Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-7073

Allow falling back to a non-SASL connection on DataTransferProtocol in several edge cases.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.6.0
    • datanode, hdfs-client, security
    • None
    • Reviewed

    Description

      HDFS-2856 implemented general SASL support on DataTransferProtocol. Part of that work also included a fallback mode in case the remote cluster is running under a different configuration without SASL. I've discovered a few edge case configurations that this did not support:

      • Cluster is unsecured, but has block access tokens enabled. This is not something I've seen done in practice, but I've heard historically it has been allowed. The HDFS-2856 code relied on seeing an empty block access token to trigger fallback, and this doesn't work if the unsecured cluster actually is using block access tokens.
      • The DataNode has an unpublicized testing configuration property that could be used to skip the privileged port check. However, the HDFS-2856 code is still enforcing requirement of SASL when the ports are not privileged, so this would force existing configurations to make changes to activate SASL.

      This patch will restore the old behavior so that these edge case configurations will continue to work the same way.

      Attachments

        1. HDFS-7073.1.patch
          18 kB
          Chris Nauroth
        2. HDFS-7073.2.patch
          61 kB
          Chris Nauroth
        3. HDFS-7073.3.patch
          59 kB
          Chris Nauroth

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. HDFS-7107 Avoid Findbugs warning for synchronization on AbstractNNFailoverProxyProvider#fallbackToSimpleAuth.

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-2856 Fix block protocol so that Datanodes don't require root or jsvc

          • Major - Major loss of function.
          • Closed

          Activity

            People

              cnauroth Chris Nauroth
              cnauroth Chris Nauroth
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: