[
https://issues.apache.org/jira/browse/HDDS-10328?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang resolved HDDS-10328.
------------------------------------
Fix Version/s: 1.5.0
Resolution: Fixed
> Support cross realm Kerberos out of box
> ---------------------------------------
>
> Key: HDDS-10328
> URL: https://issues.apache.org/jira/browse/HDDS-10328
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.5.0
>
>
> When issuing Ozone commands across clusters in different Kerberos realm, it
> produces the following error:
> {noformat}
> # hdfs dfs -ls ofs://ozone1707264383/
> 24/02/07 18:47:36 INFO retry.RetryInvocationHandler:
> com.google.protobuf.ServiceException: java.io.IOException: DestHost:destPort
> ccycloud-1.weichiu-dst.root.comops.site:9862 , LocalHost:localPort
> ccycloud-1.weichiu-src.local/10.140.99.144:0. Failed on local exception:
> java.io.IOException: Couldn't set up IO streams:
> java.lang.IllegalArgumentException: Server has invalid Kerberos principal:
> om/[email protected], expecting:
> OM/ccycloud-1.weichiu-dst.local@REALM, while invoking $Proxy10.submitRequest
> over nodeId=om26,nodeAddress=ccycloud-1.weichiu-dst.local:9862 after 3
> failover attempts. Trying to failover immediately.
> {noformat}
> This is because ozone.om.kerberos.principal is not defined properly.
> On the contrary, HDFS does not have this issue because HDFS-7546 already
> added the default value for dfs.namenode.kerberos.principal.pattern which is
> wildcard.
> We should do the same for ozone.om.kerberos.principal.pattern.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
