date:20200414

[jira] [Commented] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

2020-04-14 Thread Eric Yang (Jira)



[ 
https://issues.apache.org/jira/browse/MAPREDUCE-7273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17083794#comment-17083794
 ] 

Eric Yang commented on MAPREDUCE-7273:
--

Thank you for the patch, [~pbacsko].  getCurrentUser() may produce impersonated 
user instead of login user depending on where UGI class is used.  Server side 
code is likely to require to use of getLogin() user instead of getCurrentUser() 
for correctness:

{code}
UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
{code}

> JHS: make sure that Kerberos relogin is performed when KDC becomes offline 
> then online again
> 
>
> Key: MAPREDUCE-7273
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-7273
> Project: Hadoop Map/Reduce
>  Issue Type: Bug
>  Components: jobhistoryserver
>Affects Versions: 2.10.0, 3.2.1, 3.1.3
>Reporter: Peter Bacsko
>Assignee: Peter Bacsko
>Priority: Major
> Attachments: MAPREDUCE-7273-001.patch
>
>
> In JHS, if the KDC goes offline, the IPC layer does try to relogin, but it's 
> not always enough. You have to wait for 60 seconds for the next retry. In the 
> meantime, if the KDC comes back, the following error might occur:
> {noformat}
> 2020-04-09 03:27:52,075 DEBUG ipc.Server (Server.java:processSaslToken(1952)) 
> - Have read input token of size 708 for processing by 
> saslServer.evaluateResponse()
> 2020-04-09 03:27:52,077 DEBUG ipc.Server (Server.java:saslProcess(1829)) - 
> javax.security.sasl.SaslException: GSS initiate failed [Caused by 
> GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid 
> argument (400) - Cannot find key of appropriate type to decrypt AP REP - 
> AES128 CTS mode with HMAC SHA1-96)]
> at 
> com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:199)
> ...
> {noformat}
> When this happens, JHS has to be restarted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: mapreduce-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: mapreduce-issues-h...@hadoop.apache.org

[jira] [Commented] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

2020-04-14 Thread Hadoop QA (Jira)



[ 
https://issues.apache.org/jira/browse/MAPREDUCE-7273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17083374#comment-17083374
 ] 

Hadoop QA commented on MAPREDUCE-7273:
--

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue}  0m 
27s{color} | {color:blue} Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green}  0m  
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:red}-1{color} | {color:red} test4tests {color} | {color:red}  0m  
0s{color} | {color:red} The patch doesn't appear to include any new or modified 
tests. Please justify why no new tests are needed for this patch. Also please 
list what manual steps were performed to verify this patch. {color} |
|| || || || {color:brown} trunk Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 18m 
 7s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  0m 
22s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  0m 
18s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green}  0m 
30s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 
15m 48s{color} | {color:green} branch has no errors when building and testing 
our client artifacts. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green}  0m 
51s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 
26s{color} | {color:green} trunk passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  0m 
30s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  0m 
25s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green}  0m 
25s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  0m 
18s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green}  0m 
29s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green}  0m 
 0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 
17m 29s{color} | {color:green} patch has no errors when building and testing 
our client artifacts. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green}  0m 
54s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 
22s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  4m 
51s{color} | {color:green} hadoop-mapreduce-client-hs in the patch passed. 
{color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green}  0m 
31s{color} | {color:green} The patch does not generate ASF License warnings. 
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 63m 16s{color} | 
{color:black} {color} |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Client=19.03.8 Server=19.03.8 Image:yetus/hadoop:e6455cc864d |
| JIRA Issue | MAPREDUCE-7273 |
| JIRA Patch URL | 
https://issues.apache.org/jira/secure/attachment/1221/MAPREDUCE-7273-001.patch
 |
| Optional Tests |  dupname  asflicense  compile  javac  javadoc  mvninstall  
mvnsite  unit  shadedclient  findbugs  checkstyle  |
| uname | Linux a2f4823377ec 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 
11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /testptch/patchprocess/precommit/personality/provided.sh |
| git revision | trunk / aeeebc5 |
| maven | version: Apache Maven 3.3.9 |
| Default Java | 1.8.0_242 |
| findbugs | v3.1.0-RC1 |
|  Test Results | 
https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/7765/testReport/ |
| Max. process+thread count | 471 (vs. ulimit of 5500) |
| modules | C: 
hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs U: 
hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs |
| Console output | 
https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/7765/console |
| Powered by | Apache Yetus 0.8.0

[jira] [Updated] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

2020-04-14 Thread Peter Bacsko (Jira)



 [ 
https://issues.apache.org/jira/browse/MAPREDUCE-7273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Peter Bacsko updated MAPREDUCE-7273:

Status: Patch Available  (was: Open)

