Hadoop Common
  1. Hadoop Common
  2. HADOOP-8857

hadoop.http.authentication.signature.secret.file docs should not state that secret is randomly generated

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-alpha
    • Fix Version/s: 0.23.7
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      The docs and default.xml state that the secret is randomly generated if the secret.file is not present, this is incorrect as the secret must be shared across all nodes in the cluster as it is used to verify the signature of the hadoop.auth cookie. If randomly generated it would be diff in all nodes.

      ORIGINAL DESCRIPTION:

      AuthenticationFilterInitializer#initFilter fails if the configured hadoop.http.authentication.signature.secret.file does not exist, eg:

      java.lang.RuntimeException: Could not read HTTP signature secret file: /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret
      

      Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated with a string) fixes the issue. Per the auth docs "If a secret is not provided a random secret is generated at start up time.", which sounds like it means the file should be generated at startup with a random secrete, which doesn't seem to be the case. Also the instructions in the docs should be more clear in this regard.

      1. HADOOP-8857.patch
        2 kB
        Alejandro Abdelnur

        Activity

        Eli Collins created issue -
        Owen O'Malley made changes -
        Field Original Value New Value
        Assignee Owen O'Malley [ owen.omalley ]
        Alejandro Abdelnur made changes -
        Summary hadoop.http.authentication.signature.secret.file should be created if the configured file does not exist hadoop.http.authentication.signature.secret.file docs should not state that secret is randomly generated
        Description AuthenticationFilterInitializer#initFilter fails if the configured {{hadoop.http.authentication.signature.secret.file}} does not exist, eg:

        {noformat}
        java.lang.RuntimeException: Could not read HTTP signature secret file: /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret
        {noformat}

        Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated with a string) fixes the issue. Per the auth docs "If a secret is not provided a random secret is generated at start up time.", which sounds like it means the file should be generated at startup with a random secrete, which doesn't seem to be the case. Also the instructions in the docs should be more clear in this regard.
        The docs and default.xml state that the secret is randomly generated if the secret.file is not present, this is incorrect as the secret must be shared across all nodes in the cluster as it is used to verify the signature of the hadoop.auth cookie. If randomly generated it would be diff in all nodes.



        ORIGINAL DESCRIPTION:

        AuthenticationFilterInitializer#initFilter fails if the configured {{hadoop.http.authentication.signature.secret.file}} does not exist, eg:

        {noformat}
        java.lang.RuntimeException: Could not read HTTP signature secret file: /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret
        {noformat}

        Creating /var/lib/hadoop-hdfs/hadoop-http-auth-signature-secret (populated with a string) fixes the issue. Per the auth docs "If a secret is not provided a random secret is generated at start up time.", which sounds like it means the file should be generated at startup with a random secrete, which doesn't seem to be the case. Also the instructions in the docs should be more clear in this regard.
        Alejandro Abdelnur made changes -
        Attachment HADOOP-8857.patch [ 12566424 ]
        Alejandro Abdelnur made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Alejandro Abdelnur made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Hadoop Flags Reviewed [ 10343 ]
        Assignee Owen O'Malley [ owen.omalley ] Alejandro Abdelnur [ tucu00 ]
        Resolution Fixed [ 1 ]
        Thomas Graves made changes -
        Fix Version/s 0.23.7 [ 12323956 ]

          People

          • Assignee:
            Alejandro Abdelnur
            Reporter:
            Eli Collins
          • Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development