[
https://issues.apache.org/jira/browse/HDFS-4713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13635435#comment-13635435
]
Kihwal Lee commented on HDFS-4713:
----------------------------------
For standby bootstrapping, HDFS-3284 made it work but HDFS-3438 broke it again.
In general the proxy object for a protocol should be created with the config
that has the correct server principle set. For example, standby namenode talks
to active namenode via NamenodeProtocol, where the server principal key is
defined as DFS_NAMENODE_USER_NAME_KEY, "dfs.namenode.kerberos.principal". The
standby bootstrapping and checkpointing fail because the namenode proxy object
has a conf with DFS_NAMENODE_USER_NAME_KEY set to itself. The RPC address is
correctly set, but the wrong server principle is used.
When I modified the code to create the proxy with "other NN config", everything
worked.
I haven't checked thoroughly, but ConfiguredFailoverProxyProvider may have a
similar issue.
> Wrong server principal is used for rpc calls to namenode if HA is enabled
> -------------------------------------------------------------------------
>
> Key: HDFS-4713
> URL: https://issues.apache.org/jira/browse/HDFS-4713
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: ha, namenode
> Affects Versions: 2.0.4-alpha
> Reporter: Kihwal Lee
> Priority: Blocker
>
> When various components are connecting to a namenode in a HA-enabled
> environment, a wrong server principal may be picked up. This result in SASL
> failure, since the client-side used a wrong service ticket for the connection.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
