subject:"\[jira\] \[Commented\] \(HDDS\-2321\) Ozone Block Token verify should not apply to all datanode cmd"

[jira] [Commented] (HDDS-2321) Ozone Block Token verify should not apply to all datanode cmd

2019-10-31 Thread Xiaoyu Yao (Jira)



[ 
https://issues.apache.org/jira/browse/HDDS-2321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16964461#comment-16964461
 ] 

Xiaoyu Yao commented on HDDS-2321:
--

{quote}Since SCM has the root cert, it might be intresting if it send a token 
over, that way these commands are also verified.

In the long run, or even the short run, these SCM commands to DNs will go away.
{quote}
Good point. We will use follow up JIRAs to add SCM and DN tokens for other 
command types. This one focus on Om block token check improvement but allows 
future extension for SCM/DN tokens. 

> Ozone Block Token verify should not apply to all datanode cmd
> -
>
> Key: HDDS-2321
> URL: https://issues.apache.org/jira/browse/HDDS-2321
> Project: Hadoop Distributed Data Store
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nilotpal Nandi
>Assignee: Xiaoyu Yao
>Priority: Major
>  Labels: pull-request-available
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> DN container protocol has cmd send from SCM or other DN, which do not bear OM 
> block token like OM client. We should restrict the OM Block token check only 
> for those issued from OM client. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDDS-2321) Ozone Block Token verify should not apply to all datanode cmd

2019-10-18 Thread Xiaoyu Yao (Jira)



[ 
https://issues.apache.org/jira/browse/HDDS-2321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16954333#comment-16954333
 ] 

Xiaoyu Yao commented on HDDS-2321:
--

Attaching an error stack where closeContainer from SCM does not have a block 
token. 

 

 
|6:28:58.847 AM|ERROR|DatanodeStateMachine|Critical Error : Command processor 
thread encountered an error. Thread: Thread[Command processor thread,5,main]
java.lang.IllegalArgumentException: Null user
at 
org.apache.hadoop.security.UserGroupInformation.createRemoteUser(UserGroupInformation.java:1415)
at 
org.apache.hadoop.security.UserGroupInformation.createRemoteUser(UserGroupInformation.java:1402)
at 
org.apache.hadoop.hdds.security.token.BlockTokenVerifier.verify(BlockTokenVerifier.java:118)
at 
org.apache.hadoop.ozone.container.common.transport.server.XceiverServer.submitRequest(XceiverServer.java:68)
at 
org.apache.hadoop.ozone.container.common.transport.server.ratis.XceiverServerRatis.submitRequest(XceiverServerRatis.java:496)
at 
org.apache.hadoop.ozone.container.common.statemachine.commandhandler.CloseContainerCommandHandler.handle(CloseContainerCommandHandler.java:102)
at 
org.apache.hadoop.ozone.container.common.statemachine.commandhandler.CommandDispatcher.handle(CommandDispatcher.java:99)
at 
org.apache.hadoop.ozone.container.common.statemachine.DatanodeStateMachine.lambda$initCommandHandlerThread$1(DatanodeStateMachine.java:432)
at java.lang.Thread.run(Thread.java:748)|

> Ozone Block Token verify should not apply to all datanode cmd
> -
>
> Key: HDDS-2321
> URL: https://issues.apache.org/jira/browse/HDDS-2321
> Project: Hadoop Distributed Data Store
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nilotpal Nandi
>Assignee: Xiaoyu Yao
>Priority: Major
>
> DN container protocol has cmd send from SCM or other DN, which do not bear OM 
> block token like OM client. We should restrict the OM Block token check only 
> for those issued from OM client. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDDS-2321) Ozone Block Token verify should not apply to all datanode cmd

2019-10-17 Thread Anu Engineer (Jira)



[ 
https://issues.apache.org/jira/browse/HDDS-2321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16954062#comment-16954062
 ] 

Anu Engineer commented on HDDS-2321:


Since SCM has the root cert, it might be intresting if it send a token over, 
that way these commands are also verified.

In the long run, or even the short run, these SCM commands to DNs will go away.

> Ozone Block Token verify should not apply to all datanode cmd
> -
>
> Key: HDDS-2321
> URL: https://issues.apache.org/jira/browse/HDDS-2321
> Project: Hadoop Distributed Data Store
>  Issue Type: Bug
>Affects Versions: 0.4.1
>Reporter: Nilotpal Nandi
>Assignee: Xiaoyu Yao
>Priority: Major
>
> DN container protocol has cmd send from SCM or other DN, which do not bear OM 
> block token like OM client. We should restrict the OM Block token check only 
> for those issued from OM client. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDDS-2321) Ozone Block Token verify should not apply to all datanode cmd

[jira] [Commented] (HDDS-2321) Ozone Block Token verify should not apply to all datanode cmd

[jira] [Commented] (HDDS-2321) Ozone Block Token verify should not apply to all datanode cmd

3 matches

Site Navigation

Mail list logo

Footer information