[jira] [Comment Edited] (HADOOP-16705) MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug log
[ https://issues.apache.org/jira/browse/HADOOP-16705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16973502#comment-16973502 ] Lukas Majercak edited comment on HADOOP-16705 at 11/13/19 4:34 PM: --- Build failed because it used the .jpg file (n) was (Author: lukmajercak): Build failed because it used the .jpg file -_- > MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug > log > > > Key: HADOOP-16705 > URL: https://issues.apache.org/jira/browse/HADOOP-16705 > Project: Hadoop Common > Issue Type: Improvement > Components: metrics >Affects Versions: 2.9.2 >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: mbeaninfobuilder.JPG > > > MBeanInfoBuilder's get() method DEBUG logs all the MBeanAttributeInfo > attributes that it gathered. This can have a high memory churn that can be > easily avoided. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16705) MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug log
[ https://issues.apache.org/jira/browse/HADOOP-16705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16973502#comment-16973502 ] Lukas Majercak commented on HADOOP-16705: - Build failed because it used the .jpg file -_- > MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug > log > > > Key: HADOOP-16705 > URL: https://issues.apache.org/jira/browse/HADOOP-16705 > Project: Hadoop Common > Issue Type: Improvement > Components: metrics >Affects Versions: 2.9.2 >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: mbeaninfobuilder.JPG > > > MBeanInfoBuilder's get() method DEBUG logs all the MBeanAttributeInfo > attributes that it gathered. This can have a high memory churn that can be > easily avoided. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Work started] (HADOOP-16705) MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug log
[ https://issues.apache.org/jira/browse/HADOOP-16705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on HADOOP-16705 started by Lukas Majercak. --- > MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug > log > > > Key: HADOOP-16705 > URL: https://issues.apache.org/jira/browse/HADOOP-16705 > Project: Hadoop Common > Issue Type: Improvement > Components: metrics >Affects Versions: 2.9.2 >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: mbeaninfobuilder.JPG > > > MBeanInfoBuilder's get() method DEBUG logs all the MBeanAttributeInfo > attributes that it gathered. This can have a high memory churn that can be > easily avoided. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16705) MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug log
[ https://issues.apache.org/jira/browse/HADOOP-16705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16705: Status: Patch Available (was: In Progress) > MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug > log > > > Key: HADOOP-16705 > URL: https://issues.apache.org/jira/browse/HADOOP-16705 > Project: Hadoop Common > Issue Type: Improvement > Components: metrics >Affects Versions: 2.9.2 >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: mbeaninfobuilder.JPG > > > MBeanInfoBuilder's get() method DEBUG logs all the MBeanAttributeInfo > attributes that it gathered. This can have a high memory churn that can be > easily avoided. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HADOOP-16705) MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug log
[ https://issues.apache.org/jira/browse/HADOOP-16705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16973448#comment-16973448 ] Lukas Majercak edited comment on HADOOP-16705 at 11/13/19 3:38 PM: --- Attached is a screenshot from a 5minute java flight recording (HDFS DataNode process). It shows that during these 5 minutes, more than 45GB of memory was created from {code:java} MbeanInfoBuilder.get() {code} was (Author: lukmajercak): Attached is a screenshot from a 5minute java flight recording. It shows that during these 5 minutes, more than 45GB of memory was created from {code:java} MbeanInfoBuilder.get() {code} > MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug > log > > > Key: HADOOP-16705 > URL: https://issues.apache.org/jira/browse/HADOOP-16705 > Project: Hadoop Common > Issue Type: Improvement > Components: metrics >Affects Versions: 2.9.2 >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: mbeaninfobuilder.JPG > > > MBeanInfoBuilder's get() method DEBUG logs all the MBeanAttributeInfo > attributes that it gathered. This can have a high memory churn that can be > easily avoided. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16705) MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug log
