-cdh5-secure-1 ~]$ hdfs dfs -ls webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/ drwxr-xr-x - hbase hbase 0 2013-09-25 10:33 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/hbase drwxrwxr-x - solr solr0 2013-09-25 10:34 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/solr drwxrwxrwt - hdfs supergroup 0 2013-09-25 10:39 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-25 11:00 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/user [jenkins@hdfs-cdh5-secure-1 ~]$ {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Updated] (HDFS-5339) WebHDFS URI does not accept logical nameservices when security is enabled
[ https://issues.apache.org/jira/browse/HDFS-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haohui Mai updated HDFS-5339: - Attachment: HDFS-5339.001.patch Fix the findbugs warning. WebHDFS URI does not accept logical nameservices when security is enabled - Key: HDFS-5339 URL: https://issues.apache.org/jira/browse/HDFS-5339 Project: Hadoop HDFS Issue Type: Bug Components: webhdfs Affects Versions: 2.2.0 Reporter: Stephen Chu Assignee: Haohui Mai Attachments: HDFS-5339.000.patch, HDFS-5339.001.patch On an insecure, HA setup, we see that this works: {code} [jenkins@hdfs-cdh5-ha-1 ~]$ hdfs dfs -ls webhdfs://ns1/ 13/09/27 15:23:52 INFO web.WebHdfsFileSystem: Retrying connect to namenode: hdfs-cdh5-ha-1.ent.cloudera.com/10.20.190.104:20101. Already tried 0 time(s); retry policy is org.apache.hadoop.io.retry.RetryPolicies$FailoverOnNetworkExceptionRetry@5ebc404e, delay 0ms. Found 5 items drwxr-xr-x - hbase hbase 0 2013-09-23 09:04 webhdfs://ns1/hbase drwxrwxr-x - solr solr0 2013-09-18 12:07 webhdfs://ns1/solr drwxr-xr-x - hdfs supergroup 0 2013-09-19 11:09 webhdfs://ns1/system drwxrwxrwt - hdfs supergroup 0 2013-09-18 16:25 webhdfs://ns1/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-18 15:53 webhdfs://ns1/user [jenkins@hdfs-cdh5-ha-1 ~]$ {code} However, when security is enabled, we get the following error: {code} [jenkins@hdfs-cdh5-ha-secure-1 ~]$ hdfs dfs -ls webhdfs://ns1/ -ls: java.net.UnknownHostException: ns1 Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [path ...] [jenkins@hdfs-cdh5-ha-secure-1 ~]$ {code} I verified that we can use the hdfs://ns1/ URI on the cluster where I see the problem. Also, I verified on a secure, non-HA cluster that we can use the webhdfs uri in secure mode: {code} [jenkins@hdfs-cdh5-secure-1 ~]$ hdfs dfs -ls webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/ drwxr-xr-x - hbase hbase 0 2013-09-25 10:33 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/hbase drwxrwxr-x - solr solr0 2013-09-25 10:34 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/solr drwxrwxrwt - hdfs supergroup 0 2013-09-25 10:39 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/tmp drwxr-xr-x - hdfs supergroup 0 2013-09-25 11:00 webhdfs://hdfs-cdh5-secure-1.ent.cloudera.com:20101/user [jenkins@hdfs-cdh5-secure-1 ~]$ {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)