[jira] [Commented] (HDFS-13501) Secure Datanode stop/start from cli does not throw a valid error if HDFS_DATANODE_SECURE_USER is not set

Wed, 25 Apr 2018 17:00:52 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-13501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16453262#comment-16453262
 ] 

Allen Wittenauer commented on HDFS-13501:
-----------------------------------------

JSVC_HOME is allowed to be configured independently of 
HDFS_DATANODE_SECURE_USER due to other services that may be using the secure 
starter code.  For example, it's possible to have NFS running in secure mode 
but not the datanode.

OOTB, the only way to tell the shell code if the datanode needs to use the 
secure daemon starter is via HDFS_DATANODE_SECURE_USER.  Since having it set 
and unset are legal, there's no real way to predict what the user intends 
without reading through hdfs-site.xml, looking at port numbers, rpc settings, 
and the like.... and even then, we might get it wrong. For example, if Hadoop 
is using authbind or pfexec or any number of other ways to give a process the 
ability to open reserved ports.  They are a little more complicated, but the 
shell code does support it via hadoop-user-functions.  This flexibility is 
exactly why the current shell doesn't enforce the strict rules that 2.x did. 

> Secure Datanode stop/start from cli does not throw a valid error if 
> HDFS_DATANODE_SECURE_USER is not set
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-13501
>                 URL: https://issues.apache.org/jira/browse/HDFS-13501
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: Ajay Kumar
>            Assignee: Ajay Kumar
>            Priority: Major
>
> Secure Datanode start/stop from cli does not throw a valid error if 
> HADOOP_SECURE_DN_USER/HDFS_DATANODE_SECURE_USER is not set. If 
> HDFS_DATANODE_SECURE_USER and JSVC_HOME is not set start/stop is expected to 
> fail (when privilege ports are used) but it should show some valid message.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to