[ https://issues.apache.org/jira/browse/HADOOP-16705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16973448#comment-16973448 ] Lukas Majercak commented on HADOOP-16705: - Attached is a screenshot from a 5minute java flight recording. It shows that during these 5 minutes, more than 45GB of memory was created from {code:java} MbeanInfoBuilder.get() {code} > MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug > log > > > Key: HADOOP-16705 > URL: https://issues.apache.org/jira/browse/HADOOP-16705 > Project: Hadoop Common > Issue Type: Improvement > Components: metrics >Affects Versions: 2.9.2 >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: mbeaninfobuilder.JPG > > > MBeanInfoBuilder's get() method DEBUG logs all the MBeanAttributeInfo > attributes that it gathered. This can have a high memory churn that can be > easily avoided. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16705) MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug log
[ https://issues.apache.org/jira/browse/HADOOP-16705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16705: Attachment: mbeaninfobuilder.JPG > MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug > log > > > Key: HADOOP-16705 > URL: https://issues.apache.org/jira/browse/HADOOP-16705 > Project: Hadoop Common > Issue Type: Improvement > Components: metrics >Affects Versions: 2.9.2 >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: mbeaninfobuilder.JPG > > > MBeanInfoBuilder's get() method DEBUG logs all the MBeanAttributeInfo > attributes that it gathered. This can have a high memory churn that can be > easily avoided. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Created] (HADOOP-16705) MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug log
Lukas Majercak created HADOOP-16705: --- Summary: MBeanInfoBuilder puts unnecessary memory pressure on the system with a debug log Key: HADOOP-16705 URL: https://issues.apache.org/jira/browse/HADOOP-16705 Project: Hadoop Common Issue Type: Improvement Components: metrics Affects Versions: 2.9.2 Reporter: Lukas Majercak Assignee: Lukas Majercak MBeanInfoBuilder's get() method DEBUG logs all the MBeanAttributeInfo attributes that it gathered. This can have a high memory churn that can be easily avoided. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16680) Add MicrosoftGraphGroupsMapping GroupMappingServiceProvider
[ https://issues.apache.org/jira/browse/HADOOP-16680?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16680: Affects Version/s: 3.3.0 > Add MicrosoftGraphGroupsMapping GroupMappingServiceProvider > --- > > Key: HADOOP-16680 > URL: https://issues.apache.org/jira/browse/HADOOP-16680 > Project: Hadoop Common > Issue Type: New Feature >Affects Versions: 3.3.0 >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > > Add MicrosoftGraphGroupsMapping that uses > https://developer.microsoft.com/en-us/graph to retrieve user groups. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16680) Add MicrosoftGraphGroupsMapping GroupMappingServiceProvider
[ https://issues.apache.org/jira/browse/HADOOP-16680?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16680: Component/s: security common auth > Add MicrosoftGraphGroupsMapping GroupMappingServiceProvider > --- > > Key: HADOOP-16680 > URL: https://issues.apache.org/jira/browse/HADOOP-16680 > Project: Hadoop Common > Issue Type: New Feature > Components: auth, common, security >Affects Versions: 3.3.0 >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > > Add MicrosoftGraphGroupsMapping that uses > https://developer.microsoft.com/en-us/graph to retrieve user groups. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16680) Add MicrosoftGraphGroupsMapping GroupMappingServiceProvider
[ https://issues.apache.org/jira/browse/HADOOP-16680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16965135#comment-16965135 ] Lukas Majercak commented on HADOOP-16680: - Linked the PR, it will probably fail because of the okhttp changes needed from HADOOP-16679. > Add MicrosoftGraphGroupsMapping GroupMappingServiceProvider > --- > > Key: HADOOP-16680 > URL: https://issues.apache.org/jira/browse/HADOOP-16680 > Project: Hadoop Common > Issue Type: New Feature >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > > Add MicrosoftGraphGroupsMapping that uses > https://developer.microsoft.com/en-us/graph to retrieve user groups. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16680) Add MicrosoftGraphGroupsMapping GroupMappingServiceProvider
