[
https://issues.apache.org/jira/browse/HDDS-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Neil Joshi updated HDDS-7193:
-----------------------------
Description:
Currently the S3 gateway configured with Grpc using the Ranger Authorizer will
generate an unhandled exception for listKeys requests causing the requests to
fail with an ambiguous failure.
For s3 list-objects requests with the Ranger Authorizer, the ranger plugin
RangerOzoneAuthorizer.java throws an NPE when accessing the ip address of the
client for the ranger request. This NPE is unhandled by the OzoneManager and
results in the s3gateway and logs providing ambiguous failures.
*Note:* The following stack trace was generated after instrumenting the code to
capture the hidden underlying cause of the error:
{code:java}
2022-08-25 08:48:57,836 [grpc-default-executor-0] ERROR
org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer:
java.lang.NullPointerException
at
org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer.checkAccess(RangerOzoneAuthorizer.java:131)
at
org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer.checkAccess(RangerOzoneAuthorizer.java:91)
at
org.apache.hadoop.ozone.om.OzoneManager.checkAcls(OzoneManager.java:2544)
at
org.apache.hadoop.ozone.om.OzoneManager.checkAcls(OzoneManager.java:2530)
at
org.apache.hadoop.ozone.om.OzoneManager.resolveBucketLink(OzoneManager.java:4208)
at
org.apache.hadoop.ozone.om.OzoneManager.resolveBucketLink(OzoneManager.java:4161)
at
org.apache.hadoop.ozone.om.OzoneManager.listKeys(OzoneManager.java:2838)
at
org.apache.hadoop.ozone.protocolPB.OzoneManagerRequestHandler.listKeys(OzoneManagerRequestHandler.java:584)
at
org.apache.hadoop.ozone.protocolPB.OzoneManagerRequestHandler.handleReadRequest(OzoneManagerRequestHandler.java:193)
at
org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.submitReadRequestToOM(OzoneManagerProtocolServerSideTranslatorPB.java:226)
at
org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.processRequest(OzoneManagerProtocolServerSideTranslatorPB.java:175)
at
org.apache.hadoop.hdds.server.OzoneProtocolMessageDispatcher.processRequest(OzoneProtocolMessageDispatcher.java:87)
at
org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.submitRequest(OzoneManagerProtocolServerSideTranslatorPB.java:147)
at
org.apache.hadoop.ozone.om.OzoneManagerServiceGrpc.submitRequest(OzoneManagerServiceGrpc.java:87)
at
org.apache.hadoop.ozone.protocol.proto.OzoneManagerServiceGrpc$MethodHandlers.invoke(OzoneManagerServiceGrpc.java:237)
at
io.grpc.stub.ServerCalls$UnaryServerCallHandler$UnaryServerCallListener.onHalfClose(ServerCalls.java:182)
{code}
There appears to be still a dependency on legacy hadoop RPC thread context
information from the Server.Call class for each request processed for S3
gateway requests. Within this Server thread context it is assumed to carry the
ip address of the client. For the S3Gateway configured with Grpc this Server
thread context on the OM is mainly unused and should be decoupled from handling
the requests with the ozone manager.
was:
Currently the S3 gateway configured with Grpc using the Ranger Authorizer will
generate an unhandled exception for listKeys requests causing the requests to
fail with an ambiguous failure.
For s3 list-objects requests with the Ranger Authorizer, the ranger plugin
RangerOzoneAuthorizer.java throws an NPE when accessing the ip address of the
client for the ranger request. This NPE is unhandled by the OzoneManager and
results in the s3gateway and logs providing ambiguous failures.
