Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
None
-
None
-
None
-
None
-
HDDS BadLands
Description
Currently most of SCM Client APIs has been guarded with checkAdminAccess. This ticket is opened to unblock non-admin client from accessing SCM container/pipeline during block allocation.
scm_1 | 2018-09-22 02:52:32 INFO Server:2726 - IPC Server handler 5 on 9860, call Call#4 Retry#0 org.apache.hadoop.ozone.protocol.StorageContainerLocationProtocol.getContainerWithPipeline from 192.168.0.2:34101
scm_1 | java.io.IOException: Access denied for user testuser/datanode@EXAMPLE.COM. Superuser privilege is required.
scm_1 | at org.apache.hadoop.hdds.scm.server.StorageContainerManager.checkAdminAccess(StorageContainerManager.java:867)
scm_1 | at org.apache.hadoop.hdds.scm.server.SCMClientProtocolServer.getContainerWithPipeline(SCMClientProtocolServer.java:190)
scm_1 | at org.apache.hadoop.ozone.protocolPB.StorageContainerLocationProtocolServerSideTranslatorPB.getContainerWithPipeline(StorageContainerLocationProtocolServerSideTranslatorPB.java:120)
scm_1 | at org.apache.hadoop.hdds.protocol.proto.StorageContainerLocationProtocolProtos$StorageContainerLocationProtocolService$2.callBlockingMethod(StorageContainerLocationProtocolProtos.java:10790)
scm_1 | at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:524)
scm_1 | at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1025)
scm_1 | at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:876)
scm_1 | at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:822)
scm_1 | at java.security.AccessController.doPrivileged(Native Method)
scm_1 | at javax.security.auth.Subject.doAs(Subject.java:422)
scm_1 | at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730)
scm_1 | at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2682)
Attachments
Issue Links
- is duplicated by
-
HDDS-614 Disable StorageContainerManager#checkAdminAccess
- Resolved