[jira] [Commented] (HDFS-15181) Webhdfs getTrashRoot() causes internal AccessControlException

Kihwal Lee (Jira) Tue, 18 Feb 2020 10:16:24 -0800


    [ 
https://issues.apache.org/jira/browse/HDFS-15181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17039314#comment-17039314
 ]


Kihwal Lee commented on HDFS-15181:
-----------------------------------

This is what is logged in the namenode log.
{noformat}
org.apache.hadoop.security.AccessControlException: Failed on local exception: 
org.apache.hadoop.security.AccessControlException: Client cannot authenticate 
via:[TOKEN, KERBEROS]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
        at org.apache.hadoop.net.NetUtils.wrapWithMessage(NetUtils.java:831)
        at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:808)
        at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1551)
        at org.apache.hadoop.ipc.Client.call(Client.java:1493)
        at org.apache.hadoop.ipc.Client.call(Client.java:1392)
        at 
org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:234)
        at 
org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:120)
        at com.sun.proxy.$Proxy20.getServerDefaults(Unknown Source)
        at 
org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getServerDefaults(ClientNamenodeProtocolTranslatorPB.java:279)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at 
org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:422)
        at 
org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeMethod(RetryInvocationHandler.java:165)
        at 
org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invoke(RetryInvocationHandler.java:157)
        at 
org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeOnce(RetryInvocationHandler.java:95)
        at 
org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:359)
        at com.sun.proxy.$Proxy21.getServerDefaults(Unknown Source)
        at 
org.apache.hadoop.hdfs.DFSClient.getServerDefaults(DFSClient.java:666)
        at 
org.apache.hadoop.hdfs.DFSClient.getKeyProviderUri(DFSClient.java:2967)
        at 
org.apache.hadoop.hdfs.DFSClient.isHDFSEncryptionEnabled(DFSClient.java:2992)
        at 
org.apache.hadoop.hdfs.DistributedFileSystem.getTrashRoot(DistributedFileSystem.java:2626)
        at 
org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods.getTrashRoot(NamenodeWebHdfsMethods.java:1272)
{noformat}

> Webhdfs getTrashRoot() causes internal AccessControlException
> -------------------------------------------------------------
>
>                 Key: HDFS-15181
>                 URL: https://issues.apache.org/jira/browse/HDFS-15181
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: webhdfs
>            Reporter: Kihwal Lee
>            Priority: Blocker
>
> HDFS-10756 added the {{getTrashRoot()}} support for WebHdfs. However, it was 
> done by creating a FileSystem instance in the namenode. This is unacceptable 
> for many reasons and also the implementation is not correct.  The current 
> implementation only works when security is off. When security is on, the 
> internal client received AccessControlException and does not work.
> A similar bug was preset in HDFS-11156. Again, this is not merely a 
> "performance bug".  These don't work with security on.  Fortunately 
> HDFS-11156 was reverted and reworked.  I've recently reverted it and ported 
> the rework to branch-2.10.
> Unless HDFS-10756 can be remedied quickly, it needs to be reverted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HDFS-15181) Webhdfs getTrashRoot() causes internal AccessControlException

Reply via email to