Hadoop HDFS
  1. Hadoop HDFS
  2. HDFS-6666

Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.7.1
    • Fix Version/s: 2.8.0
    • Component/s: datanode, namenode, security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      NameNode and DataNode now abort during startup if attempting to run in secure mode, but block access tokens are not enabled by setting configuration property dfs.block.access.token.enable to true in hdfs-site.xml. Previously, this case logged a warning, because this would be an insecure configuration.
      Show
      NameNode and DataNode now abort during startup if attempting to run in secure mode, but block access tokens are not enabled by setting configuration property dfs.block.access.token.enable to true in hdfs-site.xml. Previously, this case logged a warning, because this would be an insecure configuration.

      Description

      Currently, if security is enabled by setting hadoop.security.authentication to kerberos, but HDFS block access tokens are disabled by setting dfs.block.access.token.enable to false (which is the default), then the NameNode logs an error and proceeds, and the DataNode proceeds without even logging an error. This jira proposes that this it's invalid to turn on security but not turn on block access tokens, and that it would be better to fail fast and abort the daemons during startup if this happens.

      1. HDFS-6666.001.patch
        11 kB
        Vijay Bhat
      2. HDFS-6666.002.patch
        11 kB
        Vijay Bhat
      3. HDFS-6666.003.patch
        12 kB
        Vijay Bhat
      4. HDFS-6666.004.patch
        14 kB
        Vijay Bhat
      5. HDFS-6666.005.patch
        13 kB
        Vijay Bhat

        Issue Links

          Activity

          Hide
          Haohui Mai added a comment -

          +1 for the proposal.

          Show
          Haohui Mai added a comment - +1 for the proposal.
          Hide
          Arpit Agarwal added a comment -

          +1 from me too.

          In the spirit of reducing redundant configuration, can we just assume block access tokens are enabled when security is on (even if the setting is 'off'')?

          Show
          Arpit Agarwal added a comment - +1 from me too. In the spirit of reducing redundant configuration, can we just assume block access tokens are enabled when security is on (even if the setting is 'off'')?
          Hide
          Vijay Bhat added a comment -

          Chris Nauroth, Arpit Agarwal I can take this on.

          I've made the code changes for the namenode and datanode to abort if they find an inconsistency between security being enabled and the block access token disabled.

          I've also added a test case in org.apache.hadoop.hdfs.server.namenode.TestSecureNameNode, however I am having trouble getting kerberos test cases to execute. The test always seems to get skipped. I tried running with the kerberos profile (https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/BUILDING.txt) with the command:

          mvn test -PtestKerberos -Dtest=org.apache.hadoop.hdfs.server.namenode.TestSecureNameNode

          All test cases in TestSecureNameNode still get skipped. Any pointers on how I can get them to run? Appreciate the help!

          Show
          Vijay Bhat added a comment - Chris Nauroth , Arpit Agarwal I can take this on. I've made the code changes for the namenode and datanode to abort if they find an inconsistency between security being enabled and the block access token disabled. I've also added a test case in org.apache.hadoop.hdfs.server.namenode.TestSecureNameNode, however I am having trouble getting kerberos test cases to execute. The test always seems to get skipped. I tried running with the kerberos profile ( https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/BUILDING.txt ) with the command: mvn test -PtestKerberos -Dtest=org.apache.hadoop.hdfs.server.namenode.TestSecureNameNode All test cases in TestSecureNameNode still get skipped. Any pointers on how I can get them to run? Appreciate the help!
          Hide
          Arpit Agarwal added a comment -

          Hi Vijay Bhat, thank you for volunteering to help with this issue and adding a test case.

          You will need to enable the Maven startKdc profile for running secure NN tests. Secure NN uses ApacheDS but unfortunately the URL is broken. Looks like we'll need to fix the download URL to get startKdc working. Do you want to give it a shot too?

