[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-12 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16395123#comment-16395123
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user asfgit closed the pull request at:

https://github.com/apache/drill/pull/1145


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:203)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:147)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ReconnectingConnection$ConnectionListeningFuture.waitAndRun(ReconnectingConnection.java:122)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-12 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16395110#comment-16395110
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user parthchandra commented on the issue:

https://github.com/apache/drill/pull/1145
  
+1


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:203)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:147)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ReconnectingConnection$ConnectionListeningFuture.waitAndRun(ReconnectingConnection.java:122)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-09 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16393667#comment-16393667
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user sohami commented on the issue:

https://github.com/apache/drill/pull/1145
  
Made all the changes and squashed changes into 2 commits


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:203)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:147)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ReconnectingConnection$ConnectionListeningFuture.waitAndRun(ReconnectingConnection.java:122)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-09 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16393340#comment-16393340
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173529580
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/BitRpcUtility.java ---
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.drill.exec.rpc;
+
+import com.google.common.collect.ImmutableList;
+import com.google.protobuf.Internal.EnumLite;
+import com.google.protobuf.MessageLite;
+import org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint;
+import org.apache.drill.exec.rpc.security.AuthenticatorFactory;
+import org.apache.drill.exec.rpc.security.SaslProperties;
+import org.apache.hadoop.security.UserGroupInformation;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Utility class providing common methods shared between {@link 
org.apache.drill.exec.rpc.data.DataClient} and
+ * {@link org.apache.drill.exec.rpc.control.ControlClient}
+ */
+public final class BitRpcUtility {
+  private static final org.slf4j.Logger logger = 
org.slf4j.LoggerFactory.getLogger(BitRpcUtility.class);
+
+  /**
+   * Method to do validation on the handshake message received from server 
side. Only used by BitClients NOT UserClient.
+   * Verify if rpc version of handshake message matches the supported 
RpcVersion and also validates the
+   * security configuration between client and server
+   * @param handshakeRpcVersion - rpc version received in handshake message
+   * @param remoteAuthMechs - authentication mechanisms supported by server
+   * @param rpcVersion - supported rpc version on client
+   * @param connection - client connection
+   * @param config - client connectin config
+   * @param client - data client or control client
+   * @return - Immutable list of authentication mechanisms supported by 
server or null
+   * @throws RpcException - exception is thrown if rpc version or 
authentication configuration mismatch is found
+   */
+  public static List validateHandshake(int handshakeRpcVersion, 
List remoteAuthMechs, int rpcVersion,
+   ClientConnection 
connection, BitConnectionConfig config,
+   BasicClient client) throws 
RpcException {
+
+if (handshakeRpcVersion != rpcVersion) {
+  throw new RpcException(String.format("Invalid rpc version.  Expected 
%d, actual %d.",
+handshakeRpcVersion, rpcVersion));
+}
+
+if (remoteAuthMechs.size() != 0) { // remote requires authentication
+  client.setAuthComplete(false);
+  return ImmutableList.copyOf(remoteAuthMechs);
+} else {
+  if (config.getAuthMechanismToUse() != null) { // local requires 
authentication
+throw new RpcException(String.format("Remote Drillbit does not 
require auth, but auth is enabled in " +
+  "local Drillbit configuration. [Details: connection: (%s) and 
LocalAuthMechanism: (%s). Please check " +
+  "security configuration for bit-to-bit.", connection.getName(), 
config.getAuthMechanismToUse()));
+  }
+}
+return null;
+  }
+
+  /**
+   * Creates various instances needed to start the SASL handshake. This is 
called from
+   * {@link BasicClient#prepareSaslHandshake(RpcConnectionHandler, List)} 
only for
+   * {@link org.apache.drill.exec.rpc.data.DataClient} and {@link 
org.apache.drill.exec.rpc.control.ControlClient}
+   *
+   * @param connectionHandler- Connection handler used by client's to 
know about success/failure conditions.
+   * @param serverAuthMechanisms - List of auth mechanisms configured on 
server side
+   * @param connection

