[
https://issues.apache.org/jira/browse/HADOOP-16547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16929239#comment-16929239
]
Steve Loughran commented on HADOOP-16547:
-----------------------------------------
* build a full Hadoop distro without the patch
* Enable delegation tokens for a test bucket.
* use fetchdt to collect a token for that bucket
* set the HADOOP_TOKEN_FILE_LOCATION environment variable to point at the token
file
* unset the AWS credentials
* set the ddb enabled, region and bucket names for all buckets, so ddb can try
to init even when unbound to an FS.
* execute all the s3guard cli operations; observe which fail
* build a hadoop release *with* the patch, verify the failing operations now
succeed
> s3guard prune command doesn't get AWS auth chain from FS
> --------------------------------------------------------
>
> Key: HADOOP-16547
> URL: https://issues.apache.org/jira/browse/HADOOP-16547
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 3.3.0
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Major
>
> s3guard prune command doesn't get AWS auth chain from any FS, so it just
> drives the DDB store from the conf settings. If S3A is set up to use
> Delegation tokens then the DTs/custom AWS auth sequence is not picked up, so
> you get an auth failure.
> Fix:
> # instantiate the FS before calling initMetadataStore
> # review other commands to make sure problem isn't replicated
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
