[
https://issues.apache.org/jira/browse/HDFS-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13565405#comment-13565405
]
Daryn Sharp commented on HDFS-4448:
-----------------------------------
Does this present any issues for kerberos authentication on the multiple
interfaces? I think we'd need principals for each canonical hostname of all
interfaces, which I'm not sure the security infrastructure will support?
Although perhaps I'm misunderstanding the issue.
> HA NN does not start with wildcard address configured for other NN when
> security is enabled
> -------------------------------------------------------------------------------------------
>
> Key: HDFS-4448
> URL: https://issues.apache.org/jira/browse/HDFS-4448
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: ha, namenode, security
> Affects Versions: 2.0.3-alpha
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HDFS-4448.patch, HDFS-4448.patch
>
>
> Currently if one tries to configure HA NNs use the wildcard HTTP address when
> security is enabled, the NN will fail to start with an error like the
> following:
> {code}
> java.lang.IllegalArgumentException: java.io.IOException: Cannot use a
> wildcard address with security. Must explicitly set bind address for Kerberos
> {code}
> This is the case even if one configures an actual address for the other NN's
> HTTP address. There's no good reason for this, since we now check for the
> local address being set to 0.0.0.0 and determine the canonical hostname for
> Kerberos purposes using
> {{InetAddress.getLocalHost().getCanonicalHostName()}}, so we should remove
> the restriction.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
