Hadoop HDFS
  1. Hadoop HDFS
  2. HDFS-1357

HFTP traffic served by DataNode shouldn't use service port on NameNode

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: datanode, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      HDFS-599 introduced a new service port on NameNode to separate system traffic (e.g., heartbeats/blockreports) from client file access requests so that they can be prioritized. All Datanode traffic now goes to the service port. However, datanode also serves as a proxy for HFTP requests from client (served by StreamFile servlet). These HFTP traffic should continue to use the client port on NameNode. Moreover, using the service port for HFTP is incompatible with the existing way of selecting delegation tokens.

      1. h1357-01.patch
        4 kB
        Kan Zhang
      2. h1357-02.patch
        4 kB
        Kan Zhang

        Issue Links

          Activity

          Kan Zhang created issue -
          Kan Zhang made changes -
          Field Original Value New Value
          Component/s data-node [ 12312927 ]
          Component/s security [ 12313400 ]
          Kan Zhang made changes -
          Link This issue relates to HDFS-599 [ HDFS-599 ]
          Hide
          Kan Zhang added a comment -

          Attach a small patch that changes HFTP operations on Datanodes to use the client port on NN. Manually verified the patch on a single node cluster. Without this patch, if one specifies an additional service port 8022 for namenode and security is turned on, client HFTP request would fail and in datanode log one would see the following (no delegation token was found and the RPC client defaults to using Kerberos and then fails). With this patch, client HFTP request succeeds.

          2010-08-26 23:33:18,338 WARN org.mortbay.log: /streamFile/input1/core-site.xml: java.io.IOException: Call to namenode-domain-name:8022 failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
          
          Show
          Kan Zhang added a comment - Attach a small patch that changes HFTP operations on Datanodes to use the client port on NN. Manually verified the patch on a single node cluster. Without this patch, if one specifies an additional service port 8022 for namenode and security is turned on, client HFTP request would fail and in datanode log one would see the following (no delegation token was found and the RPC client defaults to using Kerberos and then fails). With this patch, client HFTP request succeeds. 2010-08-26 23:33:18,338 WARN org.mortbay.log: /streamFile/input1/core-site.xml: java.io.IOException: Call to namenode-domain-name:8022 failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
          Kan Zhang made changes -
          Attachment h1357-01.patch [ 12453189 ]
          Kan Zhang made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Hide
          Dmytro Molkov added a comment -

          The patch looks good to me.
          +1

          Keep in mind though that I have an outstanding patch HDFS-1291 that will only open the client port on the namenode once it is out of safemode.
          Thus HFTP will not be accessible until the namenode is fully up. Which can actually be a good thing because we are preventing clients from hitting the namenode when it is starting up.

          Show
          Dmytro Molkov added a comment - The patch looks good to me. +1 Keep in mind though that I have an outstanding patch HDFS-1291 that will only open the client port on the namenode once it is out of safemode. Thus HFTP will not be accessible until the namenode is fully up. Which can actually be a good thing because we are preventing clients from hitting the namenode when it is starting up.
          Hide
          Kan Zhang added a comment -

          Thanks for the review. Yes, HDFS-1291 sounds like a good idea.

          Show
          Kan Zhang added a comment - Thanks for the review. Yes, HDFS-1291 sounds like a good idea.
          Hide
          Kan Zhang added a comment -

          updated patch for current trunk.

          Show
          Kan Zhang added a comment - updated patch for current trunk.
          Kan Zhang made changes -
          Attachment h1357-02.patch [ 12453710 ]
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12453710/h1357-02.patch
          against trunk revision 990466.

          +1 @author. The patch does not contain any @author tags.

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 findbugs. The patch does not introduce any new Findbugs warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed core unit tests.

          -1 contrib tests. The patch failed contrib unit tests.

          +1 system tests framework. The patch passed system tests framework compile.

          Test results: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/448/testReport/
          Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/448/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/448/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/448/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12453710/h1357-02.patch against trunk revision 990466. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed core unit tests. -1 contrib tests. The patch failed contrib unit tests. +1 system tests framework. The patch passed system tests framework compile. Test results: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/448/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/448/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/448/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/448/console This message is automatically generated.
          Hide
          Jakob Homan added a comment -

          Hudson's AWOL and the previous run is no longer available. Ran commit-tests and they passed. test-patch:

               [exec] -1 overall.  
               [exec] 
               [exec]     +1 @author.  The patch does not contain any @author tags.
               [exec] 
               [exec]     -1 tests included.  The patch doesn't appear to include any new or modified tests.
               [exec]                         Please justify why no new tests are needed for this patch.
               [exec]                         Also please list what manual steps were performed to verify this patch.
               [exec] 
               [exec]     +1 javadoc.  The javadoc tool did not generate any warning messages.
               [exec] 
               [exec]     +1 javac.  The applied patch does not increase the total number of javac compiler warnings.
               [exec] 
               [exec]     +1 findbugs.  The patch does not introduce any new Findbugs warnings.
               [exec] 
               [exec]     +1 release audit.  The applied patch does not increase the total number of release audit warnings.
               [exec] 
               [exec]     +1 system tests framework.  The patch passed system tests framework compile.
          

          Kan manually tested this. +1; I'm going to commit.

          Show
          Jakob Homan added a comment - Hudson's AWOL and the previous run is no longer available. Ran commit-tests and they passed. test-patch: [exec] -1 overall. [exec] [exec] +1 @author. The patch does not contain any @author tags. [exec] [exec] -1 tests included. The patch doesn't appear to include any new or modified tests. [exec] Please justify why no new tests are needed for this patch. [exec] Also please list what manual steps were performed to verify this patch. [exec] [exec] +1 javadoc. The javadoc tool did not generate any warning messages. [exec] [exec] +1 javac. The applied patch does not increase the total number of javac compiler warnings. [exec] [exec] +1 findbugs. The patch does not introduce any new Findbugs warnings. [exec] [exec] +1 release audit. The applied patch does not increase the total number of release audit warnings. [exec] [exec] +1 system tests framework. The patch passed system tests framework compile. Kan manually tested this. +1; I'm going to commit.
          Hide
          Jakob Homan added a comment -

          I've committed this. Resolving as fixed. Thanks, Kan!

          Show
          Jakob Homan added a comment - I've committed this. Resolving as fixed. Thanks, Kan!
          Jakob Homan made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Hadoop Flags [Reviewed]
          Fix Version/s 0.22.0 [ 12314241 ]
          Resolution Fixed [ 1 ]
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Hdfs-trunk-Commit #384 (See https://hudson.apache.org/hudson/job/Hadoop-Hdfs-trunk-Commit/384/)
          HDFS-1357. HFTP traffic served by DataNode shouldn't use service port on NameNode. Contributed by Kan Zhang.

          Show
          Hudson added a comment - Integrated in Hadoop-Hdfs-trunk-Commit #384 (See https://hudson.apache.org/hudson/job/Hadoop-Hdfs-trunk-Commit/384/ ) HDFS-1357 . HFTP traffic served by DataNode shouldn't use service port on NameNode. Contributed by Kan Zhang.
          Konstantin Shvachko made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Patch Available Patch Available
          6d 1h 47m 1 Kan Zhang 01/Sep/10 00:41
          Patch Available Patch Available Resolved Resolved
          9d 23h 1 Jakob Homan 10/Sep/10 23:42
          Resolved Resolved Closed Closed
          457d 7h 38m 1 Konstantin Shvachko 12/Dec/11 06:20

            People

            • Assignee:
              Kan Zhang
              Reporter:
              Kan Zhang
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development