Hadoop Common
  1. Hadoop Common
  2. HADOOP-8338

Can't renew or cancel HDFS delegation tokens over secure RPC

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0.3
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      The fetchdt tool is failing for secure deployments when given --renew or --cancel on tokens fetched using RPC. (The tokens fetched over HTTP can be renewed and canceled fine.)

      1. hadoop-8338.patch
        0.7 kB
        Owen O'Malley

        Activity

        Hide
        Owen O'Malley added a comment -

        The problem is that fetchdt doesn't include the hdfs-site.xml and therefore doesn't get the value of dfs.namenode.kerberos.principal.

        Show
        Owen O'Malley added a comment - The problem is that fetchdt doesn't include the hdfs-site.xml and therefore doesn't get the value of dfs.namenode.kerberos.principal.
        Hide
        Tsz Wo Nicholas Sze added a comment -

        Hi Owen, we should call HdfsConfiguration.init() instead.

        Show
        Tsz Wo Nicholas Sze added a comment - Hi Owen, we should call HdfsConfiguration.init() instead.
        Hide
        Owen O'Malley added a comment -

        Nicholas,
        I tend to think that HdfsConfiguration is a mistake, but it doesn't even exist in 1.x. I guess the trunk version of the patch should use it.

        Show
        Owen O'Malley added a comment - Nicholas, I tend to think that HdfsConfiguration is a mistake, but it doesn't even exist in 1.x. I guess the trunk version of the patch should use it.
        Hide
        Tsz Wo Nicholas Sze added a comment -

        Oops, I missed that the patch is for 1.x. Why HdfsConfiguration is mistake?

        +1 on the 1.x patch.

        Show
        Tsz Wo Nicholas Sze added a comment - Oops, I missed that the patch is for 1.x. Why HdfsConfiguration is mistake? +1 on the 1.x patch.
        Hide
        Owen O'Malley added a comment -

        I committed this to branch-1.0 and branch-1. Trunk was already referencing HdfsConfiguration in DelegationTokenFetcher, so the problem won't happen.

        Show
        Owen O'Malley added a comment - I committed this to branch-1.0 and branch-1. Trunk was already referencing HdfsConfiguration in DelegationTokenFetcher, so the problem won't happen.
        Hide
        Matt Foley added a comment -

        Closed upon release of Hadoop-1.0.3.

        Show
        Matt Foley added a comment - Closed upon release of Hadoop-1.0.3.
        Hide
        Matt Foley added a comment - - edited

        1.0.3 was a lineal predecessor of 1.1.0.

        Show
        Matt Foley added a comment - - edited 1.0.3 was a lineal predecessor of 1.1.0.

          People

          • Assignee:
            Owen O'Malley
            Reporter:
            Owen O'Malley
          • Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development