Hadoop Common
  1. Hadoop Common
  2. HADOOP-6932

Namenode start (init) fails because of invalid kerberos key, even when security set to "simple"

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      NameNode.initialize() calls login() method even when security set to simple

      1. HADOOP-6932.patch
        0.7 kB
        Boris Shkolnik
      2. HADOOP-6932-1.patch
        2 kB
        Boris Shkolnik
      3. HADOOP-6932-2.patch
        3 kB
        Boris Shkolnik
      4. HDFS-1358.patch
        1 kB
        Boris Shkolnik

        Activity

        Hide
        Kan Zhang added a comment -

        Boris, I'm curious what error did you see? Was is a complaint about Kerberos service principal name wasn't configured properly?

        Show
        Kan Zhang added a comment - Boris, I'm curious what error did you see? Was is a complaint about Kerberos service principal name wasn't configured properly?
        Hide
        Boris Shkolnik added a comment -

        this one:
        "Kerberos service principal name isn't configured properly (should have 3 parts)"

        Show
        Boris Shkolnik added a comment - this one: "Kerberos service principal name isn't configured properly (should have 3 parts)"
        Hide
        Kan Zhang added a comment -

        You may want to consider adding the following to SecurityUtil.login(), just like UGI.loginUserFromKeytab() does. Also, shouldn't we throw an exception when keytabFilename == null?

            if (!UserGroupInformation.isSecurityEnabled())
              return;
        
        Show
        Kan Zhang added a comment - You may want to consider adding the following to SecurityUtil.login(), just like UGI.loginUserFromKeytab() does. Also, shouldn't we throw an exception when keytabFilename == null? if (!UserGroupInformation.isSecurityEnabled()) return ;
        Hide
        Boris Shkolnik added a comment -

        as per Kan's suggestion

        Show
        Boris Shkolnik added a comment - as per Kan's suggestion
        Hide
        Boris Shkolnik added a comment -

        ran ant test. All passed.

        Show
        Boris Shkolnik added a comment - ran ant test. All passed.
        Hide
        Kan Zhang added a comment -

        Please make sure we don't break any existing code by throwing an exception when keytabFilename == null.
        Otherwise, +1 on the patch.

        Show
        Kan Zhang added a comment - Please make sure we don't break any existing code by throwing an exception when keytabFilename == null. Otherwise, +1 on the patch.
        Hide
        Kan Zhang added a comment -

        One minor nit, can we add a condition for keytabFilename.length() == 0 as well?

        Show
        Kan Zhang added a comment - One minor nit, can we add a condition for keytabFilename.length() == 0 as well?
        Hide
        Boris Shkolnik added a comment -

        addressed Kan's comment and added test

        Show
        Boris Shkolnik added a comment - addressed Kan's comment and added test
        Hide
        Kan Zhang added a comment -

        +1.

        Show
        Kan Zhang added a comment - +1.
        Hide
        Boris Shkolnik added a comment -

        ran tests. all passed (except TestHdfsTrash, which fails anyway).

        committed to trunk.

        Show
        Boris Shkolnik added a comment - ran tests. all passed (except TestHdfsTrash, which fails anyway). committed to trunk.
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk-Commit #369 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk-Commit/369/)
        HADOOP-6932. Namenode start (init) fails because of invalid kerberos key, even when security set to simple

        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #369 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk-Commit/369/ ) HADOOP-6932 . Namenode start (init) fails because of invalid kerberos key, even when security set to simple
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk #439 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk/439/)
        HADOOP-6932. Namenode start (init) fails because of invalid kerberos key, even when security set to simple

        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk #439 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk/439/ ) HADOOP-6932 . Namenode start (init) fails because of invalid kerberos key, even when security set to simple

          People

          • Assignee:
            Boris Shkolnik
            Reporter:
            Boris Shkolnik
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development