[
https://issues.apache.org/jira/browse/HDFS-3915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Todd Lipcon resolved HDFS-3915.
-------------------------------
Resolution: Fixed
Fix Version/s: QuorumJournalManager (HDFS-3077)
Hadoop Flags: Reviewed
> QJM: Failover fails with auth error in secure cluster
> -----------------------------------------------------
>
> Key: HDFS-3915
> URL: https://issues.apache.org/jira/browse/HDFS-3915
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: ha, security
> Affects Versions: QuorumJournalManager (HDFS-3077)
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Fix For: QuorumJournalManager (HDFS-3077)
>
> Attachments: hdfs-3915.txt
>
>
> When testing failover in a secure cluster with QJM, we ran into the following
> error:
> {code}
> java.io.IOException: Exception trying to open authenticated connection to
> http://xxxxx:8480/getJournal?jid=journal&segmentTxId=4325&storageInfo=-40%3A1049822920%3A0%3ACID-d7c84ac3-bb09-4d55-baae-0d561bb55e9b
> at
> org.apache.hadoop.security.SecurityUtil.openSecureHttpConnection(SecurityUtil.java:510)
> at
> org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream$URLLog$1.run(EditLogFileInputStream.java:376)
> ... at
> org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.doTailEdits(EditLogTailer.java:217)
> at
> org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.catchupDuringFailover(EditLogTailer.java:176)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startActiveServices(FSNamesystem.java:635)
> Caused by: GSSException: No valid credentials provided (Mechanism level:
> Failed to find any Kerberos tgt)
> {code}
> The issue is that the EditLogFileInputStream uses the "current" user, which
> in the case of the failover trigger is the admin's remote user, rather than
> the NN's login user.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
