[HDDS-7529] Secure SCM bootstrap fails if clusterID validation is disabled - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Not A Bug
Affects Version/s: 1.3.0
Fix Version/s: None
Component/s: SCM HA
Labels:
None

Target Version/s:

1.4.0

Description

Secure SCM bootstrap fails if ozone.scm.skip.bootstrap.validation=true.

org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[KERBEROS]
  ...
  at org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB.getSCMCertChain(SCMSecurityProtocolClientSideTranslatorPB.java:222)
  at org.apache.hadoop.hdds.scm.ha.HASecurityUtils.getRootCASignedSCMCert(HASecurityUtils.java:150)
  at org.apache.hadoop.hdds.scm.ha.HASecurityUtils.initializeSecurity(HASecurityUtils.java:103)
  at org.apache.hadoop.hdds.scm.server.StorageContainerManager.initializeSecurityIfNeeded(StorageContainerManager.java:1157)
  at org.apache.hadoop.hdds.scm.server.StorageContainerManager.scmBootstrap(StorageContainerManager.java:1084)
  at org.apache.hadoop.hdds.scm.server.StorageContainerManagerStarter$SCMStarterHelper.bootStrap(StorageContainerManagerStarter.java:192)
  at org.apache.hadoop.hdds.scm.server.StorageContainerManagerStarter.bootStrapScm(StorageContainerManagerStarter.java:135)

Attachments

Activity

People

Assignee:: Aryan Gupta

Reporter:: Attila Doroszlai

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Nov/22 18:08

Updated:: 25/Aug/23 07:57

Resolved:: 25/Aug/23 07:57