> JHS: make sure that Kerberos relogin is performed when KDC becomes offline 
> then online again
> 
>
> Key: MAPREDUCE-7273
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-7273
> Project: Hadoop Map/Reduce
>  Issue Type: Bug
>  Components: jobhistoryserver
>Affects Versions: 3.1.3, 3.2.1, 2.10.0
>Reporter: Peter Bacsko
>Assignee: Peter Bacsko
>Priority: Major
> Attachments: MAPREDUCE-7273-001.patch
>
>
> In JHS, if the KDC goes offline, the IPC layer does try to relogin, but it's 
> not always enough. You have to wait for 60 seconds for the next retry. In the 
> meantime, if the KDC comes back, the following error might occur:
> {noformat}
> 2020-04-09 03:27:52,075 DEBUG ipc.Server (Server.java:processSaslToken(1952)) 
> - Have read input token of size 708 for processing by 
> saslServer.evaluateResponse()
> 2020-04-09 03:27:52,077 DEBUG ipc.Server (Server.java:saslProcess(1829)) - 
> javax.security.sasl.SaslException: GSS initiate failed [Caused by 
> GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid 
> argument (400) - Cannot find key of appropriate type to decrypt AP REP - 
> AES128 CTS mode with HMAC SHA1-96)]
> at 
> com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:199)
> ...
> {noformat}
> When this happens, JHS has to be restarted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: mapreduce-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: mapreduce-issues-h...@hadoop.apache.org

[jira] [Updated] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

2020-04-14 Thread Peter Bacsko (Jira)



 [ 
https://issues.apache.org/jira/browse/MAPREDUCE-7273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Peter Bacsko updated MAPREDUCE-7273:

Attachment: MAPREDUCE-7273-001.patch

> JHS: make sure that Kerberos relogin is performed when KDC becomes offline 
> then online again
> 
>
> Key: MAPREDUCE-7273
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-7273
> Project: Hadoop Map/Reduce
>  Issue Type: Bug
>  Components: jobhistoryserver
>Affects Versions: 2.10.0, 3.2.1, 3.1.3
>Reporter: Peter Bacsko
>Assignee: Peter Bacsko
>Priority: Major
> Attachments: MAPREDUCE-7273-001.patch
>
>
> In JHS, if the KDC goes offline, the IPC layer does try to relogin, but it's 
> not always enough. You have to wait for 60 seconds for the next retry. In the 
> meantime, if the KDC comes back, the following error might occur:
> {noformat}
> 2020-04-09 03:27:52,075 DEBUG ipc.Server (Server.java:processSaslToken(1952)) 
> - Have read input token of size 708 for processing by 
> saslServer.evaluateResponse()
> 2020-04-09 03:27:52,077 DEBUG ipc.Server (Server.java:saslProcess(1829)) - 
> javax.security.sasl.SaslException: GSS initiate failed [Caused by 
> GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid 
> argument (400) - Cannot find key of appropriate type to decrypt AP REP - 
> AES128 CTS mode with HMAC SHA1-96)]
> at 
> com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:199)
> ...
> {noformat}
> When this happens, JHS has to be restarted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: mapreduce-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: mapreduce-issues-h...@hadoop.apache.org

[jira] [Updated] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

2020-04-14 Thread Peter Bacsko (Jira)



 [ 
https://issues.apache.org/jira/browse/MAPREDUCE-7273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Peter Bacsko updated MAPREDUCE-7273:

Affects Version/s: 2.10.0
   3.2.1
   3.1.3

> JHS: make sure that Kerberos relogin is performed when KDC becomes offline 
> then online again
> 
>
> Key: MAPREDUCE-7273
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-7273
> Project: Hadoop Map/Reduce
>  Issue Type: Bug
>  Components: jobhistoryserver
>Affects Versions: 2.10.0, 3.2.1, 3.1.3
>Reporter: Peter Bacsko
>Assignee: Peter Bacsko
>Priority: Major
>
> In JHS, if the KDC goes offline, the IPC layer does try to relogin, but it's 
> not always enough. You have to wait for 60 seconds for the next retry. In the 
> meantime, if the KDC comes back, the following error might occur:
> {noformat}
> 2020-04-09 03:27:52,075 DEBUG ipc.Server (Server.java:processSaslToken(1952)) 
> - Have read input token of size 708 for processing by 
> saslServer.evaluateResponse()
> 2020-04-09 03:27:52,077 DEBUG ipc.Server (Server.java:saslProcess(1829)) - 
> javax.security.sasl.SaslException: GSS initiate failed [Caused by 
> GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid 
> argument (400) - Cannot find key of appropriate type to decrypt AP REP - 
> AES128 CTS mode with HMAC SHA1-96)]
> at 
> com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:199)
> ...
> {noformat}
> When this happens, JHS has to be restarted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: mapreduce-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: mapreduce-issues-h...@hadoop.apache.org

[jira] [Created] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

2020-04-14 Thread Peter Bacsko (Jira)

