[
https://issues.apache.org/jira/browse/HDDS-4644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaoyu Yao resolved HDDS-4644.
------------------------------
Fix Version/s: 1.1.0
Resolution: Fixed
> Block token verification failed: no READ permission for WriteChunk
> ------------------------------------------------------------------
>
> Key: HDDS-4644
> URL: https://issues.apache.org/jira/browse/HDDS-4644
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.1.0
> Reporter: Attila Doroszlai
> Assignee: Attila Doroszlai
> Priority: Critical
> Labels: pull-request-available
> Fix For: 1.1.0
>
>
> With HDDS-4558 committed, secure acceptance test logs increased considerably
> (over 1GB).
> https://github.com/apache/ozone/actions/runs/462095579
> I think the root cause is that {{WriteChunk}} request may need to also
> {{ReadChunk}}, but now it fails because it only has write access:
> {code}
> datanode_3 | 2021-01-05 10:41:23,067 [ChunkWriter-1-0] INFO
> impl.HddsDispatcher: Operation: ReadChunk , Trace ID: , Message: Block token
> verification failed. Block token with conID: 1 locID: 105502689303461889
> doesn't have READ permission , Result: BLOCK_TOKEN_VERIFICATION_FAILED ,
> StorageContainerException Occurred.
> datanode_3 |
> org.apache.hadoop.hdds.scm.container.common.helpers.StorageContainerException:
> Block token verification failed. Block token with conID: 1 locID:
> 105502689303461889 doesn't have READ permission
> datanode_3 | at
> org.apache.hadoop.ozone.container.common.impl.HddsDispatcher.dispatchRequest(HddsDispatcher.java:214)
> datanode_3 | at
> org.apache.hadoop.ozone.container.common.impl.HddsDispatcher.lambda$dispatch$0(HddsDispatcher.java:171)
> datanode_3 | at
> org.apache.hadoop.hdds.server.OzoneProtocolMessageDispatcher.processRequest(OzoneProtocolMessageDispatcher.java:87)
> datanode_3 | at
> org.apache.hadoop.ozone.container.common.impl.HddsDispatcher.dispatch(HddsDispatcher.java:170)
> datanode_3 | at
> org.apache.hadoop.ozone.container.common.transport.server.ratis.ContainerStateMachine.dispatchCommand(ContainerStateMachine.java:398)
> datanode_3 | at
> org.apache.hadoop.ozone.container.common.transport.server.ratis.ContainerStateMachine.readStateMachineData(ContainerStateMachine.java:585)
> datanode_3 | at
> org.apache.hadoop.ozone.container.common.transport.server.ratis.ContainerStateMachine.lambda$read$5(ContainerStateMachine.java:656)
> datanode_3 | at
> java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
> datanode_3 | at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> datanode_3 | at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> datanode_3 | at java.base/java.lang.Thread.run(Thread.java:834)
> datanode_3 | Caused by:
> org.apache.hadoop.hdds.security.token.BlockTokenException: Block token with
> conID: 1 locID: 105502689303461889 doesn't have READ permission
> datanode_3 | at
> org.apache.hadoop.hdds.security.token.BlockTokenVerifier.verify(BlockTokenVerifier.java:131)
> datanode_3 | at
> org.apache.hadoop.ozone.container.common.impl.HddsDispatcher.validateBlockToken(HddsDispatcher.java:431)
> datanode_3 | at
> org.apache.hadoop.ozone.container.common.impl.HddsDispatcher.dispatchRequest(HddsDispatcher.java:211)
> datanode_3 | ... 10 more
> datanode_3 | 2021-01-05 10:41:23,083 [ChunkWriter-1-0] ERROR
> ratis.ContainerStateMachine: gid group-5BCDF056E270 : ReadStateMachine
> failed. cmd ReadChunk logIndex 4 msg : Block token verification failed. Block
> token with conID: 1 locID: 105502689303461889 doesn't have READ permission
> Container Result: BLOCK_TOKEN_VERIFICATION_FAILED
> {code}
> CC [~elek] [~xyao]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
