Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-13690

Improve error message when creating encryption zone while KMS is unreachable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.2.0
    • Component/s: encryption, hdfs, kms
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      In failure testing, we stopped the KMS and then tried to run some encryption related commands.

      hdfs crypto -createZone will complain with a short "RemoteException: Connection refused." This message could be improved to explain that we cannot connect to the KMSClientProvier.

      For example, hadoop key list while KMS is down will error:

       -bash-4.1$ hadoop key list
       Cannot list keys for KeyProvider: KMSClientProvider[http://hdfs-cdh5-vanilla-1.vpc.cloudera.com:16000/kms/v1/]: Connection refusedjava.net.ConnectException: Connection refused
       at java.net.PlainSocketImpl.socketConnect(Native Method)
       at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
       at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
       at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
       at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
       at java.net.Socket.connect(Socket.java:579)
       at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
       at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
       at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
       at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
       at sun.net.www.http.HttpClient.New(HttpClient.java:308)
       at sun.net.www.http.HttpClient.New(HttpClient.java:326)
       at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:996)
       at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932)
       at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:850)
       at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
       at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:125)
       at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:216)
       at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:312)
       at org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:397)
       at org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:392)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAs(Subject.java:415)
       at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1614)
       at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:392)
       at org.apache.hadoop.crypto.key.kms.KMSClientProvider.getKeys(KMSClientProvider.java:479)
       at org.apache.hadoop.crypto.key.KeyShell$ListCommand.execute(KeyShell.java:286)
       at org.apache.hadoop.crypto.key.KeyShell.run(KeyShell.java:79)
       at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
       at org.apache.hadoop.crypto.key.KeyShell.main(KeyShell.java:513)
      

        Attachments

        1. HDFS-13690.001.patch
          5 kB
          Kitti Nanasi
        2. HDFS-13690.002.patch
          5 kB
          Kitti Nanasi
        3. HDFS-13690.003.patch
          2 kB
          Kitti Nanasi
        4. HDFS-13690.004.patch
          2 kB
          Kitti Nanasi

          Issue Links

            Activity

              People

              • Assignee:
                knanasi Kitti Nanasi
                Reporter:
                knanasi Kitti Nanasi
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: