[
https://issues.apache.org/jira/browse/HADOOP-11291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14205333#comment-14205333
]
Hadoop QA commented on HADOOP-11291:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12680641/HADOOP-11291.1.patch
against trunk revision eace218.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-common-project/hadoop-common:
org.apache.hadoop.ha.TestZKFailoverControllerStress
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/5058//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/5058//console
This message is automatically generated.
> Log the cause of SASL connection failures
> -----------------------------------------
>
> Key: HADOOP-11291
> URL: https://issues.apache.org/jira/browse/HADOOP-11291
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.5.0
> Reporter: Stephen Chu
> Assignee: Stephen Chu
> Priority: Minor
> Labels: supportability
> Attachments: HADOOP-11291.1.patch
>
>
> {{UGI#doAs}} will no longer log a PriviledgedActionException unless
> LOG.isDebugEnabled() == true. HADOOP-10015 made this change because it was
> decided that users calling {{UGI#doAs}} should be responsible for logging the
> error when catching an exception. Also, the log was confusing in certain
> situations (see more details in HADOOP-10015).
> However, as Daryn noted, this log message was very helpful in cases of
> debugging security issues.
> As an example, we would use to see this in the DN logs before HADOOP-10015:
> {code}
> 2014-10-20 11:28:02,112 WARN org.apache.hadoop.security.UserGroupInformation:
> PriviledgedActionException as:hdfs/[email protected] (auth:KERBEROS)
> cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Generic error
> (description in e-text) (60) - NO PREAUTH)]
> 2014-10-20 11:28:02,112 WARN org.apache.hadoop.ipc.Client: Couldn't setup
> connection for hdfs/[email protected] to hostB.com/101.01.010:8022
> 2014-10-20 11:28:02,112 WARN org.apache.hadoop.security.UserGroupInformation:
> PriviledgedActionException as:hdfs/[email protected] (auth:KERBEROS)
> cause:java.io.IOException: Couldn't setup connection for
> hdfs/[email protected] to hostB.com/101.01.010:8022
> {code}
> After the fix went in, the DN was upgraded, and only logs:
> {code}
> 2014-10-20 14:11:40,712 WARN org.apache.hadoop.ipc.Client: Couldn't setup
> connection for hdfs/[email protected] to hostB.com/101.01.010:8022
> 2014-10-20 14:11:40,713 WARN org.apache.hadoop.hdfs.server.datanode.DataNode:
> Problem connecting to server: hostB.com/101.01.010:8022
> {code}
> It'd be good to add more logging information about the cause of a SASL
> connection failure.
> Thanks to [~qwertymaniac] for reporting this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
