[HDFS-3915] QJM: Failover fails with auth error in secure cluster - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: QuorumJournalManager (HDFS-3077)
Fix Version/s: QuorumJournalManager (HDFS-3077)
Component/s: ha, security
Labels:
None

Hadoop Flags:

Reviewed

Description

When testing failover in a secure cluster with QJM, we ran into the following error:

java.io.IOException: Exception trying to open authenticated connection to http://xxxxx:8480/getJournal?jid=journal&segmentTxId=4325&storageInfo=-40%3A1049822920%3A0%3ACID-d7c84ac3-bb09-4d55-baae-0d561bb55e9b
	at org.apache.hadoop.security.SecurityUtil.openSecureHttpConnection(SecurityUtil.java:510)
	at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream$URLLog$1.run(EditLogFileInputStream.java:376)
...	at org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.doTailEdits(EditLogTailer.java:217)
	at org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.catchupDuringFailover(EditLogTailer.java:176)
	at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startActiveServices(FSNamesystem.java:635)
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)

The issue is that the EditLogFileInputStream uses the "current" user, which in the case of the failover trigger is the admin's remote user, rather than the NN's login user.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

hdfs-3915.txt
10/Sep/12 22:28
2 kB
Todd Lipcon

Activity

People

Assignee:: Todd Lipcon

Reporter:: Todd Lipcon

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Sep/12 22:28

Updated:: 11/Sep/12 04:53

Resolved:: 11/Sep/12 04:53