[
https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daryn Sharp updated HADOOP-9880:
--------------------------------
Attachment: HADOOP-9880.patch
This is slightly more appealing hack than HDFS-3083.
I've moved the call to the NN-specific {{checkAvailableForRead}} from the RPC
layer into the NN's secret manager so it's only called when token auth is being
performed.
However, the current method signatures only allow {{InvalidToken}} to be
thrown. So rather than change a bunch of signatures that may impact other
projects, I've tunneled the {{StandyException}} in the cause of an
{{InvalidToken}}. The RPC server will unwrap the nested exception.
> SASL changes from HADOOP-9421 breaks Secure HA NN
> --------------------------------------------------
>
> Key: HADOOP-9880
> URL: https://issues.apache.org/jira/browse/HADOOP-9880
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.1.0-beta
> Reporter: Kihwal Lee
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HADOOP-9880.patch
>
>
> buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth.
> When create() is called against it, secretManager.checkAvailableForRead() is
> called, which fails in HA standby. Thus HA standby nodes cannot be
> transitioned to active.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