          $ mvn -q test -PtestKerberos,startKdc -Dtest=TestSecureNameNode
               [exec] Result: 1
          [ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7:run (kdc) on project hadoop-common: An Ant BuildException has occured: Can't get http://newverhost.com/pub//directory/apacheds/unstable/1.5/1.5.7/apacheds-1.5.7.tar.gz to /Users/aagarwal/src/hdp/hadoop-common-project/hadoop-common/target/test-classes/kdc/downloads/apacheds-1.5.7.tar.gz
          [ERROR] around Ant part ...<get dest="/Users/aagarwal/src/hdp/hadoop-common-project/hadoop-common/target/test-classes/kdc/downloads" skipexisting="true" verbose="true" src="http://newverhost.com/pub//directory/apacheds/unstable/1.5/1.5.7/apacheds-1.5.7.tar.gz"/>..
          
          Show
          Arpit Agarwal added a comment - Hi Vijay Bhat , thank you for volunteering to help with this issue and adding a test case. You will need to enable the Maven startKdc profile for running secure NN tests. Secure NN uses ApacheDS but unfortunately the URL is broken. Looks like we'll need to fix the download URL to get startKdc working. Do you want to give it a shot too? $ mvn -q test -PtestKerberos,startKdc -Dtest=TestSecureNameNode [exec] Result: 1 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7:run (kdc) on project hadoop-common: An Ant BuildException has occured: Can't get http: //newverhost.com/pub//directory/apacheds/unstable/1.5/1.5.7/apacheds-1.5.7.tar.gz to /Users/aagarwal/src/hdp/hadoop-common-project/hadoop-common/target/test-classes/kdc/downloads/apacheds-1.5.7.tar.gz [ERROR] around Ant part ...<get dest= "/Users/aagarwal/src/hdp/hadoop-common-project/hadoop-common/target/test-classes/kdc/downloads" skipexisting= " true " verbose= " true " src= "http: //newverhost.com/pub//directory/apacheds/unstable/1.5/1.5.7/apacheds-1.5.7.tar.gz" />..
          Hide
          Chris Nauroth added a comment -

          Actually, I've been meaning to propose that we remove the startKdc profile and migrate existing tests that use it to look more like the tests I wrote for HDFS-2856. For an example, see TestSaslDataTransfer and its base class SaslDataTransferTestCase. You might find it useful to extend that same base class.

          These tests work by depending on the hadoop-minikdc project instead of an external Apache Directory Server distro URL. They also enable SASL on data transfer protocol and SSL on the web servers, so there is no need for root or trying to set backdoor properties to skip some of the security checks.

          Show
          Chris Nauroth added a comment - Actually, I've been meaning to propose that we remove the startKdc profile and migrate existing tests that use it to look more like the tests I wrote for HDFS-2856 . For an example, see TestSaslDataTransfer and its base class SaslDataTransferTestCase . You might find it useful to extend that same base class. These tests work by depending on the hadoop-minikdc project instead of an external Apache Directory Server distro URL. They also enable SASL on data transfer protocol and SSL on the web servers, so there is no need for root or trying to set backdoor properties to skip some of the security checks.
          Hide
          Vijay Bhat added a comment -

          Chris Nauroth - great suggestion Chris, thanks! I extended SaslDataTransferTestCase for my test case and it works great - I also made some changes to it to define a principal for hdfs as well as a regular user (needed for my test scenario). I'll be on the lookout for other test case failures, but I'd really appreciate your thoughts on the patch.

          Show
          Vijay Bhat added a comment - Chris Nauroth - great suggestion Chris, thanks! I extended SaslDataTransferTestCase for my test case and it works great - I also made some changes to it to define a principal for hdfs as well as a regular user (needed for my test scenario). I'll be on the lookout for other test case failures, but I'd really appreciate your thoughts on the patch.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12708855/HDFS-6666.001.patch
          against trunk revision 4d14816.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 2 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 javadoc. The javadoc tool appears to have generated 43 warning messages.
          See https://builds.apache.org/job/PreCommit-HDFS-Build/10157//artifact/patchprocess/diffJavadocWarnings.txt for details.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests in hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager:

          org.apache.hadoop.yarn.server.resourcemanager.TestWorkPreservingRMRestart
          org.apache.hadoop.yarn.server.resourcemanager.recovery.TestZKRMStateStore
          org.apache.hadoop.yarn.server.resourcemanager.recovery.TestLeveldbRMStateStore

