[ https://issues.apache.org/jira/browse/HADOOP-11754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14384585#comment-14384585 ]
Haohui Mai commented on HADOOP-11754: ------------------------------------- bq. AuthenticationFilter check it customized secret exists (no matter it comes from secret file or directly put in the configuration) or not to decide failback to random secret no matter AuthenticationFilter is used in secure mode (Kerberos handler) or in insecure mode (Pseudo handler). bq. AuthenticationFilter no longer accepts secret that is put inside the configuration file. It may not be the best practice, but it's a valid scenario before. AuthenticationFilter also forces the user to have the secret file in secure mode, and it's not able to failback to random secret. We never support this use case. It is a misunderstanding of the code. See https://issues.apache.org/jira/browse/HADOOP-10670?focusedCommentId=14380372&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14380372 For Timeline / RM server, it looks like we have a lot of customized use cases here. Looks like the right fix is to move the some of the code in HttpServer2 and to allow customization. > RM fails to start in non-secure mode due to authentication filter failure > ------------------------------------------------------------------------- > > Key: HADOOP-11754 > URL: https://issues.apache.org/jira/browse/HADOOP-11754 > Project: Hadoop Common > Issue Type: Bug > Affects Versions: 2.7.0 > Reporter: Sangjin Lee > Assignee: Haohui Mai > Priority: Blocker > Attachments: HADOOP-11754-v1.patch, HADOOP-11754-v2.patch, > HADOOP-11754.000.patch, HADOOP-11754.001.patch > > > RM fails to start in the non-secure mode with the following exception: > {noformat} > 2015-03-25 22:02:42,526 WARN org.mortbay.log: failed RMAuthenticationFilter: > javax.servlet.ServletException: java.lang.RuntimeException: Could not read > signature secret file: /Users/sjlee/hadoop-http-auth-signature-secret > 2015-03-25 22:02:42,526 WARN org.mortbay.log: Failed startup of context > org.mortbay.jetty.webapp.WebAppContext@6de50b08{/,jar:file:/Users/sjlee/hadoop-3.0.0-SNAPSHOT/share/hadoop/yarn/hadoop-yarn-common-3.0.0-SNAPSHOT.jar!/webapps/cluster} > javax.servlet.ServletException: java.lang.RuntimeException: Could not read > signature secret file: /Users/sjlee/hadoop-http-auth-signature-secret > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeSecretProvider(AuthenticationFilter.java:266) > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:225) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.init(DelegationTokenAuthenticationFilter.java:161) > at > org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.init(RMAuthenticationFilter.java:53) > at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97) > at > org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) > at > org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713) > at org.mortbay.jetty.servlet.Context.startContext(Context.java:140) > at > org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282) > at > org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518) > at > org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499) > at > org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) > at > org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152) > at > org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156) > at > org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) > at > org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130) > at org.mortbay.jetty.Server.doStart(Server.java:224) > at > org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) > at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:773) > at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:274) > at > org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.startWepApp(ResourceManager.java:974) > at > org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1074) > at > org.apache.hadoop.service.AbstractService.start(AbstractService.java:193) > at > org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1208) > Caused by: java.lang.RuntimeException: Could not read signature secret file: > /Users/sjlee/hadoop-http-auth-signature-secret > at > org.apache.hadoop.security.authentication.util.FileSignerSecretProvider.init(FileSignerSecretProvider.java:59) > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeSecretProvider(AuthenticationFilter.java:264) > ... 23 more > ... > 2015-03-25 22:02:42,538 FATAL > org.apache.hadoop.yarn.server.resourcemanager.ResourceManager: Error starting > ResourceManager > org.apache.hadoop.yarn.webapp.WebAppException: Error starting http server > at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:279) > at > org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.startWepApp(ResourceManager.java:974) > at > org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1074) > at > org.apache.hadoop.service.AbstractService.start(AbstractService.java:193) > at > org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1208) > Caused by: java.io.IOException: Problem in starting http server. Server > handlers failed > at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:785) > at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:274) > ... 4 more > {noformat} > This is likely a regression introduced by HADOOP-10670. -- This message was sent by Atlassian JIRA (v6.3.4#6332)