Hadoop HDFS
  1. Hadoop HDFS
  2. HDFS-5627

FSCK and checkpoint not working when kerberos security+https is enabled.

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Blocker Blocker
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: namenode
    • Labels:
      None

      Description

      Connecting to namenode via https://<nn-ip>:50070
      13/12/04 15:00:48 ERROR security.UserGroupInformation: PriviledgedActionException as:vinay/hadoop@HADOOP.COM (auth:KERBEROS) cause:javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
      Exception in thread "main" javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
              at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523)
              at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
              at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
              at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
              at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
              at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:186)
              at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:232)
              at org.apache.hadoop.hdfs.web.URLConnectionFactory.openConnection(URLConnectionFactory.java:164)
      

        Issue Links

          Activity

          Hide
          Vinayakumar B added a comment -

          Thanks Jing, I will close this as duplicate.

          Show
          Vinayakumar B added a comment - Thanks Jing, I will close this as duplicate.
          Hide
          Jing Zhao added a comment -

          Thanks Vinay! So Haohui Mai is currently working on this, and I guess he will fix this part in HDFS-5312 and HDFS-5311.

          Show
          Jing Zhao added a comment - Thanks Vinay! So Haohui Mai is currently working on this, and I guess he will fix this part in HDFS-5312 and HDFS-5311 .
          Hide
          Vinayakumar B added a comment -

          When checked the code,
          DFSUtil#getInfoServer is always used with https as false.
          And So, fsck and checkpointers are trying to checkpoint to http port with https schema.

          Ideally, DFSUtil#getInfoServer should return the address based on configuration whether https is enabled or not.

          Show
          Vinayakumar B added a comment - When checked the code, DFSUtil#getInfoServer is always used with https as false. And So, fsck and checkpointers are trying to checkpoint to http port with https schema. Ideally, DFSUtil#getInfoServer should return the address based on configuration whether https is enabled or not.

            People

            • Assignee:
              Vinayakumar B
              Reporter:
              Vinayakumar B
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development