[HDFS-3059] ssl-server.xml causes NullPointer - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.7.1
Fix Version/s: 2.8.0, 3.0.0-alpha1
Component/s: datanode, security
Labels:
- BB2015-05-TBR
Environment:
Hide

in core-site.xml:

<property> <name>hadoop.security.authentication</name> <value>kerberos</value> </property> <property> <name>hadoop.security.authorization</name> <value>true</value> </property>

in hdfs-site.xml:

<property> <name>dfs.https.server.keystore.resource</name> <value>/etc/hadoop/conf/ssl-server.xml</value> </property> <property> <name>dfs.https.enable</name> <value>true</value> </property> <property> ...other security props </property>
Show
in core-site.xml: <property> <name> hadoop.security.authentication </name> <value> kerberos </value> </property> <property> <name> hadoop.security.authorization </name> <value> true </value> </property> in hdfs-site.xml: <property> <name> dfs.https.server.keystore.resource </name> <value> /etc/hadoop/conf/ssl-server.xml </value> </property> <property> <name> dfs.https.enable </name> <value> true </value> </property> <property> ...other security props </property>

Target Version/s:

2.8.0

Description

If ssl is enabled (dfs.https.enable) but ssl-server.xml is not available, a DN will crash during startup while setting up an SSL socket with a NullPointerException:

12/03/07 17:08:36 DEBUG security.Krb5AndCertsSslSocketConnector: useKerb = false, useCerts = true
jetty.ssl.password : jetty.ssl.keypassword : 12/03/07 17:08:36 INFO mortbay.log: jetty-6.1.26.cloudera.1
12/03/07 17:08:36 INFO mortbay.log: Started SelectChannelConnector@p-worker35.alley.sara.nl:1006
12/03/07 17:08:36 DEBUG security.Krb5AndCertsSslSocketConnector: Creating new KrbServerSocket for: 0.0.0.0
12/03/07 17:08:36 WARN mortbay.log: java.lang.NullPointerException
12/03/07 17:08:36 WARN mortbay.log: failed Krb5AndCertsSslSocketConnector@0.0.0.0:50475: java.io.IOException: !JsseListener: java.lang.NullPointerException
12/03/07 17:08:36 WARN mortbay.log: failed Server@604788d5: java.io.IOException: !JsseListener: java.lang.NullPointerException
12/03/07 17:08:36 INFO mortbay.log: Stopped Krb5AndCertsSslSocketConnector@0.0.0.0:50475
12/03/07 17:08:36 INFO mortbay.log: Stopped SelectChannelConnector@p-worker35.alley.sara.nl:1006
12/03/07 17:08:37 INFO datanode.DataNode: Waiting for threadgroup to exit, active threads is 0

The same happens if I set an absolute path to an existing dfs.https.server.keystore.resource - in this case the file cannot be found but not even a WARN is given.

Since in dfs.https.server.keystore.resource we know we need to have 4 properties specified (ssl.server.truststore.location, ssl.server.keystore.location, ssl.server.keystore.password, and ssl.server.keystore.keypassword) we should check if they are set and throw an IOException if they are not.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-3059.02.patch
02/May/15 20:37
2 kB
Allen Wittenauer
HDFS-3059.03.patch
27/Aug/15 01:05
2 kB
Ravi Prakash
HDFS-3059.04.patch
09/Oct/15 01:04
6 kB
Xiao Chen
HDFS-3059.05.patch
09/Oct/15 19:04
6 kB
Xiao Chen
HDFS-3059.06.patch
16/Oct/15 01:29
6 kB
Xiao Chen
HDFS-3059.07.patch
20/Oct/15 01:24
8 kB
Xiao Chen
HDFS-3059.08.patch
20/Oct/15 05:55
9 kB
Xiao Chen
HDFS-3059.patch
07/Mar/12 16:46
1.0 kB
Evert Lammerts
HDFS-3059.patch.2
08/Mar/12 08:50
2 kB
Evert Lammerts
HDFS-3059-branch2.patch
21/Oct/15 00:55
9 kB
Xiao Chen

Issue Links

is related to

HDFS-9519 Some coding improvement in SecondaryNameNode#main

Resolved

Activity

People

Assignee:: Xiao Chen

Reporter:: Evert Lammerts

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 07/Mar/12 16:33

Updated:: 30/Aug/16 01:42

Resolved:: 21/Oct/15 01:00