[
https://issues.apache.org/jira/browse/HDFS-3059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14959332#comment-14959332
]
Yongjun Zhang commented on HDFS-3059:
-------------------------------------
HI [~xiaochen],
Thanks for working on this issue. I browsed it and have some comments/question:
{code}
LOG.warn("IOException caught when getting password, setting password "
+ "to null. Exception:\"" + ioe.getMessage() + "\".");
{code}
to:
{code}
LOG.warn("Setting password to null since IOException is caught when
getting password", ioe);
{code}
2. Add comma to " is specified make sure it is a relative path" as "is
specified, make sure it is a relative path"
3. Would you please explain why the following comments? maybe add the
explanation as an addition to the comment.
{code}
// This is only needed when starting SNN as a daemon,
// and no need to run it if called from shell command.
{code}
Thanks.
> ssl-server.xml causes NullPointer
> ---------------------------------
>
> Key: HDFS-3059
> URL: https://issues.apache.org/jira/browse/HDFS-3059
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: datanode, security
> Affects Versions: 2.7.1
> Environment: in core-site.xml:
> {code:xml}
> <property>
> <name>hadoop.security.authentication</name>
> <value>kerberos</value>
> </property>
> <property>
> <name>hadoop.security.authorization</name>
> <value>true</value>
> </property>
> {code}
> in hdfs-site.xml:
> {code:xml}
> <property>
> <name>dfs.https.server.keystore.resource</name>
> <value>/etc/hadoop/conf/ssl-server.xml</value>
> </property>
> <property>
> <name>dfs.https.enable</name>
> <value>true</value>
> </property>
> <property>
> ...other security props
> </property>
> {code}
> Reporter: Evert Lammerts
> Assignee: Xiao Chen
> Priority: Minor
> Labels: BB2015-05-TBR
> Attachments: HDFS-3059.02.patch, HDFS-3059.03.patch,
> HDFS-3059.04.patch, HDFS-3059.05.patch, HDFS-3059.patch, HDFS-3059.patch.2
>
>
> If ssl is enabled (dfs.https.enable) but ssl-server.xml is not available, a
> DN will crash during startup while setting up an SSL socket with a
> NullPointerException:
> {noformat}12/03/07 17:08:36 DEBUG security.Krb5AndCertsSslSocketConnector:
> useKerb = false, useCerts = true
> jetty.ssl.password : jetty.ssl.keypassword : 12/03/07 17:08:36 INFO
> mortbay.log: jetty-6.1.26.cloudera.1
> 12/03/07 17:08:36 INFO mortbay.log: Started
> selectchannelconnec...@p-worker35.alley.sara.nl:1006
> 12/03/07 17:08:36 DEBUG security.Krb5AndCertsSslSocketConnector: Creating new
> KrbServerSocket for: 0.0.0.0
> 12/03/07 17:08:36 WARN mortbay.log: java.lang.NullPointerException
> 12/03/07 17:08:36 WARN mortbay.log: failed
> Krb5AndCertsSslSocketConnector@0.0.0.0:50475: java.io.IOException:
> !JsseListener: java.lang.NullPointerException
> 12/03/07 17:08:36 WARN mortbay.log: failed Server@604788d5:
> java.io.IOException: !JsseListener: java.lang.NullPointerException
> 12/03/07 17:08:36 INFO mortbay.log: Stopped
> Krb5AndCertsSslSocketConnector@0.0.0.0:50475
> 12/03/07 17:08:36 INFO mortbay.log: Stopped
> selectchannelconnec...@p-worker35.alley.sara.nl:1006
> 12/03/07 17:08:37 INFO datanode.DataNode: Waiting for threadgroup to exit,
> active threads is 0{noformat}
> The same happens if I set an absolute path to an existing
> dfs.https.server.keystore.resource - in this case the file cannot be found
> but not even a WARN is given.
> Since in dfs.https.server.keystore.resource we know we need to have 4
> properties specified (ssl.server.truststore.location,
> ssl.server.keystore.location, ssl.server.keystore.password, and
> ssl.server.keystore.keypassword) we should check if they are set and throw an
> IOException if they are not.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
