Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-15519

KMS fails to read the existing key metadata after upgrading to JDK 1.8u171

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Duplicate
    • Affects Version/s: 2.7.3
    • Fix Version/s: None
    • Component/s: kms
    • Labels:
      None

      Description

      Steps to reproduce are:
      a. Setup a KMS with any OpenJDK 1.8 before u171 and create few KMS keys.
      b. Update KMS to run with OpenJDK 1.8u171 JDK and keys can't be read anymore, as can be seen below

      hadoop key list -metadata
      <keyname> : null
      

      c. Going back to earlier JDK version fixes the issue.

       

      There are no direct error / stacktrace in kms.log when it is not able to read the key metadata. Only Java serialization INFO messages are printed, followed by this one empty line in log which just says:

      ERROR RangerKeyStore - 
      

      In some cases, kms.log can also have these lines:

      2018-05-18 10:40:46,438 DEBUG RangerKmsAuthorizer - <== RangerKmsAuthorizer.assertAccess(null, rangerkms/node1.host.com@ENV.COM (auth:KERBEROS), GET_METADATA) 
      2018-05-18 10:40:46,598 INFO serialization - ObjectInputFilter REJECTED: class org.apache.hadoop.crypto.key.RangerKeyStoreProvider$KeyMetadata, array length: -1, nRefs: 1, depth: 1, bytes: 147, ex: n/a
      2018-05-18 10:40:46,598 ERROR RangerKeyStore - 
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                vrathor-hw Vipin Rathor
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: