[jira] [Commented] (HDFS-6666) Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.

Wed, 15 Apr 2015 03:44:33 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14496022#comment-14496022
 ] 

Hudson commented on HDFS-6666:
------------------------------

FAILURE: Integrated in Hadoop-Yarn-trunk #898 (See 
[https://builds.apache.org/job/Hadoop-Yarn-trunk/898/])
HDFS-6666. Abort NameNode and DataNode startup if security is enabled but block 
access token is not enabled. Contributed by Vijay Bhat. (cnauroth: rev 
d45aa7647b1fecf81860ec7b563085be2af99a0b)
* 
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferTestCase.java
* 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
* hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
* 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/blockmanagement/BlockManager.java
* 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java
* 
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestSecureNameNode.java


> Abort NameNode and DataNode startup if security is enabled but block access 
> token is not enabled.
> -------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-6666
>                 URL: https://issues.apache.org/jira/browse/HDFS-6666
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, namenode, security
>    Affects Versions: 2.7.1
>            Reporter: Chris Nauroth
>            Assignee: Vijay Bhat
>            Priority: Minor
>             Fix For: 2.8.0
>
>         Attachments: HDFS-6666.001.patch, HDFS-6666.002.patch, 
> HDFS-6666.003.patch, HDFS-6666.004.patch, HDFS-6666.005.patch
>
>
> Currently, if security is enabled by setting hadoop.security.authentication 
> to kerberos, but HDFS block access tokens are disabled by setting 
> dfs.block.access.token.enable to false (which is the default), then the 
> NameNode logs an error and proceeds, and the DataNode proceeds without even 
> logging an error.  This jira proposes that this it's invalid to turn on 
> security but not turn on block access tokens, and that it would be better to 
> fail fast and abort the daemons during startup if this happens.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to