[
https://issues.apache.org/jira/browse/HADOOP-18581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17657070#comment-17657070
]
Surendra Singh Lilhore commented on HADOOP-18581:
-------------------------------------------------
{quote}Are you planning to backport to other branches also..?
{quote}
Yes [~brahmareddy], I will backport this.
{quote}Any insights on when this can happen.
{quote}
Yes, this issue happened in many prod cluster. Mostly this issue happened when
one KDC is doing backup and it is not available for login request. When client
trying to do the re-login but login failed because client is not able to
failover to other available KDC server(failover failed because of wrong error
code from first server).
{quote}I checked your testcase which logout on other thread, but will be case..?
{quote}
Yes, This is very common in NameNode and journalnode case. QJM in NameNode is
client for JournalNode and it will do re-login as client, but when this
re-login fail it will impact the NameNode also because
[UGI#unprotectedRelogin()|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L1361]
destroy the NameNode ticket.
> Handle Server KDC re-login when Server and Client run in same JVM.
> ------------------------------------------------------------------
>
> Key: HADOOP-18581
> URL: https://issues.apache.org/jira/browse/HADOOP-18581
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 3.1.1
> Reporter: Surendra Singh Lilhore
> Assignee: Surendra Singh Lilhore
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0
>
>
> Handle re-login in Server when client, server running in same JVM and client
> trying to re-login, but it fails.
> For example, NameNode is server but in same JVM journal node client also
> running to push to edit logs. When JN client try to re-login and it fails, it
> will destroy server service ticket also and NameNode not able to server
> client request. We can see the below error logs in NameNode log file.
>
> {noformat}
> Auth failed for x.x.x.x:42199:null (GSS initiate failed) with true cause:
> (GSS initiate failed)
> Auth failed for x.x.x.x:42199:null (GSS initiate failed) with true cause:
> (GSS initiate failed)
> Auth failed for x.x.x.x:42199:null (GSS initiate failed) with true cause:
> (GSS initiate failed){noformat}
> Same discussion happened in HADOOP-17996.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
