[jira] [Commented] (KUDU-2083) MaintenanceManager running_op_ count not decremented if MaintenanceOp::Prepare() fails
[ https://issues.apache.org/jira/browse/KUDU-2083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16118544#comment-16118544 ] Matthew Jacobs commented on KUDU-2083: -- This was seen in an Impala test job: IMPALA-5770 > MaintenanceManager running_op_ count not decremented if > MaintenanceOp::Prepare() fails > -- > > Key: KUDU-2083 > URL: https://issues.apache.org/jira/browse/KUDU-2083 > Project: Kudu > Issue Type: Bug >Reporter: Samuel Okrent >Priority: Minor > > In MaintenanceManager::RunSchedulerThread(), an op gets selected, > running_ops_ is incremented, and Prepare() is called on the op. If Prepare() > returns false, the op isn't run, so running_ops_ never gets decremented. If > Prepare() ever fails, then this could be a problem, as the maintenance > manager compares running_ops_ to the number of operation threads to determine > whether or not it can run another operation. Prepare generally doesn't fail, > but if Tablet::AlterSchema() is called in between FlushMRSOp::UpdateStats() > and FlushMRSOp::Prepare(), that is one instance where Prepare() could > potentially fail. > To fix, decrement running_ops_ in the codepath that follows from Prepare() > failing. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KUDU-2083) MaintenanceManager running_op_ count not decremented if MaintenanceOp::Prepare() fails
[ https://issues.apache.org/jira/browse/KUDU-2083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Matthew Jacobs updated KUDU-2083: - Priority: Major (was: Minor) > MaintenanceManager running_op_ count not decremented if > MaintenanceOp::Prepare() fails > -- > > Key: KUDU-2083 > URL: https://issues.apache.org/jira/browse/KUDU-2083 > Project: Kudu > Issue Type: Bug >Reporter: Samuel Okrent > > In MaintenanceManager::RunSchedulerThread(), an op gets selected, > running_ops_ is incremented, and Prepare() is called on the op. If Prepare() > returns false, the op isn't run, so running_ops_ never gets decremented. If > Prepare() ever fails, then this could be a problem, as the maintenance > manager compares running_ops_ to the number of operation threads to determine > whether or not it can run another operation. Prepare generally doesn't fail, > but if Tablet::AlterSchema() is called in between FlushMRSOp::UpdateStats() > and FlushMRSOp::Prepare(), that is one instance where Prepare() could > potentially fail. > To fix, decrement running_ops_ in the codepath that follows from Prepare() > failing. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (KUDU-2091) Certificates with intermediate CA's do not work with Kudu
Sailesh Mukil created KUDU-2091: --- Summary: Certificates with intermediate CA's do not work with Kudu Key: KUDU-2091 URL: https://issues.apache.org/jira/browse/KUDU-2091 Project: Kudu Issue Type: Bug Components: security Affects Versions: 1.4.0 Reporter: Sailesh Mukil Assignee: Sailesh Mukil Priority: Critical Certificates with intermediate CA's and chain certificates are not recognized by the Kudu security library. We need to track down the root of the problem and enable support for these certificates. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KUDU-2085) Seek past last element of a prefix-encoded binary block may crash
[ https://issues.apache.org/jira/browse/KUDU-2085?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Todd Lipcon updated KUDU-2085: -- Resolution: Fixed Fix Version/s: 1.4.1 1.2.1 1.5.0 1.3.2 Status: Resolved (was: In Review) Picked to 1.2.x as well. > Seek past last element of a prefix-encoded binary block may crash > - > > Key: KUDU-2085 > URL: https://issues.apache.org/jira/browse/KUDU-2085 > Project: Kudu > Issue Type: Bug > Components: cfile >Affects Versions: 1.0.1, 1.1.0, 1.2.0, 1.3.1, 1.4.0 >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Critical > Fix For: 1.3.2, 1.5.0, 1.2.1, 1.4.1 > > > Similar to KUDU-2049, the binary prefix block encoder has a bug when seeking > past the end of the block (i.e to the offset past the last element). The bug > only causes issues in very specific circumstances: > - the number of elements