[jira] [Updated] (GIRAPH-212) Security is busted since GIRAPH-168

[Eugene Koontz (JIRA)]

     [ 
https://issues.apache.org/jira/browse/GIRAPH-212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Eugene Koontz updated GIRAPH-212:
---------------------------------

    Attachment: GIRAPH-212.patch

This patch allows Giraph to run on a secure Hadoop 1.0 install. The problem was 
that Hadoop 1.0 does indeed use SASL authentication at the RPC layer, and this 
was wrongly being omitted by GIRAPH-168. This patch fixes the problem by 
removing the HADOOP_NON_SASL_RPC munge flag, so that SASL with Hadoop RPC is 
activated for all secure profiles.

It also reduces the usage of munge by moving secure rpc-related code from the 
existing RPCCommunications class to a new  SecureRPCCommunications class that 
is omitted from compilation in non-secure profiles (hadoop_non_secure, 
hadoop_facebook).


A new HADOOP_NON_JOBCONTEXT_IS_INTERFACE munge flag is used to make a 
distinction that was formerly covered by HADOOP_NON_SASL_RPC. This new flag 
distinguishes the Hadoop 1.0 and earlier set of profiles (hadoop_non_secure, 
hadoop_0.20.203 and hadoop_1.0) on the one hand, and Facebook and 2.0+ 
profiles, on the other (hadoop_facebook, hadoop_2.0.0, hadoop_trunk). 

Passes mvn -PX clean verify for all X:{hadoop_non_secure, hadoop_0.20.203, 
hadoop_1.0,hadoop_2.0.0,hadoop_trunk}. 

Still getting some test errors for hadoop_facebook which I am investigating.
                
> Security is busted since GIRAPH-168
> -----------------------------------
>
>                 Key: GIRAPH-212
>                 URL: https://issues.apache.org/jira/browse/GIRAPH-212
>             Project: Giraph
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 0.2.0
>            Reporter: Jakob Homan
>            Assignee: Jakob Homan
>            Priority: Critical
>             Fix For: 0.2.0
>
>         Attachments: GIRAPH-212.patch, core-site.xml, hdfs-site.xml, 
> mapred-site.xml
>
>
> As reported on the mailing list and verified here on our clusters, 
> something's gone screwy with Giraph jobs on secure hadoop.  I reverted back 
> before GIRAPH-168 and this goes away, although I've not found out what it is 
> yet (and may not be 168).  
> RPC clients are trying to open connections with the wrong configuration 
> relative to the servers.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira