[
https://issues.apache.org/jira/browse/HDFS-12532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16218865#comment-16218865
]
Vinayakumar B commented on HDFS-12532:
--------------------------------------
Scenario:
* In this usecase, Kerberos principal doesnt contain FQDN for service
principals, all service principals will be in generic forms. i.e.
hdfs/[email protected], 'hadoop' is not really mapping to any host. (Except for
HTTP principals to work with SPNEGO, in which FQDN is used.)
* NN and DNs are in different machines.
* DN machine have floating IP along with real interface. Both interfaces uses
IPs of same segment. (This floating IP of same segment is for some other
usecase of customer)
* Example:
*# NN is in 192.168.132.5
*# DN1 is in 192.168.132.10 and all configurations have 192.168.132.10
*# DN1 machine also have floating ip with 192.168.132.188
*# There is no DNS entry for 192.168.132.188 in NN.
*# Since DN's principal cannot resolve to a hostname, client binding address
will be null and selects random binding address. In this case it selects
floating ip 192.168.132.188
*# Now, DN1 carries 192.168.132.10 in Dn ID, but RPC request itself will be
sent using floating IP 192.168.132.188 to NN.
*# NN throws back exception saying name resolution fails.
Disabling the strict ip-hostname check
{{dfs.namenode.datanode.registration.ip-hostname-check=false}} will just avoid
exception, but it registers the Datanode with floating IP itself
(registerDatanode() overwrites the DnID with floating IP).
This makes clients' requests to fail while trying to connect to DN (because all
listening ports are in actual IP (192.168.132.10) in DN).
So currently there are following ways to solve this case.
# Use FQDN in kerberos principal. This needs major change in deployment
mechanism.
# Disable Floating IP. This affects customers' other usecase.
# Provide configuration to specify client side local-bind address for RPC
requests from dual IP machines.
Since #1 and #2 are not feasible in our case, #3 looks feasible and doesn't
affect any existing behavior.
> DN Reg can Fail when principal doesn't contain hostname and floatingIP is
> configured.
> -------------------------------------------------------------------------------------
>
> Key: HDFS-12532
> URL: https://issues.apache.org/jira/browse/HDFS-12532
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Brahma Reddy Battula
> Assignee: Brahma Reddy Battula
> Attachments: HDFS-12532.patch
>
>
> Configure principal without hostname (i.e hdfs/[email protected])
> Configure floatingIP
> Start Cluster.
> Here DN will fail to register as it can take IP which is not in "/etc/hosts".
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
