Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 2.2.0
    • Fix Version/s: None
    • Component/s: ha, journal-node, security
    • Labels:

      Description

      When HA is implemented with QJM and using kerberos, it's not possible to set wire-encrypted data.
      If it's set property hadoop.rpc.protection to something different to authentication it doesn't work propertly, getting the error:

      ERROR security.UserGroupInformation: PriviledgedActionException as:principal@REALM (auth:KERBEROS) cause:javax.security.sasl.SaslException: No common protection layer between client and ser

      With NFS as shared storage everything works like a charm

      1. namenode.xml
        67 kB
        Juan Carlos Fernandez
      2. journal.xml
        66 kB
        Juan Carlos Fernandez
      3. ssl-server.xml
        2 kB
        Juan Carlos Fernandez
      4. ssl-client.xml
        2 kB
        Juan Carlos Fernandez
      5. jaas.conf
        0.5 kB
        Juan Carlos Fernandez
      6. hdfs-site.xml
        7 kB
        Juan Carlos Fernandez
      7. core-site.xml
        3 kB
        Juan Carlos Fernandez

        Activity

        Juan Carlos Fernandez created issue -
        Juan Carlos Fernandez made changes -
        Field Original Value New Value
        Component/s ha [ 12316609 ]
        Component/s security [ 12313400 ]
        Suresh Srinivas made changes -
        Summary Wire-encriptation in QJM Wire-encription in QJM
        Juan Carlos Fernandez made changes -
        Priority Major [ 3 ] Blocker [ 1 ]
        Juan Carlos Fernandez made changes -
        Attachment core-site.xml [ 12626086 ]
        Attachment hdfs-site.xml [ 12626087 ]
        Attachment jaas.conf [ 12626088 ]
        Attachment ssl-client.xml [ 12626089 ]
        Attachment ssl-server.xml [ 12626090 ]
        Juan Carlos Fernandez made changes -
        Attachment journal.xml [ 12630648 ]
        Attachment namenode.xml [ 12630649 ]
        Haohui Mai made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Not a Problem [ 8 ]
        Juan Carlos Fernandez made changes -
        Resolution Not a Problem [ 8 ]
        Status Resolved [ 5 ] Reopened [ 4 ]
        ilovehadoop made changes -
        Description When HA is implemented with QJM and using kerberos, it's not possible to set wire-encrypted data.
        If it's set property hadoop.rpc.protection to something different to authentication it doesn't work propertly, getting the error:

        ERROR security.UserGroupInformation: PriviledgedActionException as:principal@REALM (auth:KERBEROS) cause:javax.security.sasl.SaslException: No common protection layer between client and server

        With NFS as shared storage everything works like a charm
        When HA is implemented with QJM and using kerberos, it's not possible to set wire-encrypted data.
        If it's set property hadoop.rpc.protection to something different to authentication it doesn't work propertly, getting the error:

        ERROR security.UserGroupInformation: PriviledgedActionException as:principal@REALM (auth:KERBEROS) cause:javax.security.sasl.SaslException: No common protection layer between client and ser

        With NFS as shared storage everything works like a charm
        Harsh J made changes -
        Priority Blocker [ 1 ] Major [ 3 ]
        Harsh J made changes -
        Status Reopened [ 4 ] Resolved [ 5 ]
        Resolution Cannot Reproduce [ 5 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Juan Carlos Fernandez
          • Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development