[jira] [Commented] (HDFS-6666) Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.

Sat, 11 Apr 2015 13:16:09 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14491182#comment-14491182
 ] 

Chris Nauroth commented on HDFS-6666:
-------------------------------------

Thanks for the update, Vijay.  I have just a few more nitpicky comments.

Patch v004 has a whitespace change in {{NameNode}}, but no changes in the code. 
 Let's remove this file completely from the patch.

In {{BlockManager}}, we once again have a case of logging and then throwing.  I 
expect we don't need to log here.  The thrown exception is sufficient, because 
it will propagate out, terminate the process, and the user will see the message.

I liked having "Aborting NameNode" in the exception message.  That makes it 
very clear that this is an intentional choice to abort.  Can we please add that 
back in the {{BlockManager}} exception message?

I'll be +1 after these very minor changes, pending another Jenkins run and 
waiting to see if Arpit has any additional feedback.  Thank you!

> Abort NameNode and DataNode startup if security is enabled but block access 
> token is not enabled.
> -------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-6666
>                 URL: https://issues.apache.org/jira/browse/HDFS-6666
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, namenode, security
>    Affects Versions: 3.0.0, 2.5.0
>            Reporter: Chris Nauroth
>            Assignee: Vijay Bhat
>            Priority: Minor
>         Attachments: HDFS-6666.001.patch, HDFS-6666.002.patch, 
> HDFS-6666.003.patch, HDFS-6666.004.patch
>
>
> Currently, if security is enabled by setting hadoop.security.authentication 
> to kerberos, but HDFS block access tokens are disabled by setting 
> dfs.block.access.token.enable to false (which is the default), then the 
> NameNode logs an error and proceeds, and the DataNode proceeds without even 
> logging an error.  This jira proposes that this it's invalid to turn on 
> security but not turn on block access tokens, and that it would be better to 
> fail fast and abort the daemons during startup if this happens.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to