[
https://issues.apache.org/jira/browse/HDFS-14390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16802090#comment-16802090
]
Ashvin commented on HDFS-14390:
-------------------------------
In a secure HDFS cluster, the DN and NN will fail to connect with the
{{AliasMap}} service. The following error messages can be seen in the logs.
2019-03-26 10:56:15,460 [Block report processor] WARN ipc.Client
(Client.java:run(760)) - Exception encountered while connecting to the server :
org.apache.hadoop.security.AccessControlException: Client cannot authenticate
via:[KERBEROS]
2019-03-26 10:56:15,461 [Block report processor] ERROR
impl.InMemoryLevelDBAliasMapClient
(InMemoryLevelDBAliasMapClient.java:getAliasMap(171)) - Exception in retrieving
block pool id {}
java.io.IOException: DestHost:destPort localhost:32445 , LocalHost:localPort
XXX. Failed on local exception: java.io.IOException:
org.apache.hadoop.security.AccessControlException: Client cannot authenticate
via:[KERBEROS]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
…
at com.sun.proxy.$Proxy13.getBlockPoolId(Unknown Source)
at
org.apache.hadoop.hdfs.protocolPB.InMemoryAliasMapProtocolClientSideTranslatorPB.getBlockPoolId(InMemoryAliasMapProtocolClientSideTranslatorPB.java:219)
at
org.apache.hadoop.hdfs.server.common.blockaliasmap.impl.InMemoryLevelDBAliasMapClient.getAliasMap(InMemoryLevelDBAliasMapClient.java:165)
at
org.apache.hadoop.hdfs.server.common.blockaliasmap.impl.InMemoryLevelDBAliasMapClient.getReader(InMemoryLevelDBAliasMapClient.java:181)
at
org.apache.hadoop.hdfs.server.blockmanagement.ProvidedStorageMap.processProvidedStorageReport(ProvidedStorageMap.java:156)
at
org.apache.hadoop.hdfs.server.blockmanagement.ProvidedStorageMap.getStorage(ProvidedStorageMap.java:139)
at
org.apache.hadoop.hdfs.server.blockmanagement.BlockManager.processReport(BlockManager.java:2536)
…
Caused by: java.io.IOException:
org.apache.hadoop.security.AccessControlException: Client cannot authenticate
via:[KERBEROS]
at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:765)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1891)
at
org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:728)
at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:822)
…
> Provide kerberos support for AliasMap service used by Provided storage
> ----------------------------------------------------------------------
>
> Key: HDFS-14390
> URL: https://issues.apache.org/jira/browse/HDFS-14390
> Project: Hadoop HDFS
> Issue Type: Improvement
> Reporter: Ashvin
> Priority: Major
>
> With {{PROVIDED}} storage (-HDFS-9806)-, HDFS can address data stored in
> external storage systems. This feature is not supported in a secure HDFS
> cluster. The {{AliasMap}} service does not support kerberos, and as a result
> the cluster nodes will fail to communicate with it. This JIRA is to enable
> kerberos support for the {{AliasMap}} service.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