Peter Bacsko created MAPREDUCE-7273:
---

 Summary: JHS: make sure that Kerberos relogin is performed when 
KDC becomes offline then online again
 Key: MAPREDUCE-7273
 URL: https://issues.apache.org/jira/browse/MAPREDUCE-7273
 Project: Hadoop Map/Reduce
  Issue Type: Bug
Reporter: Peter Bacsko
Assignee: Peter Bacsko


In JHS, if the KDC goes offline, the IPC layer does try to relogin, but it's 
not always enough. You have to wait for 60 seconds for the next retry. In the 
meantime, if the KDC comes back, the following error might occur:

{noformat}
2020-04-09 03:27:52,075 DEBUG ipc.Server (Server.java:processSaslToken(1952)) - 
Have read input token of size 708 for processing by 
saslServer.evaluateResponse()
2020-04-09 03:27:52,077 DEBUG ipc.Server (Server.java:saslProcess(1829)) - 
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: 
Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - 
Cannot find key of appropriate type to decrypt AP REP - AES128 CTS mode with 
HMAC SHA1-96)]
at 
com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:199)
...
{noformat}

When this happens, JHS has to be restarted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: mapreduce-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: mapreduce-issues-h...@hadoop.apache.org

[jira] [Updated] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

2020-04-14 Thread Peter Bacsko (Jira)



 [ 
https://issues.apache.org/jira/browse/MAPREDUCE-7273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Peter Bacsko updated MAPREDUCE-7273:

Component/s: jobhistoryserver

> JHS: make sure that Kerberos relogin is performed when KDC becomes offline 
> then online again
> 
>
> Key: MAPREDUCE-7273
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-7273
> Project: Hadoop Map/Reduce
>  Issue Type: Bug
>  Components: jobhistoryserver
>Reporter: Peter Bacsko
>Assignee: Peter Bacsko
>Priority: Major
>
> In JHS, if the KDC goes offline, the IPC layer does try to relogin, but it's 
> not always enough. You have to wait for 60 seconds for the next retry. In the 
> meantime, if the KDC comes back, the following error might occur:
> {noformat}
> 2020-04-09 03:27:52,075 DEBUG ipc.Server (Server.java:processSaslToken(1952)) 
> - Have read input token of size 708 for processing by 
> saslServer.evaluateResponse()
> 2020-04-09 03:27:52,077 DEBUG ipc.Server (Server.java:saslProcess(1829)) - 
> javax.security.sasl.SaslException: GSS initiate failed [Caused by 
> GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid 
> argument (400) - Cannot find key of appropriate type to decrypt AP REP - 
> AES128 CTS mode with HMAC SHA1-96)]
> at 
> com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:199)
> ...
> {noformat}
> When this happens, JHS has to be restarted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: mapreduce-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: mapreduce-issues-h...@hadoop.apache.org

[jira] [Commented] (MAPREDUCE-7199) HsJobsBlock reuse JobACLsManager for checkAccess

2020-04-14 Thread Surendra Singh Lilhore (Jira)



[ 
https://issues.apache.org/jira/browse/MAPREDUCE-7199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17083280#comment-17083280
 ] 

Surendra Singh Lilhore commented on MAPREDUCE-7199:
---

+1

[~bibinchundatt] Do you want to look in to v3 patch ?

> HsJobsBlock reuse JobACLsManager for checkAccess
> 
>
> Key: MAPREDUCE-7199
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-7199
> Project: Hadoop Map/Reduce
>  Issue Type: Improvement
>Reporter: Bibin Chundatt
>Assignee: Bilwa S T
>Priority: Minor
> Attachments: MAPREDUCE-7199-001.patch, MAPREDUCE-7199.002.patch, 
> MAPREDUCE-7199.003.patch
>
>
> Reuse JobAclManager.checkAccess
> {code} 
>  private boolean checkAccess(String userName) {
> if(!areAclsEnabled) {
>   return true;
> }
> // User could see its own job.
> if (ugi.getShortUserName().equals(userName)) {
>   return true;
> }
> // Admin could also see all jobs
> if (adminAclList != null && adminAclList.isUserAllowed(ugi)) {
>   return true;
> }
> return false;
>   }
> {code} 
> {code}
> jobACLsManager
>   .checkAccess(ugi, JobACL.VIEW_JOB, ..
>   new AccessControlList()))
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: mapreduce-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: mapreduce-issues-h...@hadoop.apache.org

[jira] [Commented] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

[jira] [Commented] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

[jira] [Updated] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

[jira] [Updated] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

[jira] [Updated] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

[jira] [Created] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

[jira] [Updated] (MAPREDUCE-7273) JHS: make sure that Kerberos relogin is performed when KDC becomes offline then online again

[jira] [Commented] (MAPREDUCE-7199) HsJobsBlock reuse JobACLsManager for checkAccess

8 matches

Site Navigation

Mail list logo

Footer information