*Note:* The following stack trace was generated after instrumenting the code to
capture the hidden underlying cause of the error:
{code:java}
2022-08-25 08:48:57,836 [grpc-default-executor-0] ERROR
org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer:
java.lang.NullPointerException
at
org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer.checkAccess(RangerOzoneAuthorizer.java:131)
at
org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer.checkAccess(RangerOzoneAuthorizer.java:91)
at
org.apache.hadoop.ozone.om.OzoneManager.checkAcls(OzoneManager.java:2544)
at
org.apache.hadoop.ozone.om.OzoneManager.checkAcls(OzoneManager.java:2530)
at
org.apache.hadoop.ozone.om.OzoneManager.resolveBucketLink(OzoneManager.java:4208)
at
org.apache.hadoop.ozone.om.OzoneManager.resolveBucketLink(OzoneManager.java:4161)
at
org.apache.hadoop.ozone.om.OzoneManager.listKeys(OzoneManager.java:2838)
at
org.apache.hadoop.ozone.protocolPB.OzoneManagerRequestHandler.listKeys(OzoneManagerRequestHandler.java:584)
at
org.apache.hadoop.ozone.protocolPB.OzoneManagerRequestHandler.handleReadRequest(OzoneManagerRequestHandler.java:193)
at
org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.submitReadRequestToOM(OzoneManagerProtocolServerSideTranslatorPB.java:226)
at
org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.processRequest(OzoneManagerProtocolServerSideTranslatorPB.java:175)
at
org.apache.hadoop.hdds.server.OzoneProtocolMessageDispatcher.processRequest(OzoneProtocolMessageDispatcher.java:87)
at
org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.submitRequest(OzoneManagerProtocolServerSideTranslatorPB.java:147)
at
org.apache.hadoop.ozone.om.OzoneManagerServiceGrpc.submitRequest(OzoneManagerServiceGrpc.java:87)
at
org.apache.hadoop.ozone.protocol.proto.OzoneManagerServiceGrpc$MethodHandlers.invoke(OzoneManagerServiceGrpc.java:237)
at
io.grpc.stub.ServerCalls$UnaryServerCallHandler$UnaryServerCallListener.onHalfClose(ServerCalls.java:182)
{code}
There appears to be still a dependency on legacy hadoop RPC thread context
information from the Server.Call class for each request processed for S3
gateway requests. Within this Server thread context it is assumed to carry the
ip address of the client. For the S3Gateway configured with Grpc this Server
thread context on the OM manager is mainly unused and should be decoupled from
handling the requests with the ozone manager.
> S3gateway Grpc Ranger Authorizer NPE Unhandled Exception
> ---------------------------------------------------------
>
> Key: HDDS-7193
> URL: https://issues.apache.org/jira/browse/HDDS-7193
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Neil Joshi
> Priority: Major
>
> Currently the S3 gateway configured with Grpc using the Ranger Authorizer
> will generate an unhandled exception for listKeys requests causing the
> requests to fail with an ambiguous failure.
> For s3 list-objects requests with the Ranger Authorizer, the ranger plugin
> RangerOzoneAuthorizer.java throws an NPE when accessing the ip address of the
> client for the ranger request. This NPE is unhandled by the OzoneManager and
> results in the s3gateway and logs providing ambiguous failures.
>
> *Note:* The following stack trace was generated after instrumenting the code
> to capture the hidden underlying cause of the error:
> {code:java}
> 2022-08-25 08:48:57,836 [grpc-default-executor-0] ERROR
> org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer:
> java.lang.NullPointerException
> at
> org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer.checkAccess(RangerOzoneAuthorizer.java:131)
> at
> org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer.checkAccess(RangerOzoneAuthorizer.java:91)
> at
> org.apache.hadoop.ozone.om.OzoneManager.checkAcls(OzoneManager.java:2544)
> at
> org.apache.hadoop.ozone.om.OzoneManager.checkAcls(OzoneManager.java:2530)
> at
> org.apache.hadoop.ozone.om.OzoneManager.resolveBucketLink(OzoneManager.java:4208)
> at
> org.apache.hadoop.ozone.om.OzoneManager.resolveBucketLink(OzoneManager.java:4161)
> at
> org.apache.hadoop.ozone.om.OzoneManager.listKeys(OzoneManager.java:2838)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerRequestHandler.listKeys(OzoneManagerRequestHandler.java:584)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerRequestHandler.handleReadRequest(OzoneManagerRequestHandler.java:193)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.submitReadRequestToOM(OzoneManagerProtocolServerSideTranslatorPB.java:226)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.processRequest(OzoneManagerProtocolServerSideTranslatorPB.java:175)
> at
> org.apache.hadoop.hdds.server.OzoneProtocolMessageDispatcher.processRequest(OzoneProtocolMessageDispatcher.java:87)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.submitRequest(OzoneManagerProtocolServerSideTranslatorPB.java:147)
> at
> org.apache.hadoop.ozone.om.OzoneManagerServiceGrpc.submitRequest(OzoneManagerServiceGrpc.java:87)
> at
> org.apache.hadoop.ozone.protocol.proto.OzoneManagerServiceGrpc$MethodHandlers.invoke(OzoneManagerServiceGrpc.java:237)
> at
> io.grpc.stub.ServerCalls$UnaryServerCallHandler$UnaryServerCallListener.onHalfClose(ServerCalls.java:182)
> {code}
>
> There appears to be still a dependency on legacy hadoop RPC thread context
> information from the Server.Call class for each request processed for S3
> gateway requests. Within this Server thread context it is assumed to carry
> the ip address of the client. For the S3Gateway configured with Grpc this
> Server thread context on the OM is mainly unused and should be decoupled from
> handling the requests with the ozone manager.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
