Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-6666

Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.

    Details

    • Target Version/s:
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      NameNode and DataNode now abort during startup if attempting to run in secure mode, but block access tokens are not enabled by setting configuration property dfs.block.access.token.enable to true in hdfs-site.xml. Previously, this case logged a warning, because this would be an insecure configuration.
      Show
      NameNode and DataNode now abort during startup if attempting to run in secure mode, but block access tokens are not enabled by setting configuration property dfs.block.access.token.enable to true in hdfs-site.xml. Previously, this case logged a warning, because this would be an insecure configuration.

      Description

      Currently, if security is enabled by setting hadoop.security.authentication to kerberos, but HDFS block access tokens are disabled by setting dfs.block.access.token.enable to false (which is the default), then the NameNode logs an error and proceeds, and the DataNode proceeds without even logging an error. This jira proposes that this it's invalid to turn on security but not turn on block access tokens, and that it would be better to fail fast and abort the daemons during startup if this happens.

        Attachments

        1. HDFS-6666.001.patch
          11 kB
          Vijay Bhat
        2. HDFS-6666.002.patch
          11 kB
          Vijay Bhat
        3. HDFS-6666.003.patch
          12 kB
          Vijay Bhat
        4. HDFS-6666.004.patch
          14 kB
          Vijay Bhat
        5. HDFS-6666.005.patch
          13 kB
          Vijay Bhat

          Issue Links

            Activity

              People

              • Assignee:
                vijaysbhat Vijay Bhat
                Reporter:
                cnauroth Chris Nauroth
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: