Hadoop Map/Reduce
  1. Hadoop Map/Reduce
  2. MAPREDUCE-1611

Refresh nodes and refresh queues doesnt work with service authorization enabled

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 0.21.0
    • Fix Version/s: 0.21.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Fixed a bug that caused all the AdminOperationsProtocol operations to fail when service-level authorization is enabled. The problem is solved by registering AdminOperationsProtocol also with MapReducePolicyProvider.

      Description

      If service-level authorization enabled (i.e hadoop.security.authorization set to true) for MapReduce then refreshing the node and queue fails with the following message

      Protocol interface org.apache.hadoop.mapred.AdminOperationsProtocol is not known.
      
      1. mr-1611-v1.0.patch
        4 kB
        Amar Kamat
      2. MAPREDUCE-1611-20100319-ydist.txt
        4 kB
        Vinod Kumar Vavilapalli

        Activity

        Hide
        Vinod Kumar Vavilapalli added a comment -

        Committed to trunk and 0.21 branch. Thanks Amar!

        Show
        Vinod Kumar Vavilapalli added a comment - Committed to trunk and 0.21 branch. Thanks Amar!
        Hide
        Vinod Kumar Vavilapalli added a comment -

        Just committed this to trunk. Having minor problems merging the changes to 0.21, asking Sharad's help..

        Show
        Vinod Kumar Vavilapalli added a comment - Just committed this to trunk. Having minor problems merging the changes to 0.21, asking Sharad's help..
        Hide
        Vinod Kumar Vavilapalli added a comment -

        Patch looks good. I also ran a single node test to verify refresh queues, it passes. Going to commit this..

        Show
        Vinod Kumar Vavilapalli added a comment - Patch looks good. I also ran a single node test to verify refresh queues, it passes. Going to commit this..
        Hide
        Hadoop QA added a comment -

        +1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12439356/mr-1611-v1.0.patch
        against trunk revision 940740.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 3 new or modified tests.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 findbugs. The patch does not introduce any new Findbugs warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed core unit tests.

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: http://hudson.zones.apache.org/hudson/job/Mapreduce-Patch-h4.grid.sp2.yahoo.net/163/testReport/
        Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Mapreduce-Patch-h4.grid.sp2.yahoo.net/163/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
        Checkstyle results: http://hudson.zones.apache.org/hudson/job/Mapreduce-Patch-h4.grid.sp2.yahoo.net/163/artifact/trunk/build/test/checkstyle-errors.html
        Console output: http://hudson.zones.apache.org/hudson/job/Mapreduce-Patch-h4.grid.sp2.yahoo.net/163/console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12439356/mr-1611-v1.0.patch against trunk revision 940740. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Mapreduce-Patch-h4.grid.sp2.yahoo.net/163/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Mapreduce-Patch-h4.grid.sp2.yahoo.net/163/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Mapreduce-Patch-h4.grid.sp2.yahoo.net/163/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Mapreduce-Patch-h4.grid.sp2.yahoo.net/163/console This message is automatically generated.
        Hide
        Amar Kamat added a comment -

        The trunk patch applies cleanly to trunk and branch-0.21. Running through husdon.

        Show
        Amar Kamat added a comment - The trunk patch applies cleanly to trunk and branch-0.21. Running through husdon.
        Hide
        Vinod Kumar Vavilapalli added a comment -

        I think this definitely is a blocker for 0.21.

        Show
        Vinod Kumar Vavilapalli added a comment - I think this definitely is a blocker for 0.21.
        Hide
        Amar Kamat added a comment -

        Attaching a patch for trunk. test-patch and ant-tests passed.

        Show
        Amar Kamat added a comment - Attaching a patch for trunk. test-patch and ant-tests passed.
        Hide
        Vinod Kumar Vavilapalli added a comment -

        Attaching patch for yahoo! dist on behalf of Amar. Not for commit here.

        Show
        Vinod Kumar Vavilapalli added a comment - Attaching patch for yahoo! dist on behalf of Amar. Not for commit here.
        Hide
        Amar Kamat added a comment -

        ServiceAuthorizationManager authorizes users against the ACLs specified for the protocol used. With service level authorization enabled, when a user tries to refresh the nodes at the JobTracker, ServiceAuthorizationManager tries to authorize the user against the ACL specified for AdminOperationsProtocol. For MapReduce, the list of protocols to be authorized is provided by MapReducePolicyProvider. MapReducePolicyProvider doesnt list AdminOperationsProtocol causing 'refreshNodes' to fail.

        Show
        Amar Kamat added a comment - ServiceAuthorizationManager authorizes users against the ACLs specified for the protocol used. With service level authorization enabled, when a user tries to refresh the nodes at the JobTracker , ServiceAuthorizationManager tries to authorize the user against the ACL specified for AdminOperationsProtocol . For MapReduce, the list of protocols to be authorized is provided by MapReducePolicyProvider . MapReducePolicyProvider doesnt list AdminOperationsProtocol causing 'refreshNodes' to fail.

          People

          • Assignee:
            Amar Kamat
            Reporter:
            Amar Kamat
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development