Hadoop Common
  1. Hadoop Common
  2. HADOOP-8338

Can't renew or cancel HDFS delegation tokens over secure RPC

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0.3
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      The fetchdt tool is failing for secure deployments when given --renew or --cancel on tokens fetched using RPC. (The tokens fetched over HTTP can be renewed and canceled fine.)

      1. hadoop-8338.patch
        0.7 kB
        Owen O'Malley

        Activity

        Matt Foley made changes -
        Fix Version/s 1.1.0 [ 12316501 ]
        Hide
        Matt Foley added a comment - - edited

        1.0.3 was a lineal predecessor of 1.1.0.

        Show
        Matt Foley added a comment - - edited 1.0.3 was a lineal predecessor of 1.1.0.
        Matt Foley made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Hide
        Matt Foley added a comment -

        Closed upon release of Hadoop-1.0.3.

        Show
        Matt Foley added a comment - Closed upon release of Hadoop-1.0.3.
        Owen O'Malley made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Hadoop Flags Reviewed [ 10343 ]
        Fix Version/s 1.0.3 [ 12320248 ]
        Fix Version/s 1.1.0 [ 12316501 ]
        Resolution Fixed [ 1 ]
        Hide
        Owen O'Malley added a comment -

        I committed this to branch-1.0 and branch-1. Trunk was already referencing HdfsConfiguration in DelegationTokenFetcher, so the problem won't happen.

        Show
        Owen O'Malley added a comment - I committed this to branch-1.0 and branch-1. Trunk was already referencing HdfsConfiguration in DelegationTokenFetcher, so the problem won't happen.
        Hide
        Tsz Wo Nicholas Sze added a comment -

        Oops, I missed that the patch is for 1.x. Why HdfsConfiguration is mistake?

        +1 on the 1.x patch.

        Show
        Tsz Wo Nicholas Sze added a comment - Oops, I missed that the patch is for 1.x. Why HdfsConfiguration is mistake? +1 on the 1.x patch.
        Hide
        Owen O'Malley added a comment -

        Nicholas,
        I tend to think that HdfsConfiguration is a mistake, but it doesn't even exist in 1.x. I guess the trunk version of the patch should use it.

        Show
        Owen O'Malley added a comment - Nicholas, I tend to think that HdfsConfiguration is a mistake, but it doesn't even exist in 1.x. I guess the trunk version of the patch should use it.
        Hide
        Tsz Wo Nicholas Sze added a comment -

        Hi Owen, we should call HdfsConfiguration.init() instead.

        Show
        Tsz Wo Nicholas Sze added a comment - Hi Owen, we should call HdfsConfiguration.init() instead.
        Owen O'Malley made changes -
        Attachment hadoop-8338.patch [ 12525184 ]
        Hide
        Owen O'Malley added a comment -

        The problem is that fetchdt doesn't include the hdfs-site.xml and therefore doesn't get the value of dfs.namenode.kerberos.principal.

        Show
        Owen O'Malley added a comment - The problem is that fetchdt doesn't include the hdfs-site.xml and therefore doesn't get the value of dfs.namenode.kerberos.principal.
        Owen O'Malley made changes -
        Field Original Value New Value
        Target Version/s 1.0.3 [ 12320248 ]
        Owen O'Malley created issue -

          People

          • Assignee:
            Owen O'Malley
            Reporter:
            Owen O'Malley
          • Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development