in the block has to be a multiple of 16 (the > "restart interval") > -- this causes the code to interpret the "restart count" at the end of the > block data as an offset instead of part of the footer. > - this value, when interpreted as an offset, points to a piece of data in the > block which, when interpreted as a varint, ends up large enough to point past > the end of the block. > This results in an error like: > F0730 09:56:07.291882 124055 binary_prefix_block.cc:325] Check failed: > _s.ok() Bad status: Corruption: Could not decode value length data at idx 32 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KUDU-2032) Kerberos authentication fails with rdns disabled in krb5.conf
[ https://issues.apache.org/jira/browse/KUDU-2032?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Todd Lipcon updated KUDU-2032: -- Priority: Critical (was: Major) > Kerberos authentication fails with rdns disabled in krb5.conf > - > > Key: KUDU-2032 > URL: https://issues.apache.org/jira/browse/KUDU-2032 > Project: Kudu > Issue Type: Bug > Components: security >Affects Versions: 1.3.1, 1.4.0 >Reporter: Todd Lipcon >Priority: Critical > > Currently if 'rnds = false' is configured in krb5.conf, Kudu ends up using > the IP addresses of remote hosts instead of the hostnames. This means that it > will look for krb5 principals by IP, even if actual hostnames have been > passed instead. > This prevents krb5 from working properly in most environments where > rdns=false is set. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (KUDU-2032) Kerberos authentication fails with rdns disabled in krb5.conf
[ https://issues.apache.org/jira/browse/KUDU-2032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16118726#comment-16118726 ] Todd Lipcon commented on KUDU-2032: --- Bumped this to higher priority since it seems to be a relatively common configuration. > Kerberos authentication fails with rdns disabled in krb5.conf > - > > Key: KUDU-2032 > URL: https://issues.apache.org/jira/browse/KUDU-2032 > Project: Kudu > Issue Type: Bug > Components: security >Affects Versions: 1.3.1, 1.4.0 >Reporter: Todd Lipcon >Priority: Critical > > Currently if 'rnds = false' is configured in krb5.conf, Kudu ends up using > the IP addresses of remote hosts instead of the hostnames. This means that it > will look for krb5 principals by IP, even if actual hostnames have been > passed instead. > This prevents krb5 from working properly in most environments where > rdns=false is set. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (KUDU-2092) Pull in krb5_is_config_principal() when running against older kerberos versions
Sailesh Mukil created KUDU-2092: --- Summary: Pull in krb5_is_config_principal() when running against older kerberos versions Key: KUDU-2092 URL: https://issues.apache.org/jira/browse/KUDU-2092 Project: Kudu Issue Type: Improvement Components: security Affects Versions: 1.4.0 Reporter: Sailesh Mukil Assignee: Sailesh Mukil On kerberos versions < krb5-1.8, the function krb5_is_config_principal() does not exist. Since our code uses that function, and we statically link against kerberos, we would be unable to run on systems that have these old kerberos versions. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (KUDU-2092) Pull in krb5_is_config_principal() when running against older kerberos versions
[ https://issues.apache.org/jira/browse/KUDU-2092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119051#comment-16119051 ] Todd Lipcon commented on KUDU-2092: --- Did you mean to say "dynamically link against kerberos"? and "unable to build on" rather than "unable to run on"? > Pull in krb5_is_config_principal() when running against older kerberos > versions > --- > > Key: KUDU-2092 > URL: https://issues.apache.org/jira/browse/KUDU-2092 > Project: Kudu > Issue Type: Improvement > Components: security >Affects Versions: 1.4.0 >Reporter: Sailesh Mukil >Assignee: Sailesh Mukil > > On kerberos versions < krb5-1.8, the function krb5_is_config_principal() does > not exist. Since our code uses that function, and we statically link against > kerberos, we would be unable to run on systems that have these old kerberos > versions. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (KUDU-2092) Pull in krb5_is_config_principal() when running against older kerberos versions