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-09 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16393341#comment-16393341
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173529523
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/BitRpcUtility.java ---
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.drill.exec.rpc;
+
+import com.google.common.collect.ImmutableList;
+import com.google.protobuf.Internal.EnumLite;
+import com.google.protobuf.MessageLite;
+import org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint;
+import org.apache.drill.exec.rpc.security.AuthenticatorFactory;
+import org.apache.drill.exec.rpc.security.SaslProperties;
+import org.apache.hadoop.security.UserGroupInformation;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Utility class providing common methods shared between {@link 
org.apache.drill.exec.rpc.data.DataClient} and
+ * {@link org.apache.drill.exec.rpc.control.ControlClient}
+ */
+public final class BitRpcUtility {
+  private static final org.slf4j.Logger logger = 
org.slf4j.LoggerFactory.getLogger(BitRpcUtility.class);
+
+  /**
+   * Method to do validation on the handshake message received from server 
side. Only used by BitClients NOT UserClient.
+   * Verify if rpc version of handshake message matches the supported 
RpcVersion and also validates the
+   * security configuration between client and server
+   * @param handshakeRpcVersion - rpc version received in handshake message
+   * @param remoteAuthMechs - authentication mechanisms supported by server
+   * @param rpcVersion - supported rpc version on client
+   * @param connection - client connection
+   * @param config - client connectin config
+   * @param client - data client or control client
+   * @return - Immutable list of authentication mechanisms supported by 
server or null
+   * @throws RpcException - exception is thrown if rpc version or 
authentication configuration mismatch is found
+   */
+  public static List validateHandshake(int handshakeRpcVersion, 
List remoteAuthMechs, int rpcVersion,
+   ClientConnection 
connection, BitConnectionConfig config,
+   BasicClient client) throws 
RpcException {
+
+if (handshakeRpcVersion != rpcVersion) {
+  throw new RpcException(String.format("Invalid rpc version.  Expected 
%d, actual %d.",
+handshakeRpcVersion, rpcVersion));
+}
+
+if (remoteAuthMechs.size() != 0) { // remote requires authentication
+  client.setAuthComplete(false);
+  return ImmutableList.copyOf(remoteAuthMechs);
+} else {
+  if (config.getAuthMechanismToUse() != null) { // local requires 
authentication
+throw new RpcException(String.format("Remote Drillbit does not 
require auth, but auth is enabled in " +
+  "local Drillbit configuration. [Details: connection: (%s) and 
LocalAuthMechanism: (%s). Please check " +
+  "security configuration for bit-to-bit.", connection.getName(), 
config.getAuthMechanismToUse()));
+  }
+}
+return null;
+  }
+
+  /**
+   * Creates various instances needed to start the SASL handshake. This is 
called from
+   * {@link BasicClient#prepareSaslHandshake(RpcConnectionHandler, List)} 
only for
+   * {@link org.apache.drill.exec.rpc.data.DataClient} and {@link 
org.apache.drill.exec.rpc.control.ControlClient}
+   *
+   * @param connectionHandler- Connection handler used by client's to 
know about success/failure conditions.
+   * @param serverAuthMechanisms - List of auth mechanisms configured on 
server side
+   * @param connection

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-08 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16392508#comment-16392508
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173375649
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/client/DrillClient.java ---
@@ -96,6 +96,8 @@
 
 import io.netty.channel.EventLoopGroup;
 
+import javax.validation.constraints.NotNull;
--- End diff --

Please use java.annotation.Nonnull or org.jetbrains.annotations.NotNull (or 
do not annotate, it is inferred).


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:203)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-08 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16392454#comment-16392454
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user sohami commented on the issue:

https://github.com/apache/drill/pull/1145
  
@vrozov - Thanks for the feedback. Update the PR with latest changes. 
Please help to review.


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:203)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:147)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ReconnectingConnection$ConnectionListeningFuture.waitAndRun(ReconnectingConnection.java:122)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-08 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16391620#comment-16391620
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173237142
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/control/ControlClient.java
 ---
@@ -103,6 +96,23 @@ protected void handle(ControlConnection connection, int 
rpcType, ByteBuf pBody,
 connection.getCurrentHandler().handle(connection, rpcType, pBody, 
dBody, sender);
   }
 
+  @Override
+  protected void prepareSaslHandshake(final 
RpcConnectionHandler connectionListener)
--- End diff --

It is defined in `protocol`. Consider adding the dependency on the 
`protocol`jar.


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-08 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16391605#comment-16391605
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173236107
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/client/DrillClient.java ---
@@ -371,17 +376,20 @@ protected void afterExecute(final Runnable r, final 
Throwable t) {
 
 while (triedEndpointIndex < connectTriesVal) {
   endpoint = endpoints.get(triedEndpointIndex);
+
+  // Set in both props and properties since props is passed to 
UserClient
+  if (!properties.containsKey(DrillProperties.SERVICE_HOST)) {
--- End diff --

- Use `put` and add `TODO` comment.

 - What is a reason not to use API available in the minimum supported 
version assuming that support for JDK 7 is dropped as part of 
https://issues.apache.org/jira/browse/DRILL-1491?


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-08 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16391594#comment-16391594
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173234604
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/client/DrillClient.java ---
@@ -312,6 +312,11 @@ public synchronized void connect(String connect, 
Properties props) throws RpcExc
 if (connected) {
   return;
 }
+
+if (props == null) {
--- End diff --

My recommendation is to change other 2 overloaded methods to pass `new 
Properties()` instead of `null` and making it explicit that `null` is not 
allowed (avoid passing `null` and checking for `null` at the same time).


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-07 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16390592#comment-16390592
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user sohami commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173041288
  
--- Diff: exec/rpc/src/main/java/org/apache/drill/exec/rpc/BasicClient.java 
---
@@ -182,6 +196,66 @@ public boolean isActive() {
 
   protected abstract void validateHandshake(HR validateHandshake) throws 
RpcException;
 
+  /**
+   * Creates various instances needed to start the SASL handshake. This is 
called from
+   * {@link BasicClient#validateHandshake(MessageLite)} if authentication 
is required from server side.
+   * @param connectionListener
+   * @throws RpcException
+   */
+  protected abstract void prepareSaslHandshake(final 
RpcConnectionHandler connectionListener) throws RpcException;
--- End diff --

removed from here and `startSaslHandshake`


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-07 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16390590#comment-16390590
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user sohami commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173041420
  
--- Diff: exec/rpc/src/main/java/org/apache/drill/exec/rpc/BasicClient.java 
---
@@ -69,6 +74,11 @@
   private final IdlePingHandler pingHandler;
   private ConnectionMultiListener.SSLHandshakeListener 
sslHandshakeListener = null;
 
+  // Authentication related parameters
+  protected volatile List serverAuthMechanisms = null;
--- End diff --

On second thought volatile doesn't seem necessary here since it will only 
be accessed by Netty's thread which is also fixed for a connection. 
Made fields private.


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-07 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16390593#comment-16390593
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user sohami commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173041172
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/control/ControlClient.java
 ---
@@ -103,6 +96,23 @@ protected void handle(ControlConnection connection, int 
rpcType, ByteBuf pBody,
 connection.getCurrentHandler().handle(connection, rpcType, pBody, 
dBody, sender);
   }
 
+  @Override
+  protected void prepareSaslHandshake(final 
RpcConnectionHandler connectionListener)
--- End diff --

`RpcType.SASL_MESSAGE` message accessed within `prepareSaslHandshake` 
implementation of DataClient/ControlClient is defined separately. Also each of 
these client except UserClient has access to ConnectionConfig which is not part 
of BasicClient too and is used in prepareSaslHandshake implementation. Hence I 
kept the implementations separate for both DataClient and ControlClient.


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}       

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-07 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16390591#comment-16390591
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user sohami commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173041032
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/client/DrillClient.java ---
@@ -371,17 +376,20 @@ protected void afterExecute(final Runnable r, final 
Throwable t) {
 
 while (triedEndpointIndex < connectTriesVal) {
   endpoint = endpoints.get(triedEndpointIndex);
+
+  // Set in both props and properties since props is passed to 
UserClient
+  if (!properties.containsKey(DrillProperties.SERVICE_HOST)) {
--- End diff --

`putIfAbsent` is Java 8 specific api. Today we had a discussion that until 
next release we don't want to bring dependency on Java 8 only api's.


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}       

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-07 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16390594#comment-16390594
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user sohami commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r173043030
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/client/DrillClient.java ---
@@ -312,6 +312,11 @@ public synchronized void connect(String connect, 
Properties props) throws RpcExc
 if (connected) {
   return;
 }
+
+if (props == null) {
--- End diff --

Not totally sure what you mean here. Since there are 2 other overloaded 
methods which call's this method internally. They do pass null props and are 
used across multiple tests. 

May be I can check for props in those method instead and create a instance 
of it if needed ? Then we can place NotNull tag on this connect method. That 
will not require to change any existing tests.


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-06 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16388875#comment-16388875
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r172667685
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/client/DrillClient.java ---
@@ -312,6 +312,11 @@ public synchronized void connect(String connect, 
Properties props) throws RpcExc
 if (connected) {
   return;
 }
+
+if (props == null) {
--- End diff --

Consider making `props` `@NotNull`.


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:203)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-06 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16388878#comment-16388878
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r172678483
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/control/ControlClient.java
 ---
@@ -103,6 +96,23 @@ protected void handle(ControlConnection connection, int 
rpcType, ByteBuf pBody,
 connection.getCurrentHandler().handle(connection, rpcType, pBody, 
dBody, sender);
   }
 
+  @Override
+  protected void prepareSaslHandshake(final 
RpcConnectionHandler connectionListener)
--- End diff --

The implementation seems to be common between Control and Data client, can 
it be unified here?


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-06 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16388876#comment-16388876
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r172642452
  
--- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/client/DrillClient.java ---
@@ -371,17 +376,20 @@ protected void afterExecute(final Runnable r, final 
Throwable t) {
 
 while (triedEndpointIndex < connectTriesVal) {
   endpoint = endpoints.get(triedEndpointIndex);
+
+  // Set in both props and properties since props is passed to 
UserClient
+  if (!properties.containsKey(DrillProperties.SERVICE_HOST)) {
--- End diff --

Use `putIfAbsent()` instead of `containsKey()` (avoid double get()).


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-06 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16388879#comment-16388879
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r172718426
  
--- Diff: exec/rpc/src/main/java/org/apache/drill/exec/rpc/BasicClient.java 
---
@@ -69,6 +74,11 @@
   private final IdlePingHandler pingHandler;
   private ConnectionMultiListener.SSLHandshakeListener 
sslHandshakeListener = null;
 
+  // Authentication related parameters
+  protected volatile List serverAuthMechanisms = null;
--- End diff --

Is `volatile` necessary? Consider making all variables private and 
providing `setAuthRequired(List authMechanisms)`.


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:203)
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-06 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16388877#comment-16388877
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user vrozov commented on a diff in the pull request:

https://github.com/apache/drill/pull/1145#discussion_r172678133
  
--- Diff: exec/rpc/src/main/java/org/apache/drill/exec/rpc/BasicClient.java 
---
@@ -182,6 +196,66 @@ public boolean isActive() {
 
   protected abstract void validateHandshake(HR validateHandshake) throws 
RpcException;
 
+  /**
+   * Creates various instances needed to start the SASL handshake. This is 
called from
+   * {@link BasicClient#validateHandshake(MessageLite)} if authentication 
is required from server side.
+   * @param connectionListener
+   * @throws RpcException
+   */
+  protected abstract void prepareSaslHandshake(final 
RpcConnectionHandler connectionListener) throws RpcException;
--- End diff --

None of the implementations seems to throw an RpcException.


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16382997#comment-16382997
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

Github user sohami commented on the issue:

https://github.com/apache/drill/pull/1145
  
@vrozov - Please help to review this PR.
It address the concurrency issue during authentication of control/data 
client to server side. Rather than adding the connection into connection holder 
right after TCP connection is available, the listener for connection success is 
called after successful authentication (if needed).


> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataTunnel$SendBatchAsyncListen.connectionFailed(DataTunnel.java:166)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:203)
>  ~[drill-java-exec-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.data.DataClient$AuthenticationCommand.connectionSucceeded(DataClient.java:147)
>

[jira] [Commented] (DRILL-6187) Exception in RPC communication between DataClient/ControlClient and respective servers when bit-to-bit security is on

2018-03-01 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/DRILL-6187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16382978#comment-16382978
 ] 

ASF GitHub Bot commented on DRILL-6187:
---

GitHub user sohami opened a pull request:

https://github.com/apache/drill/pull/1145

DRILL-6187: Exception in RPC communication between DataClient/Control…

…Client and respective servers when bit-to-bit security is on

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/sohami/drill DRILL-6187-2

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/drill/pull/1145.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1145


commit 4a7602b428ef4ef9fe358976713a78174bb82f57
Author: Sorabh Hamirwasia 
Date:   2018-03-01T23:08:10Z

DRILL-6187: Exception in RPC communication between DataClient/ControlClient 
and respective servers when bit-to-bit security is on




> Exception in RPC communication between DataClient/ControlClient and 
> respective servers when bit-to-bit security is on
> -
>
> Key: DRILL-6187
> URL: https://issues.apache.org/jira/browse/DRILL-6187
> Project: Apache Drill
>  Issue Type: Bug
>  Components: Execution - RPC, Security
>Reporter: Sorabh Hamirwasia
>Assignee: Sorabh Hamirwasia
>Priority: Major
> Fix For: 1.13.0
>
>
>  
> {color:#00}Below is the summary of issue: {color}
>  
> {color:#00}*Scenario:*{color}
> {color:#00}It seems like first sendRecordBatch was sent to Foreman which 
> initiated the Authentication handshake. But before initiating handshake for 
> auth we establish a connection and store that in a registry. Now if in 
> parallel there is another recordBatch (by a different minor fragment running 
> on same Drillbit) to be sent then that will see the connection available in 
> registry and will initiate the send. Before the authentication is completed 
> this second request reached foreman and it throws below exception saying RPC 
> type 3 message is not allowed and closes the connection. This also fails the 
> authentication handshake which was in progress.{color}{color:#00} Here 
> the logs with details:{color}
> {color:#00} {color}
> {color:#00}*Forman received the SASL_START message from another 
> node:*{color}
> {color:#00}*_2018-02-21 18:43:30,759 
> [_*{color}{color:#00}_BitServer-4] TRACE 
> o.a.d.e.r.s.ServerAuthenticationHandler - Received SASL message SASL_START 
> from /10.10.100.161:35482_{color}
> {color:#00} {color}
> {color:#00}*Then around same time it received another message from client 
> of Rpc Type 3 which is for SendRecordBatch and fails since handshake is not 
> completed yet.*{color}
> {color:#00} {color}
> {color:#00}*_2018-02-21 18:43:30,762_*{color}{color:#00} 
> _[BitServer-4] ERROR o.a.d.exec.rpc.RpcExceptionHandler - Exception in RPC 
> communication.  Connection: /10.10.100.162:31012 <--> /__10.10.100.161:35482_ 
> _(data server).  Closing connection._{color}
> {color:#00}_io.netty.handler.codec.DecoderException: 
> org.apache.drill.exec.rpc.RpcException: Request of type 3 is not allowed 
> without authentication. Client on /__10.10.100.161:35482_ _must authenticate 
> before making requests. Connection dropped. [Details: Encryption: enabled , 
> MaxWrappedSize: 65536 , WrapSizeLimit: 0]_{color}
> {color:#00} {color}
> {color:#00}*Then client receives an channel closed exception:*{color}
> {color:#00} {color}
> {color:#00}*2018-02-21 18:43:30,764 [*{color}{color:#00}BitClient-4] 
> WARN  o.a.d.exec.rpc.RpcExceptionHandler - Exception occurred with closed 
> channel.  Connection: /_10.10.100.161:35482_ <--> _10.10.100.162:31012_ (data 
> client){color}
> {color:#00} {color}
> {color:#00}*and due to this it's initial command for authentication also 
> fails. Since there is channel closed exception above I will think that 
> triggered the failure of authentication request as well.*{color}
> {color:#00} {color}
> {color:#00}_Caused by: org.apache.drill.exec.rpc.RpcException: Command 
> failed while establishing connection.  Failure type AUTHENTICATION._{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.RpcException.mapException(RpcException.java:67) 
> ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
> org.apache.drill.exec.rpc.ListeningCommand.connectionFailed(ListeningCommand.java:66)
>  ~[drill-rpc-1.12.0-mapr.jar:1.12.0-mapr]_{color}
> {color:#00}        _at 
>