          The following test timeouts occurred in hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager:

          org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.TestContainerAllocation

          Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10157//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10157//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12708855/HDFS-6666.001.patch against trunk revision 4d14816. +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 2 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. -1 javadoc . The javadoc tool appears to have generated 43 warning messages. See https://builds.apache.org/job/PreCommit-HDFS-Build/10157//artifact/patchprocess/diffJavadocWarnings.txt for details. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. -1 core tests . The patch failed these unit tests in hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager: org.apache.hadoop.yarn.server.resourcemanager.TestWorkPreservingRMRestart org.apache.hadoop.yarn.server.resourcemanager.recovery.TestZKRMStateStore org.apache.hadoop.yarn.server.resourcemanager.recovery.TestLeveldbRMStateStore The following test timeouts occurred in hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager: org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.TestContainerAllocation Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10157//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10157//console This message is automatically generated.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12709087/HDFS-6666.001.patch
          against trunk revision 6a6a59d.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 2 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-hdfs-project/hadoop-hdfs.

          Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10167//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10167//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12709087/HDFS-6666.001.patch against trunk revision 6a6a59d. +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 2 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-hdfs-project/hadoop-hdfs. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10167//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10167//console This message is automatically generated.
          Hide
          Vijay Bhat added a comment -

          Chris Nauroth, Arpit Agarwal, all test cases for the patch pass. Could you please review the patch when you get a chance?

          Show
          Vijay Bhat added a comment - Chris Nauroth , Arpit Agarwal , all test cases for the patch pass. Could you please review the patch when you get a chance?
          Hide
          Arpit Agarwal added a comment - - edited

          Hi Vijay, the code change looks fine. You don't need the && UserGroupInformation.isSecurityEnabled() clause in DataNode#checkSecureConfig. Also suggest rewording when clients attempt to talk to a DataNode to when clients attempt to connect to DataNodes.

          The behavior of TestSecureNameNode#testName has changed. We used to login as user1 using keytab, now the test runs as the currently logged in user. Was this intentional?

          Show
          Arpit Agarwal added a comment - - edited Hi Vijay, the code change looks fine. You don't need the && UserGroupInformation.isSecurityEnabled() clause in DataNode#checkSecureConfig . Also suggest rewording when clients attempt to talk to a DataNode to when clients attempt to connect to DataNodes . The behavior of TestSecureNameNode#testName has changed. We used to login as user1 using keytab, now the test runs as the currently logged in user. Was this intentional?
          Hide
          Vijay Bhat added a comment -

          Arpit Agarwal I need to check for the kerberos enabled (UserGroupInformation.isSecurityEnabled()) setting too right? My understanding of the issue was that we don't want the data node to fail down the line because the block access token config was disabled and Kerberos was enabled.

          For the TestSecureNameNode class, I refactored it to use the SaslDataTransferTestCase utility as Chris Nauroth suggested - the class tests for Kerberos without needing to use the startKdc profile. Currently Kerberos test cases get skipped if we don't use the startKdc profile, so Jenkins seems to be skipping Kerberos test cases by default. By doing this refactor, we can ensure that this functionality is always tested.

          As for what the code is doing in TestSecureNameNode#testName, I am trying to mirror the intent of the original test case - after Kerberos authentication, the root user can create new directories, but a user other than root cannot create directories where it does not have write access (substituting current user for user1). Please let me know your thoughts.

          Show
          Vijay Bhat added a comment - Arpit Agarwal I need to check for the kerberos enabled (UserGroupInformation.isSecurityEnabled()) setting too right? My understanding of the issue was that we don't want the data node to fail down the line because the block access token config was disabled and Kerberos was enabled. For the TestSecureNameNode class, I refactored it to use the SaslDataTransferTestCase utility as Chris Nauroth suggested - the class tests for Kerberos without needing to use the startKdc profile. Currently Kerberos test cases get skipped if we don't use the startKdc profile, so Jenkins seems to be skipping Kerberos test cases by default. By doing this refactor, we can ensure that this functionality is always tested. As for what the code is doing in TestSecureNameNode#testName, I am trying to mirror the intent of the original test case - after Kerberos authentication, the root user can create new directories, but a user other than root cannot create directories where it does not have write access (substituting current user for user1). Please let me know your thoughts.
          Hide
          Arpit Agarwal added a comment -

          Thanks for the response Vijay Bhat.

          Arpit Agarwal I need to check for the kerberos enabled (UserGroupInformation.isSecurityEnabled()) setting too right? My understanding of the issue was that we don't want the data node to fail down the line because the block access token config was disabled and Kerberos was enabled.

          I meant we have a check for earlier in the function to return if UserGroupInformation.isSecurityEnabled() is false so the second check is redundant.

              if (!UserGroupInformation.isSecurityEnabled()) {
                return;
              }
          
              // Abort out of inconsistent state if Kerberos is enabled
              // but block access tokens are not enabled.
              boolean isEnabled = conf.getBoolean(
                  DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY,
                  DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_DEFAULT);
              if (!isEnabled && UserGroupInformation.isSecurityEnabled()) {
          

          As for what the code is doing in TestSecureNameNode#testName, I am trying to mirror the intent of the original test case - after Kerberos authentication, the root user can create new directories, but a user other than root cannot create directories where it does not have write access (substituting current user for user1).

          Okay. The only minor concern would be the test fails if the logged in user is hdfs. How about generating a random user name?

          @@ -82,7 +83,7 @@ public static void initKdc() throws Exception {
               kdc.start();
          
          -    String userName = UserGroupInformation.getLoginUser().getShortUserName();
          +    String userName = RandomStringUtils.randomAlphabetic(8);
          

          Also an assertion message in testName still references user1.

                  Path p = new Path("/users/mydir");
                  fs.mkdirs(p);
                  fail("user1 must not be allowed to write in /users");
          

          Looks good otherwise.

          Show
          Arpit Agarwal added a comment - Thanks for the response Vijay Bhat . Arpit Agarwal I need to check for the kerberos enabled (UserGroupInformation.isSecurityEnabled()) setting too right? My understanding of the issue was that we don't want the data node to fail down the line because the block access token config was disabled and Kerberos was enabled. I meant we have a check for earlier in the function to return if UserGroupInformation.isSecurityEnabled() is false so the second check is redundant. if (!UserGroupInformation.isSecurityEnabled()) { return ; } // Abort out of inconsistent state if Kerberos is enabled // but block access tokens are not enabled. boolean isEnabled = conf.getBoolean( DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_DEFAULT); if (!isEnabled && UserGroupInformation.isSecurityEnabled()) { As for what the code is doing in TestSecureNameNode#testName, I am trying to mirror the intent of the original test case - after Kerberos authentication, the root user can create new directories, but a user other than root cannot create directories where it does not have write access (substituting current user for user1). Okay. The only minor concern would be the test fails if the logged in user is hdfs . How about generating a random user name? @@ -82,7 +83,7 @@ public static void initKdc() throws Exception { kdc.start(); - String userName = UserGroupInformation.getLoginUser().getShortUserName(); + String userName = RandomStringUtils.randomAlphabetic(8); Also an assertion message in testName still references user1. Path p = new Path( "/users/mydir" ); fs.mkdirs(p); fail( "user1 must not be allowed to write in /users" ); Looks good otherwise.
          Hide
          Vijay Bhat added a comment -

          Arpit Agarwal Ah of course - I see what you meant in your earlier comment about checking for UserGroupInformation.isSecurityEnabled().

          I will make the changes you suggest and resubmit the patch.

          Show
          Vijay Bhat added a comment - Arpit Agarwal Ah of course - I see what you meant in your earlier comment about checking for UserGroupInformation.isSecurityEnabled(). I will make the changes you suggest and resubmit the patch.
          Hide
          Chris Nauroth added a comment -

          Thank you for the patch, Vijay Bhat.

          It's not necessary to call LOG.error before throwing the exceptions. The exceptions will propagate out and get logged at a higher layer before the process terminates. The log statements here would cause the error to get logged twice.

          On the NameNode side, I recommend changing the existing code in BlockManager#createBlockTokenSecretManager instead of adding new code to the NameNode class. The existing code currently logs an error. We'd just need to change it to throw an exception.

          In the test, I recommend using JUnit's ExpectedException with the expected message set to something like "Security is enabled but block access tokens". For an example of this, see TestSaslDataTransfer#testDataNodeAbortsIfNoSasl. This will help us guarantee that the exception is thrown from the right place and for the right reason.

          Show
          Chris Nauroth added a comment - Thank you for the patch, Vijay Bhat . It's not necessary to call LOG.error before throwing the exceptions. The exceptions will propagate out and get logged at a higher layer before the process terminates. The log statements here would cause the error to get logged twice. On the NameNode side, I recommend changing the existing code in BlockManager#createBlockTokenSecretManager instead of adding new code to the NameNode class. The existing code currently logs an error. We'd just need to change it to throw an exception. In the test, I recommend using JUnit's ExpectedException with the expected message set to something like "Security is enabled but block access tokens". For an example of this, see TestSaslDataTransfer#testDataNodeAbortsIfNoSasl . This will help us guarantee that the exception is thrown from the right place and for the right reason.
          Hide
          Vijay Bhat added a comment -

          Thanks for the feedback Chris Nauroth. I've made the changes you recommend and resubmitted the patch.

          Show
          Vijay Bhat added a comment - Thanks for the feedback Chris Nauroth . I've made the changes you recommend and resubmitted the patch.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12724048/HDFS-6666.002.patch
          against trunk revision cc25823.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 2 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs:

          org.apache.hadoop.hdfs.server.namenode.TestFileTruncate

          Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10217//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10217//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12724048/HDFS-6666.002.patch against trunk revision cc25823. +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 2 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. -1 core tests . The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.hdfs.server.namenode.TestFileTruncate Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10217//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10217//console This message is automatically generated.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12724072/HDFS-6666.003.patch
          against trunk revision cc25823.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 2 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs:

          org.apache.hadoop.hdfs.server.namenode.TestBackupNode

          Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10222//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10222//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12724072/HDFS-6666.003.patch against trunk revision cc25823. +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 2 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. -1 core tests . The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.hdfs.server.namenode.TestBackupNode Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10222//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10222//console This message is automatically generated.
          Hide
          Chris Nauroth added a comment -

          Thank you for making the suggested changes in the logging and the test.

          I apologize if this was unclear in my last comment, but I actually was suggesting that we remove NameNode.java completely from this patch. Instead, the patch could change BlockManager.java. The createBlockTokenSecretManager method already has the same logic to check the configuration. It currently logs an error. We'd just need to change that to throw an exception instead of logging.

          Show
          Chris Nauroth added a comment - Thank you for making the suggested changes in the logging and the test. I apologize if this was unclear in my last comment, but I actually was suggesting that we remove NameNode.java completely from this patch. Instead, the patch could change BlockManager.java. The createBlockTokenSecretManager method already has the same logic to check the configuration. It currently logs an error. We'd just need to change that to throw an exception instead of logging.
          Hide
          Vijay Bhat added a comment -

          Chris Nauroth, I missed that part of your comment earlier, sorry about that. I've removed the error logic from NameNode and modified

          {createBlockTokenSecretManager}

          to throw an exception. Patch uploaded for review.

          Show
          Vijay Bhat added a comment - Chris Nauroth , I missed that part of your comment earlier, sorry about that. I've removed the error logic from NameNode and modified {createBlockTokenSecretManager} to throw an exception. Patch uploaded for review.
          Hide
          Chris Nauroth added a comment -

          Thanks for the update, Vijay. I have just a few more nitpicky comments.

          Patch v004 has a whitespace change in NameNode, but no changes in the code. Let's remove this file completely from the patch.

          In BlockManager, we once again have a case of logging and then throwing. I expect we don't need to log here. The thrown exception is sufficient, because it will propagate out, terminate the process, and the user will see the message.

          I liked having "Aborting NameNode" in the exception message. That makes it very clear that this is an intentional choice to abort. Can we please add that back in the BlockManager exception message?

          I'll be +1 after these very minor changes, pending another Jenkins run and waiting to see if Arpit has any additional feedback. Thank you!

