Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 0.21.0
-
Component/s: None
-
Labels:None
Description
In hftp, destination clusters will require an RPC-version-agnostic means of obtaining delegation tokens from the source cluster. The easiest method is provide a webservice to retrieve a token over http. This can be encrypted via SSL (backed by Kerberos, done in another JIRA), providing security for cross-cluster hftp operations.
Issue Links
- incorporates
-
HADOOP-6594
Update hdfs script to provide fetchdt tool
-
- Closed
-
- is related to
-
HADOOP-6584
Provide Kerberized SSL encryption for webservices
-
- Closed
-
Activity
Integrated in Hdfs-Patch-h5.grid.sp2.yahoo.net #302 (See http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/302/)
Integrated in Hdfs-Patch-h2.grid.sp2.yahoo.net #146 (See http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h2.grid.sp2.yahoo.net/146/)
Integrated in Hadoop-Hdfs-trunk-Commit #206 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Hdfs-trunk-Commit/206/)
. Allow fetching of delegation token from NameNode for hftp. Contributed by Jakob Homan.
Patch for hadoop 20.
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12437295/HDFS-994-5.patch
against trunk revision 916873.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 2 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed core unit tests.
-1 contrib tests. The patch failed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/254/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/254/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/254/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/254/console
This message is automatically generated.
I just committed this, thanks Jakob!
oops
+1 HDFS-994-5.patch looks good. Thanks, Jakob.
submitting patch.
HDFS-991 caused this to go stale. Updated to use a configuration.
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12437289/HDFS-994-4.patch
against trunk revision 916873.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 2 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The patch appears to cause tar ant target to fail.
-1 findbugs. The patch appears to cause Findbugs to fail.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed core unit tests.
-1 contrib tests. The patch failed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/253/testReport/
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/253/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/253/console
This message is automatically generated.
Paging Hudson for new review.
Thanks for the review Nicholas. Updated patch to include all suggestions.
+1 patch looks good. Minor suggestions:
- The InputStream in (or dis) in getDTfromRemote(..) is not closed.
- You may use java.lang.Void instead of Object in the generic type of PrivilegedExceptionAction
+ ugi.doAs(new PrivilegedExceptionAction<Object>() {
- ugiFinal can be eliminated by
+ final UserGroupInformation ugi; + try { + ugi = getUGI(req); + } catch(IOException ioe) {
Failed test is known-bad cactus download. Patch is ready for review.
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12437141/HDFS-994-3.patch
against trunk revision 916534.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 2 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
-1 contrib tests. The patch failed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/249/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/249/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/249/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hdfs-Patch-h5.grid.sp2.yahoo.net/249/console
This message is automatically generated.
Submitting patch again, hopefully Hudson shows up?
Updated patch verified in Kerberos environment.
Updated patch now with test-passing goodness. Not sure where Hudson is, so ran full unit tests manually. All pass. Test-patch is good too.
[exec] +1 overall. [exec] [exec] +1 @author. The patch does not contain any @author tags. [exec] [exec] +1 tests included. The patch appears to include 2 new or modified tests. [exec] [exec] +1 javadoc. The javadoc tool did not generate any warning messages. [exec] [exec] +1 javac. The applied patch does not increase the total number of javac compiler warnings. [exec] [exec] +1 findbugs. The patch does not introduce any new Findbugs warnings. [exec] [exec] +1 release audit. The applied patch does not increase the total number of release audit warnings.
submitting patch.
Patch for review. Manually tested in secure environment, which works fine except for the webservice interface, since we don't yet have kerberos-authed webinteraction. However, did fail in the correct way.
Integrated in Hadoop-Hdfs-trunk #275 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Hdfs-trunk/275/)