[ https://issues.apache.org/jira/browse/KUDU-2092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sri Sai Kumar Ravipati reassigned KUDU-2092: Assignee: Sri Sai Kumar Ravipati (was: Sailesh Mukil) > Pull in krb5_is_config_principal() when running against older kerberos > versions > --- > > Key: KUDU-2092 > URL: https://issues.apache.org/jira/browse/KUDU-2092 > Project: Kudu > Issue Type: Improvement > Components: security >Affects Versions: 1.4.0 >Reporter: Sailesh Mukil >Assignee: Sri Sai Kumar Ravipati > > On kerberos versions < krb5-1.8, the function krb5_is_config_principal() does > not exist. Since our code uses that function, and we statically link against > kerberos, we would be unable to run on systems that have these old kerberos > versions. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (KUDU-2092) Pull in krb5_is_config_principal() when running against older kerberos versions
[ https://issues.apache.org/jira/browse/KUDU-2092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sri Sai Kumar Ravipati reassigned KUDU-2092: Assignee: Sailesh Mukil (was: Sri Sai Kumar Ravipati) > Pull in krb5_is_config_principal() when running against older kerberos > versions > --- > > Key: KUDU-2092 > URL: https://issues.apache.org/jira/browse/KUDU-2092 > Project: Kudu > Issue Type: Improvement > Components: security >Affects Versions: 1.4.0 >Reporter: Sailesh Mukil >Assignee: Sailesh Mukil > > On kerberos versions < krb5-1.8, the function krb5_is_config_principal() does > not exist. Since our code uses that function, and we statically link against > kerberos, we would be unable to run on systems that have these old kerberos > versions. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (KUDU-2092) Pull in krb5_is_config_principal() when running against older kerberos versions
[ https://issues.apache.org/jira/browse/KUDU-2092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119139#comment-16119139 ] Sailesh Mukil commented on KUDU-2092: - Oops, don't know why I wrote down statically, changed the description. Thanks for pointing them out. > Pull in krb5_is_config_principal() when running against older kerberos > versions > --- > > Key: KUDU-2092 > URL: https://issues.apache.org/jira/browse/KUDU-2092 > Project: Kudu > Issue Type: Improvement > Components: security >Affects Versions: 1.4.0 >Reporter: Sailesh Mukil >Assignee: Sailesh Mukil > > On kerberos versions < krb5-1.8, the function krb5_is_config_principal() does > not exist. Since our code uses that function, and we dynamically link against > kerberos, we would be unable to build on systems that have these old kerberos > versions. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KUDU-2092) Pull in krb5_is_config_principal() when running against older kerberos versions
[ https://issues.apache.org/jira/browse/KUDU-2092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sailesh Mukil updated KUDU-2092: Description: On kerberos versions < krb5-1.8, the function krb5_is_config_principal() does not exist. Since our code uses that function, and we dynamically link against kerberos, we would be unable to build on systems that have these old kerberos versions. (was: On kerberos versions < krb5-1.8, the function krb5_is_config_principal() does not exist. Since our code uses that function, and we statically link against kerberos, we would be unable to run on systems that have these old kerberos versions.) > Pull in krb5_is_config_principal() when running against older kerberos > versions > --- > > Key: KUDU-2092 > URL: https://issues.apache.org/jira/browse/KUDU-2092 > Project: Kudu > Issue Type: Improvement > Components: security >Affects Versions: 1.4.0 >Reporter: Sailesh Mukil >Assignee: Sailesh Mukil > > On kerberos versions < krb5-1.8, the function krb5_is_config_principal() does > not exist. Since our code uses that function, and we dynamically link against > kerberos, we would be unable to build on systems that have these old kerberos > versions. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