          Show
          Chris Nauroth added a comment - Thanks for the update, Vijay. I have just a few more nitpicky comments. Patch v004 has a whitespace change in NameNode , but no changes in the code. Let's remove this file completely from the patch. In BlockManager , we once again have a case of logging and then throwing. I expect we don't need to log here. The thrown exception is sufficient, because it will propagate out, terminate the process, and the user will see the message. I liked having "Aborting NameNode" in the exception message. That makes it very clear that this is an intentional choice to abort. Can we please add that back in the BlockManager exception message? I'll be +1 after these very minor changes, pending another Jenkins run and waiting to see if Arpit has any additional feedback. Thank you!
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12725028/HDFS-6666.005.patch
          against trunk revision d60e221.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 2 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests in hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs:

          org.apache.hadoop.mapreduce.v2.hs.webapp.TestHsWebServicesTasks

          The following test timeouts occurred in hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs:

          org.apache.hadoop.mapreduce.lib.output.TestFileOutputCommitter

          Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10264//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10264//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12725028/HDFS-6666.005.patch against trunk revision d60e221. +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 2 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. -1 core tests . The patch failed these unit tests in hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs: org.apache.hadoop.mapreduce.v2.hs.webapp.TestHsWebServicesTasks The following test timeouts occurred in hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs: org.apache.hadoop.mapreduce.lib.output.TestFileOutputCommitter Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10264//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10264//console This message is automatically generated.
          Hide
          Chris Nauroth added a comment -

          +1 for patch v005. The test failures look unrelated, and I couldn't reproduce them locally. I submitted a fresh Jenkins run. I'm going to wait for that to finish before committing.

          Show
          Chris Nauroth added a comment - +1 for patch v005. The test failures look unrelated, and I couldn't reproduce them locally. I submitted a fresh Jenkins run. I'm going to wait for that to finish before committing.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12725028/HDFS-6666.005.patch
          against trunk revision 7b46714.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 2 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          -1 eclipse:eclipse. The patch failed to build with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in .

          Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10268//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10268//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12725028/HDFS-6666.005.patch against trunk revision 7b46714. +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 2 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. -1 eclipse:eclipse . The patch failed to build with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/10268//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/10268//console This message is automatically generated.
          Hide
          Chris Nauroth added a comment -

          +1 for patch v005. I committed this to trunk and branch-2. TestSecureNameNode does not exist on branch-2, so I simply removed that when I cherry-picked. Vijay, thank you for the patch. Arpit, thank you for help with the code review.

          Show
          Chris Nauroth added a comment - +1 for patch v005. I committed this to trunk and branch-2. TestSecureNameNode does not exist on branch-2, so I simply removed that when I cherry-picked. Vijay, thank you for the patch. Arpit, thank you for help with the code review.
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-trunk-Commit #7582 (See https://builds.apache.org/job/Hadoop-trunk-Commit/7582/)
          HDFS-6666. Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b)

          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
          • hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #7582 (See https://builds.apache.org/job/Hadoop-trunk-Commit/7582/ ) HDFS-6666 . Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b) hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #164 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/164/)
          HDFS-6666. Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b)

          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
          • hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #164 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/164/ ) HDFS-6666 . Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Yarn-trunk #898 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/898/)
          HDFS-6666. Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b)

          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
          • hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk #898 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/898/ ) HDFS-6666 . Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b) hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Hdfs-trunk #2096 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2096/)
          HDFS-6666. Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b)

          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
          • hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #2096 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2096/ ) HDFS-6666 . Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #155 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/155/)
          HDFS-6666. Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b)

          • hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #155 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/155/ ) HDFS-6666 . Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b) hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #165 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/165/)
          HDFS-6666. Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b)

          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
          • hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #165 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/165/ ) HDFS-6666 . Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b) hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java
          Hide
          Hudson added a comment -

          SUCCESS: Integrated in Hadoop-Mapreduce-trunk #2114 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2114/)
          HDFS-6666. Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b)

          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java
          • hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
          • hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java
          • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
          Show
          Hudson added a comment - SUCCESS: Integrated in Hadoop-Mapreduce-trunk #2114 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2114/ ) HDFS-6666 . Abort NameNode and DataNode startup if security is enabled but block access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev d45aa7647b1fecf81860ec7b563085be2af99a0b) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java

            People

            • Assignee:
              Vijay Bhat
              Reporter:
              Chris Nauroth
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development