[ https://issues.apache.org/jira/browse/HADOOP-16680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16965109#comment-16965109 ] Lukas Majercak commented on HADOOP-16680: - Will add a PR momentarily. > Add MicrosoftGraphGroupsMapping GroupMappingServiceProvider > --- > > Key: HADOOP-16680 > URL: https://issues.apache.org/jira/browse/HADOOP-16680 > Project: Hadoop Common > Issue Type: New Feature >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > > Add MicrosoftGraphGroupsMapping that uses > https://developer.microsoft.com/en-us/graph to retrieve user groups. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16679) Switch to okhttp3
[ https://issues.apache.org/jira/browse/HADOOP-16679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16965108#comment-16965108 ] Lukas Majercak commented on HADOOP-16679: - [~elgoiri] I'm trying to add https://github.com/microsoftgraph/msgraph-sdk-java/ to be used for HADOOP-16680, but it uses okhttp3 which in turn uses the "okio" library. Our current okhttp uses okio version 1.6.0 whereas okhttp3 uses okio version 1.15.0, which causes the dependency convergence checks to fail. > Switch to okhttp3 > - > > Key: HADOOP-16679 > URL: https://issues.apache.org/jira/browse/HADOOP-16679 > Project: Hadoop Common > Issue Type: Improvement > Components: common, fs/azure >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > > Switch from okhttp 2.7.5 to 3.* -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Created] (HADOOP-16680) Add MicrosoftGraphGroupsMapping GroupMappingServiceProvider
Lukas Majercak created HADOOP-16680: --- Summary: Add MicrosoftGraphGroupsMapping GroupMappingServiceProvider Key: HADOOP-16680 URL: https://issues.apache.org/jira/browse/HADOOP-16680 Project: Hadoop Common Issue Type: New Feature Reporter: Lukas Majercak Assignee: Lukas Majercak Add MicrosoftGraphGroupsMapping that uses https://developer.microsoft.com/en-us/graph to retrieve user groups. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Created] (HADOOP-16679) Switch to okhttp3
Lukas Majercak created HADOOP-16679: --- Summary: Switch to okhttp3 Key: HADOOP-16679 URL: https://issues.apache.org/jira/browse/HADOOP-16679 Project: Hadoop Common Issue Type: Improvement Components: common, fs/azure Reporter: Lukas Majercak Assignee: Lukas Majercak Switch from okhttp 2.7.5 to 3.* -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16525) LDAP group mapping should include primary posix group
[ https://issues.apache.org/jira/browse/HADOOP-16525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16913628#comment-16913628 ] Lukas Majercak commented on HADOOP-16525: - Sorry, not familiar with LDAP internals. > LDAP group mapping should include primary posix group > - > > Key: HADOOP-16525 > URL: https://issues.apache.org/jira/browse/HADOOP-16525 > Project: Hadoop Common > Issue Type: Improvement >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Major > Attachments: hadoop-16525.txt > > > When configuring LdapGroupsMapping against FreeIPA, the current > implementation searches for groups which have the user listed as a member. > This catches all "secondary" groups but misses the user's primary group > (typically the same name as their username). We should include a search for a > group matching the user's primary gidNumber in the group search. -- This message was sent by Atlassian Jira (v8.3.2#803003) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15976) NameNode Performance degradation When Single LdapServer become a bottleneck in Ldap-based mapping module
[ https://issues.apache.org/jira/browse/HADOOP-15976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16868457#comment-16868457 ] Lukas Majercak commented on HADOOP-15976: - We do not use LDAP anymore, but this sounds reasonable. The only thing I'd say is that now LdapGroupsMapping has a failover feature, so you might wanna look into that too, maybe just override failover() function and return immediately. Anyway, this should be clearer once we have unit tests for this new MultiLdapGroupsMapping > NameNode Performance degradation When Single LdapServer become a bottleneck > in Ldap-based mapping module > -- > > Key: HADOOP-15976 > URL: https://issues.apache.org/jira/browse/HADOOP-15976 > Project: Hadoop Common > Issue Type: Improvement > Components: common >Affects Versions: 3.1.1 >Reporter: fengyongshe >Assignee: fengyongshe >Priority: Major > Attachments: HADOOP-15976.patch, image003(12-05-1(12-05-10-36-26).jpg > > > 2000+ nodes cluster, We use OpenLdap to manager users and groups . when > LdapGroupsMapping used , Group look-up cause segment fault include NameNode > Performance