Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-4 Implement security for Hadoop Distributed Storage Layer
  3. HDDS-540

Unblock certain SCM client APIs from SCM#checkAdminAccess

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Not A Problem
    • None
    • None
    • None
    • None
    • HDDS BadLands

    Description

      Currently most of SCM Client APIs has been guarded with checkAdminAccess. This ticket is opened to unblock non-admin client from accessing SCM container/pipeline during block allocation. 

       

      
      scm_1           | 2018-09-22 02:52:32 INFO  Server:2726 - IPC Server handler 5 on 9860, call Call#4 Retry#0 org.apache.hadoop.ozone.protocol.StorageContainerLocationProtocol.getContainerWithPipeline from 192.168.0.2:34101
      
      scm_1           | java.io.IOException: Access denied for user testuser/datanode@EXAMPLE.COM. Superuser privilege is required.
      
      scm_1           | at org.apache.hadoop.hdds.scm.server.StorageContainerManager.checkAdminAccess(StorageContainerManager.java:867)
      
      scm_1           | at org.apache.hadoop.hdds.scm.server.SCMClientProtocolServer.getContainerWithPipeline(SCMClientProtocolServer.java:190)
      
      scm_1           | at org.apache.hadoop.ozone.protocolPB.StorageContainerLocationProtocolServerSideTranslatorPB.getContainerWithPipeline(StorageContainerLocationProtocolServerSideTranslatorPB.java:120)
      
      scm_1           | at org.apache.hadoop.hdds.protocol.proto.StorageContainerLocationProtocolProtos$StorageContainerLocationProtocolService$2.callBlockingMethod(StorageContainerLocationProtocolProtos.java:10790)
      
      scm_1           | at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:524)
      
      scm_1           | at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1025)
      
      scm_1           | at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:876)
      
      scm_1           | at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:822)
      
      scm_1           | at java.security.AccessController.doPrivileged(Native Method)
      
      scm_1           | at javax.security.auth.Subject.doAs(Subject.java:422)
      
      scm_1           | at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730)
      
      scm_1           | at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2682)
      
      

      Attachments

        Issue Links

          Activity

            People

              xyao Xiaoyu Yao
              xyao Xiaoyu Yao
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: