Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-9854

Log cipher suite negotiation more verbosely

    Details

    • Hadoop Flags:
      Reviewed

      Description

      We've had difficulty probing the root cause of performance slowdown with in-transit encryption using AES-NI. We finally found the root cause was the Hadoop client did not configure encryption properties correctly, so they did not negotiate AES cipher suite when creating an encrypted stream pair, despite the server (a data node) supports it. Existing debug message did not help. We saw debug message "Server using cipher suite AES/CTR/NoPadding" on the same data node, but that refers to the communication with other data nodes.

      It would be really helpful to log a debug message if a SASL server configures AES cipher suite, but the SASL client doesn't, or vice versa. This debug message should also log the client address to differentiate it from other stream pairs.

      More over, the debug message "Server using cipher suite AES/CTR/NoPadding" should also be extended to include the client's address.

        Activity

        Hide
        jojochuang Wei-Chiu Chuang added a comment -

        Rev01: added debug message in SASL client and server to print the peer's address and the cipher suite negotiated.

        Show
        jojochuang Wei-Chiu Chuang added a comment - Rev01: added debug message in SASL client and server to print the peer's address and the cipher suite negotiated.
        Hide
        jojochuang Wei-Chiu Chuang added a comment -

        submit the patch for testing.

        Show
        jojochuang Wei-Chiu Chuang added a comment - submit the patch for testing.
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 12s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        0 mvndep 0m 9s Maven dependency ordering for branch
        +1 mvninstall 7m 36s trunk passed
        +1 compile 1m 26s trunk passed with JDK v1.8.0_72
        +1 compile 1m 24s trunk passed with JDK v1.7.0_95
        +1 checkstyle 0m 26s trunk passed
        +1 mvnsite 1m 35s trunk passed
        +1 mvneclipse 0m 27s trunk passed
        +1 findbugs 3m 46s trunk passed
        +1 javadoc 1m 39s trunk passed with JDK v1.8.0_72
        +1 javadoc 2m 15s trunk passed with JDK v1.7.0_95
        0 mvndep 0m 10s Maven dependency ordering for patch
        +1 mvninstall 1m 22s the patch passed
        +1 compile 1m 23s the patch passed with JDK v1.8.0_72
        +1 javac 1m 23s the patch passed
        +1 compile 1m 26s the patch passed with JDK v1.7.0_95
        +1 javac 1m 26s the patch passed
        +1 checkstyle 0m 25s the patch passed
        +1 mvnsite 1m 27s the patch passed
        +1 mvneclipse 0m 23s the patch passed
        +1 whitespace 0m 0s Patch has no whitespace issues.
        +1 findbugs 4m 13s the patch passed
        +1 javadoc 1m 35s the patch passed with JDK v1.8.0_72
        +1 javadoc 2m 28s the patch passed with JDK v1.7.0_95
        +1 unit 0m 49s hadoop-hdfs-client in the patch passed with JDK v1.8.0_72.
        +1 unit 52m 48s hadoop-hdfs in the patch passed with JDK v1.8.0_72.
        +1 unit 0m 55s hadoop-hdfs-client in the patch passed with JDK v1.7.0_95.
        +1 unit 50m 20s hadoop-hdfs in the patch passed with JDK v1.7.0_95.
        +1 asflicense 0m 21s Patch does not generate ASF License warnings.
        143m 23s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:0ca8df7
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12788462/HADOOP-12816.001.patch
        JIRA Issue HADOOP-12816
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux 127e78c51bcd 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / 3369a4f
        Default Java 1.7.0_95
        Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_72 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
        findbugs v3.0.0
        JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8704/testReport/
        modules C: hadoop-hdfs-project/hadoop-hdfs-client hadoop-hdfs-project/hadoop-hdfs U: hadoop-hdfs-project
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8704/console
        Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 12s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. 0 mvndep 0m 9s Maven dependency ordering for branch +1 mvninstall 7m 36s trunk passed +1 compile 1m 26s trunk passed with JDK v1.8.0_72 +1 compile 1m 24s trunk passed with JDK v1.7.0_95 +1 checkstyle 0m 26s trunk passed +1 mvnsite 1m 35s trunk passed +1 mvneclipse 0m 27s trunk passed +1 findbugs 3m 46s trunk passed +1 javadoc 1m 39s trunk passed with JDK v1.8.0_72 +1 javadoc 2m 15s trunk passed with JDK v1.7.0_95 0 mvndep 0m 10s Maven dependency ordering for patch +1 mvninstall 1m 22s the patch passed +1 compile 1m 23s the patch passed with JDK v1.8.0_72 +1 javac 1m 23s the patch passed +1 compile 1m 26s the patch passed with JDK v1.7.0_95 +1 javac 1m 26s the patch passed +1 checkstyle 0m 25s the patch passed +1 mvnsite 1m 27s the patch passed +1 mvneclipse 0m 23s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 findbugs 4m 13s the patch passed +1 javadoc 1m 35s the patch passed with JDK v1.8.0_72 +1 javadoc 2m 28s the patch passed with JDK v1.7.0_95 +1 unit 0m 49s hadoop-hdfs-client in the patch passed with JDK v1.8.0_72. +1 unit 52m 48s hadoop-hdfs in the patch passed with JDK v1.8.0_72. +1 unit 0m 55s hadoop-hdfs-client in the patch passed with JDK v1.7.0_95. +1 unit 50m 20s hadoop-hdfs in the patch passed with JDK v1.7.0_95. +1 asflicense 0m 21s Patch does not generate ASF License warnings. 143m 23s Subsystem Report/Notes Docker Image:yetus/hadoop:0ca8df7 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12788462/HADOOP-12816.001.patch JIRA Issue HADOOP-12816 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 127e78c51bcd 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 3369a4f Default Java 1.7.0_95 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_72 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95 findbugs v3.0.0 JDK v1.7.0_95 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8704/testReport/ modules C: hadoop-hdfs-project/hadoop-hdfs-client hadoop-hdfs-project/hadoop-hdfs U: hadoop-hdfs-project Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8704/console Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        cnauroth Chris Nauroth added a comment -

        +1 for the patch. I have committed this to trunk, branch-2 and branch-2.8. Wei-Chiu Chuang, thank you for contributing the patch.

        Show
        cnauroth Chris Nauroth added a comment - +1 for the patch. I have committed this to trunk, branch-2 and branch-2.8. Wei-Chiu Chuang , thank you for contributing the patch.
        Hide
        jojochuang Wei-Chiu Chuang added a comment -

        Thank you very much for reviewing and committing it! Chris Nauroth

        Show
        jojochuang Wei-Chiu Chuang added a comment - Thank you very much for reviewing and committing it! Chris Nauroth
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-trunk-Commit #9362 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9362/)
        HDFS-9854. Log cipher suite negotiation more verbosely. Contributed by (cnauroth: rev d1dd248b756e5a323ac885eefd3f81a639d6b86f)

        • hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
        • hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
        • hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #9362 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9362/ ) HDFS-9854 . Log cipher suite negotiation more verbosely. Contributed by (cnauroth: rev d1dd248b756e5a323ac885eefd3f81a639d6b86f) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java

          People

          • Assignee:
            jojochuang Wei-Chiu Chuang
            Reporter:
            jojochuang Wei-Chiu Chuang
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development