Hadoop HDFS
  1. Hadoop HDFS
  2. HDFS-6666

Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.7.1
    • Fix Version/s: 2.8.0
    • Component/s: datanode, namenode, security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      NameNode and DataNode now abort during startup if attempting to run in secure mode, but block access tokens are not enabled by setting configuration property dfs.block.access.token.enable to true in hdfs-site.xml. Previously, this case logged a warning, because this would be an insecure configuration.
      Show
      NameNode and DataNode now abort during startup if attempting to run in secure mode, but block access tokens are not enabled by setting configuration property dfs.block.access.token.enable to true in hdfs-site.xml. Previously, this case logged a warning, because this would be an insecure configuration.

      Description

      Currently, if security is enabled by setting hadoop.security.authentication to kerberos, but HDFS block access tokens are disabled by setting dfs.block.access.token.enable to false (which is the default), then the NameNode logs an error and proceeds, and the DataNode proceeds without even logging an error. This jira proposes that this it's invalid to turn on security but not turn on block access tokens, and that it would be better to fail fast and abort the daemons during startup if this happens.

      1. HDFS-6666.005.patch
        13 kB
        Vijay Bhat
      2. HDFS-6666.004.patch
        14 kB
        Vijay Bhat
      3. HDFS-6666.003.patch
        12 kB
        Vijay Bhat
      4. HDFS-6666.002.patch
        11 kB
        Vijay Bhat
      5. HDFS-6666.001.patch
        11 kB
        Vijay Bhat

        Issue Links

          Activity

            People

            • Assignee:
              Vijay Bhat
              Reporter:
              Chris Nauroth
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development