Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6951

Distinct minicluster services (e.g. NN and JT) overwrite each other's service policies

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Because the protocol -> ACL mapping in ServiceAuthorizationManager is static, services which are run in the same JVM have the potential to clobber the other's service authorization ACLs whenever ServiceAuthorizationManager.refresh() is called. This causes authorization failures if one tries to launch a 2NN connected to a minicluster with hadoop.security.authorization enabled. Seems like each service should have its own instance of a ServiceAuthorizationManager, instead of using static methods.

        Attachments

        1. hadoop-6951.txt.0
          5 kB
          Aaron T. Myers
        2. hadoop-6951.2.txt
          6 kB
          Aaron T. Myers
        3. hadoop-6951.1.txt
          5 kB
          Aaron T. Myers

          Issue Links

            Activity

              People

              • Assignee:
                atm Aaron T. Myers
                Reporter:
                atm Aaron T. Myers
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: