[ https://issues.apache.org/jira/browse/HADOOP-9880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13741810#comment-13741810 ]
Kihwal Lee edited comment on HADOOP-9880 at 2/19/14 10:55 PM: -------------------------------------------------------------- This is slightly more appealing hack than HDFS-3083. I've moved the call to the NN-specific {{checkAvailableForRead}} from the RPC layer into the NN's secret manager so it's only called when token auth is being performed. However, the current method signatures only allow {{InvalidToken}} to be thrown. So rather than change a bunch of signatures that may impact other projects, I've tunneled the {{StandyException}} in the cause of an {{InvalidToken}}. The RPC server will unwrap the nested exception.. was (Author: daryn): This is slightly more appealing hack than HDFS-3083. I've moved the call to the NN-specific {{checkAvailableForRead}} from the RPC layer into the NN's secret manager so it's only called when token auth is being performed. However, the current method signatures only allow {{InvalidToken}} to be thrown. So rather than change a bunch of signatures that may impact other projects, I've tunneled the {{StandyException}} in the cause of an {{InvalidToken}}. The RPC server will unwrap the nested exception. > SASL changes from HADOOP-9421 breaks Secure HA NN > -------------------------------------------------- > > Key: HADOOP-9880 > URL: https://issues.apache.org/jira/browse/HADOOP-9880 > Project: Hadoop Common > Issue Type: Bug > Affects Versions: 2.1.0-beta > Reporter: Kihwal Lee > Assignee: Daryn Sharp > Priority: Blocker > Fix For: 2.1.1-beta > > Attachments: HADOOP-9880.patch > > > buildSaslNegotiateResponse() will create a SaslRpcServer with TOKEN auth. > When create() is called against it, secretManager.checkAvailableForRead() is > called, which fails in HA standby. Thus HA standby nodes cannot be > transitioned to active. -- This message was sent by Atlassian JIRA (v6.1.5#6160)