Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-15307

NFS: flavor AUTH_SYS should use VerifierNone

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.2.0
    • nfs
    • None

    • CentOS 7.4, CDH5.13.1, Kerberized Hadoop cluster

    • Reviewed

    Description

      When NFS gateway starts and if the portmapper request is denied by rpcbind for any reason (in our case, /etc/hosts.allow did not have the localhost), NFS gateway fails with the following obscure exception:

      2018-03-05 12:49:31,976 INFO org.apache.hadoop.oncrpc.SimpleUdpServer: Started listening to UDP requests at port 4242 for Rpc program: mountd at localhost:4242 with workerCount 1
2018-03-05 12:49:31,988 INFO org.apache.hadoop.oncrpc.SimpleTcpServer: Started listening to TCP requests at port 4242 for Rpc program: mountd at localhost:4242 with workerCount 1
2018-03-05 12:49:31,993 TRACE org.apache.hadoop.oncrpc.RpcCall: Xid:692394656, messageType:RPC_CALL, rpcVersion:2, program:100000, version:2, procedure:1, credential:(AuthFlavor:AUTH_NONE), verifier:(AuthFlavor:AUTH_NONE)
2018-03-05 12:49:31,998 FATAL org.apache.hadoop.mount.MountdBase: Failed to start the server. Cause:
java.lang.UnsupportedOperationException: Unsupported verifier flavorAUTH_SYS
at org.apache.hadoop.oncrpc.security.Verifier.readFlavorAndVerifier(Verifier.java:45)
at org.apache.hadoop.oncrpc.RpcDeniedReply.read(RpcDeniedReply.java:50)
at org.apache.hadoop.oncrpc.RpcReply.read(RpcReply.java:67)
at org.apache.hadoop.oncrpc.SimpleUdpClient.run(SimpleUdpClient.java:71)
at org.apache.hadoop.oncrpc.RpcProgram.register(RpcProgram.java:130)
at org.apache.hadoop.oncrpc.RpcProgram.register(RpcProgram.java:101)
at org.apache.hadoop.mount.MountdBase.start(MountdBase.java:83)
at org.apache.hadoop.hdfs.nfs.nfs3.Nfs3.startServiceInternal(Nfs3.java:56)
at org.apache.hadoop.hdfs.nfs.nfs3.Nfs3.startService(Nfs3.java:69)
at org.apache.hadoop.hdfs.nfs.nfs3.PrivilegedNfsGatewayStarter.start(PrivilegedNfsGatewayStarter.java:60)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243)
2018-03-05 12:49:32,007 INFO org.apache.hadoop.util.ExitUtil: Exiting with status 1

       Reading the code comment for class Verifier, I think this bug existed since its inception

      /**
 * Base class for verifier. Currently our authentication only supports 3 types
 * of auth flavors: {@link RpcAuthInfo.AuthFlavor#AUTH_NONE}, {@link RpcAuthInfo.AuthFlavor#AUTH_SYS},
 * and {@link RpcAuthInfo.AuthFlavor#RPCSEC_GSS}. Thus for verifier we only need to handle
 * AUTH_NONE and RPCSEC_GSS
 */
public abstract class Verifier extends RpcAuthInfo {

      The verifier should also handle AUTH_SYS too.

      Attachments

        1. HADOOP-15307.001.patch
          2 kB
          Gabor Bota
        2. HADOOP-15307.002.patch
          4 kB
          Gabor Bota
        3. HADOOP-15307.003.patch
          1 kB
          Gabor Bota
        4. HADOOP-15307.004.patch
          2 kB
          Gabor Bota
        5. HADOOP-15307.005.patch
          2 kB
          Gabor Bota

        Issue Links

          relates to

          Sub-task - The sub-task of the issue HDFS-5085 Refactor o.a.h.nfs to support different types of authentications

          • Major - Major loss of function.
          • Closed

          Activity

            People

              gabor.bota Gabor Bota
              weichiu Wei-Chiu Chuang
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: