[
https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13741810#comment-13741810
]
Kihwal Lee edited comment on HADOOP-9880 at 2/19/14 10:55 PM:
--------------------------------------------------------------
This is slightly more appealing hack than HDFS-3083.
I've moved the call to the NN-specific {{checkAvailableForRead}} from the RPC
layer into the NN's secret manager so it's only called when token auth is being
performed.
However, the current method signatures only allow {{InvalidToken}} to be
thrown. So rather than change a bunch of signatures that may impact other
projects, I've tunneled the {{StandyException}} in the cause of an
{{InvalidToken}}. The RPC server will unwrap the nested exception..
was (Author: daryn):
This is slightly more appealing hack than HDFS-3083.
I've moved the call to the NN-specific {{checkAvailableForRead}} from the RPC
layer into the NN's secret manager so it's only called when token auth is being
performed.
However, the current method signatures only allow {{InvalidToken}} to be
thrown. So rather than change a bunch of signatures that may impact other
projects, I've tunneled the {{StandyException}} in the cause of an
{{InvalidToken}}. The RPC server will unwrap the nested exception.
> SASL changes from HADOOP-9421 breaks Secure HA NN
> --------------------------------------------------
>
> Key: HADOOP-9880
> URL: https://issues.apache.org/jira/browse/HADOOP-9880
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.1.0-beta
> Reporter: Kihwal Lee
> Assignee: Daryn Sharp
> Priority: Blocker
> Fix For: 2.1.1-beta
>
> Attachments: HADOOP-9880.patch
>
>
> buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth.
> When create() is called against it, secretManager.checkAvailableForRead() is
> called, which fails in HA standby. Thus HA standby nodes cannot be
> transitioned to active.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
