[jira] [Commented] (HDFS-6666) Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.

Tue, 31 Mar 2015 20:55:40 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14389948#comment-14389948
 ] 

Arpit Agarwal commented on HDFS-6666:
-------------------------------------

Hi [~vijaysbhat], thank you for volunteering to help with this issue and adding 
a test case.

You will need to enable the Maven startKdc profile for running secure NN tests. 
Secure NN uses ApacheDS but unfortunately the URL is broken. Looks like we'll 
need to fix the download URL to get startKdc working. Do you want to give it a 
shot too?

{code}
$ mvn -q test -PtestKerberos,startKdc -Dtest=TestSecureNameNode
     [exec] Result: 1
[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-antrun-plugin:1.7:run (kdc) on project 
hadoop-common: An Ant BuildException has occured: Can't get 
http://newverhost.com/pub//directory/apacheds/unstable/1.5/1.5.7/apacheds-1.5.7.tar.gz
 to 
/Users/aagarwal/src/hdp/hadoop-common-project/hadoop-common/target/test-classes/kdc/downloads/apacheds-1.5.7.tar.gz
[ERROR] around Ant part ...<get 
dest="/Users/aagarwal/src/hdp/hadoop-common-project/hadoop-common/target/test-classes/kdc/downloads"
 skipexisting="true" verbose="true" 
src="http://newverhost.com/pub//directory/apacheds/unstable/1.5/1.5.7/apacheds-1.5.7.tar.gz"/>..
{code}

> Abort NameNode and DataNode startup if security is enabled but block access 
> token is not enabled.
> -------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-6666
>                 URL: https://issues.apache.org/jira/browse/HDFS-6666
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, namenode, security
>    Affects Versions: 3.0.0, 2.5.0
>            Reporter: Chris Nauroth
>            Assignee: Vijay Bhat
>            Priority: Minor
>
> Currently, if security is enabled by setting hadoop.security.authentication 
> to kerberos, but HDFS block access tokens are disabled by setting 
> dfs.block.access.token.enable to false (which is the default), then the 
> NameNode logs an error and proceeds, and the DataNode proceeds without even 
> logging an error.  This jira proposes that this it's invalid to turn on 
> security but not turn on block access tokens, and that it would be better to 
> fail fast and abort the daemons during startup if this happens.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to