Description
When http filter initializers is setup to use StaticUserWebFilter, AuthFilter is still setup. This prevents datanode to talk to namenode.
Error message in namenode logs:
2019-07-24 15:47:38,038 INFO org.apache.hadoop.hdfs.DFSUtil: Filter initializers set : org.apache.hadoop.http.lib.StaticUserWebFilter,org.apache.hadoop.hdfs.web.AuthFilterInitializer 2019-07-24 16:06:26,212 WARN SecurityLogger.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: Authorization failed for hdfs (auth:SIMPLE) for protocol=interface org.apache.hadoop.hdfs.server.protocol.DatanodeProtocol: this service is only accessible by dn/eyang-5.openstacklocal@EXAMPLE.COM
Errors in datanode log:
2019-07-24 16:07:01,253 WARN org.apache.hadoop.hdfs.server.datanode.DataNode: Problem connecting to server: eyang-1.openstacklocal/172.26.111.17:9000
The logic in HADOOP-16354 always added AuthFilter regardless security is enabled or not. This is incorrect. When simple security is chosen and using StaticUserWebFilter. AutheFilter check should not be required for datanode to communicate with namenode.