Hadoop HDFS
  1. Hadoop HDFS
  2. HDFS-6666

Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.0.0, 2.5.0
    • Fix Version/s: None
    • Component/s: datanode, namenode, security
    • Labels:
      None

      Description

      Currently, if security is enabled by setting hadoop.security.authentication to kerberos, but HDFS block access tokens are disabled by setting dfs.block.access.token.enable to false (which is the default), then the NameNode logs an error and proceeds, and the DataNode proceeds without even logging an error. This jira proposes that this it's invalid to turn on security but not turn on block access tokens, and that it would be better to fail fast and abort the daemons during startup if this happens.

        Issue Links

          Activity

          Chris Nauroth created issue -
          Chris Nauroth made changes -
          Field Original Value New Value
          Labels security
          Chris Nauroth made changes -
          Component/s security [ 12313400 ]
          Chris Nauroth made changes -
          Labels security
          Chris Nauroth made changes -
          Link This issue relates to HDFS-4278 [ HDFS-4278 ]
          Hide
          Haohui Mai added a comment -

          +1 for the proposal.

          Show
          Haohui Mai added a comment - +1 for the proposal.
          Hide
          Arpit Agarwal added a comment -

          +1 from me too.

          In the spirit of reducing redundant configuration, can we just assume block access tokens are enabled when security is on (even if the setting is 'off'')?

          Show
          Arpit Agarwal added a comment - +1 from me too. In the spirit of reducing redundant configuration, can we just assume block access tokens are enabled when security is on (even if the setting is 'off'')?

            People

            • Assignee:
              Unassigned
              Reporter:
              Chris Nauroth
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:

                Development