Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13814

Sample configuration of KMS HTTP Authentication signature is misleading

    Details

    • Hadoop Flags:
      Reviewed

      Description

      In https://hadoop.apache.org/docs/current/hadoop-kms/index.html

        <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type</name>
          <value>kerberos</value>
          <description>
            The Zookeeper authentication type, 'none' or 'sasl' (Kerberos).
          </description>
        </property>
      

      It is very misleading. This configuration value should be 'sasl' when the kerberos authentication is enabled.

      1. HADOOP-13814.1.patch
        1 kB
        Masahiro Tanaka
      2. HADOOP-13814.patch
        1 kB
        Masahiro Tanaka

        Activity

        Hide
        masatana Masahiro Tanaka added a comment -

        I would like to work on this issue. Could anyone assign me to this ticket?

        Show
        masatana Masahiro Tanaka added a comment - I would like to work on this issue. Could anyone assign me to this ticket?
        Hide
        ajisakaa Akira Ajisaka added a comment -

        Hi Masahiro Tanaka, I assigned you to this ticket.

        Show
        ajisakaa Akira Ajisaka added a comment - Hi Masahiro Tanaka , I assigned you to this ticket.
        Hide
        masatana Masahiro Tanaka added a comment -

        Thanks Akira Ajisaka! I wrote a patch for this.

        Show
        masatana Masahiro Tanaka added a comment - Thanks Akira Ajisaka ! I wrote a patch for this.
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 12s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        +1 mvninstall 6m 42s trunk passed
        +1 mvnsite 0m 19s trunk passed
        +1 mvnsite 0m 15s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 xml 0m 1s The patch has no ill-formed XML file.
        +1 unit 0m 13s hadoop-kms in the patch passed.
        +1 asflicense 0m 15s The patch does not generate ASF License warnings.
        8m 17s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:a9ad5d6
        JIRA Issue HADOOP-13814
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12839345/HADOOP-13814.patch
        Optional Tests asflicense mvnsite unit xml
        uname Linux a0b241fffb81 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / aab9737
        Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/11087/testReport/
        modules C: hadoop-common-project/hadoop-kms U: hadoop-common-project/hadoop-kms
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/11087/console
        Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 12s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 6m 42s trunk passed +1 mvnsite 0m 19s trunk passed +1 mvnsite 0m 15s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 xml 0m 1s The patch has no ill-formed XML file. +1 unit 0m 13s hadoop-kms in the patch passed. +1 asflicense 0m 15s The patch does not generate ASF License warnings. 8m 17s Subsystem Report/Notes Docker Image:yetus/hadoop:a9ad5d6 JIRA Issue HADOOP-13814 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12839345/HADOOP-13814.patch Optional Tests asflicense mvnsite unit xml uname Linux a0b241fffb81 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / aab9737 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/11087/testReport/ modules C: hadoop-common-project/hadoop-kms U: hadoop-common-project/hadoop-kms Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/11087/console Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        ajisakaa Akira Ajisaka added a comment -

        Thanks Masahiro Tanaka for providing the patch. The change in the document (index.md.vm) looks good to me, but the change in the setting (kms-site.xml) is not good. The setting in kms-site.xml is used as default value, so changing the setting is incompatible. Would you update the default value (kerberos) to "none" instead of "sasl"? Updating "kerberos" to "none" does not change the behavior, so this change is safe.

            <description>
              The Zookeeper authentication type, 'none' or 'sasl' (Kerberos).
            </description>
        

        In addition, I'm thinking we can improve the description to "The ZooKeeper authentication type. Supported values are 'none' (default) and 'sasl' (Kerberos)."

        Show
        ajisakaa Akira Ajisaka added a comment - Thanks Masahiro Tanaka for providing the patch. The change in the document (index.md.vm) looks good to me, but the change in the setting (kms-site.xml) is not good. The setting in kms-site.xml is used as default value, so changing the setting is incompatible. Would you update the default value (kerberos) to "none" instead of "sasl"? Updating "kerberos" to "none" does not change the behavior, so this change is safe. <description> The Zookeeper authentication type, 'none' or 'sasl' (Kerberos). </description> In addition, I'm thinking we can improve the description to "The ZooKeeper authentication type. Supported values are 'none' (default) and 'sasl' (Kerberos)."
        Hide
        masatana Masahiro Tanaka added a comment -

        Thank you Akira Ajisaka for suggestions. I've update the patch.

        Show
        masatana Masahiro Tanaka added a comment - Thank you Akira Ajisaka for suggestions. I've update the patch.
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 13s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        +1 mvninstall 6m 56s trunk passed
        +1 mvnsite 0m 19s trunk passed
        +1 mvnsite 0m 15s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 xml 0m 2s The patch has no ill-formed XML file.
        +1 unit 0m 12s hadoop-kms in the patch passed.
        +1 asflicense 0m 16s The patch does not generate ASF License warnings.
        8m 32s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:a9ad5d6
        JIRA Issue HADOOP-13814
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12839552/HADOOP-13814.1.patch
        Optional Tests asflicense mvnsite unit xml
        uname Linux f7da2faeb572 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / f6ffa11
        Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/11098/testReport/
        modules C: hadoop-common-project/hadoop-kms U: hadoop-common-project/hadoop-kms
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/11098/console
        Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 13s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 6m 56s trunk passed +1 mvnsite 0m 19s trunk passed +1 mvnsite 0m 15s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 xml 0m 2s The patch has no ill-formed XML file. +1 unit 0m 12s hadoop-kms in the patch passed. +1 asflicense 0m 16s The patch does not generate ASF License warnings. 8m 32s Subsystem Report/Notes Docker Image:yetus/hadoop:a9ad5d6 JIRA Issue HADOOP-13814 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12839552/HADOOP-13814.1.patch Optional Tests asflicense mvnsite unit xml uname Linux f7da2faeb572 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / f6ffa11 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/11098/testReport/ modules C: hadoop-common-project/hadoop-kms U: hadoop-common-project/hadoop-kms Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/11098/console Powered by Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        ajisakaa Akira Ajisaka added a comment -

        +1, thanks Masahiro Tanaka.

        Show
        ajisakaa Akira Ajisaka added a comment - +1, thanks Masahiro Tanaka .
        Hide
        ajisakaa Akira Ajisaka added a comment -

        Committed this to trunk, branch-2, and branch-2.8. Thanks Masahiro Tanaka for the contribution!

        Show
        ajisakaa Akira Ajisaka added a comment - Committed this to trunk, branch-2, and branch-2.8. Thanks Masahiro Tanaka for the contribution!
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10864 (See https://builds.apache.org/job/Hadoop-trunk-Commit/10864/)
        HADOOP-13814. Sample configuration of KMS HTTP Authentication signature (aajisaka: rev c65d6b65415742288b53f8e38314b71794e47ecc)

        • (edit) hadoop-common-project/hadoop-kms/src/main/conf/kms-site.xml
        • (edit) hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10864 (See https://builds.apache.org/job/Hadoop-trunk-Commit/10864/ ) HADOOP-13814 . Sample configuration of KMS HTTP Authentication signature (aajisaka: rev c65d6b65415742288b53f8e38314b71794e47ecc) (edit) hadoop-common-project/hadoop-kms/src/main/conf/kms-site.xml (edit) hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm

          People

          • Assignee:
            masatana Masahiro Tanaka
            Reporter:
            masatana Masahiro Tanaka
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development