degradation & name node crashes . > WARN security.Groups: Potential performance problem: > getGroups(user=) took 46817 milliseconds. > INFO namenode.FSNamesysatem(FSNamesystemLoclk.java:writeUnlock(252))- > FSNameSystem write lock held for 46817 ms via java.lang.thread.getStackTrace > We Found the Ldap Server become the bottleneck for NN operations, Single Ldap > Server only support hundred request per seconds > ps. The Server was running nslcd -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16773447#comment-16773447 ] Lukas Majercak commented on HADOOP-16125: - Thanks [~elgoiri]. I've added patch 004 with a small change: changing the log message in switchBindUser to only show the exception message rather than the full stack trace. > Support multiple bind users in LdapGroupsMapping > > > Key: HADOOP-16125 > URL: https://issues.apache.org/jira/browse/HADOOP-16125 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-16125.001.patch, HADOOP-16125.002.patch, > HADOOP-16125.003.patch, HADOOP-16125.004.patch > > > Currently, LdapGroupsMapping supports only a single user to bind to when > connecting to LDAP. This can be problematic if such user's password needs to > be reset. > The proposal is to support multiple such users and switch between them if > necessary, more info in GroupsMapping.md / core-default.xml in the patches. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16125: Attachment: HADOOP-16125.004.patch > Support multiple bind users in LdapGroupsMapping > > > Key: HADOOP-16125 > URL: https://issues.apache.org/jira/browse/HADOOP-16125 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-16125.001.patch, HADOOP-16125.002.patch, > HADOOP-16125.003.patch, HADOOP-16125.004.patch > > > Currently, LdapGroupsMapping supports only a single user to bind to when > connecting to LDAP. This can be problematic if such user's password needs to > be reset. > The proposal is to support multiple such users and switch between them if > necessary, more info in GroupsMapping.md / core-default.xml in the patches. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772418#comment-16772418 ] Lukas Majercak commented on HADOOP-16125: - Patch003 to fix findbugs/checkstyle/whitespace. > Support multiple bind users in LdapGroupsMapping > > > Key: HADOOP-16125 > URL: https://issues.apache.org/jira/browse/HADOOP-16125 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-16125.001.patch, HADOOP-16125.002.patch, > HADOOP-16125.003.patch > > > Currently, LdapGroupsMapping supports only a single user to bind to when > connecting to LDAP. This can be problematic if such user's password needs to > be reset. > The proposal is to support multiple such users and switch between them if > necessary, more info in GroupsMapping.md / core-default.xml in the patches. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16125: Attachment: HADOOP-16125.003.patch > Support multiple bind users in LdapGroupsMapping > > > Key: HADOOP-16125 > URL: https://issues.apache.org/jira/browse/HADOOP-16125 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-16125.001.patch, HADOOP-16125.002.patch, > HADOOP-16125.003.patch > > > Currently, LdapGroupsMapping supports only a single user to bind to when > connecting to LDAP. This can be problematic if such user's password needs to > be reset. > The proposal is to support multiple such users and switch between them if > necessary, more info in GroupsMapping.md / core-default.xml in the patches. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16125: Attachment: HADOOP-16125.002.patch > Support multiple bind users in LdapGroupsMapping > > > Key: HADOOP-16125 > URL: https://issues.apache.org/jira/browse/HADOOP-16125 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-16125.001.patch, HADOOP-16125.002.patch > > > Currently, LdapGroupsMapping supports only a single user to bind to when > connecting to LDAP. This can be problematic if such user's password needs to > be reset. > The proposal is to support multiple such users and switch between them if > necessary, more info in GroupsMapping.md / core-default.xml in the patches. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16772330#comment-16772330 ] Lukas Majercak commented on HADOOP-16125: - Add DummyLdapCtxFactory.reset() in patch002. > Support multiple bind users in LdapGroupsMapping > > > Key: HADOOP-16125 > URL: https://issues.apache.org/jira/browse/HADOOP-16125 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-16125.001.patch, HADOOP-16125.002.patch > > > Currently, LdapGroupsMapping supports only a single user to bind to when > connecting to LDAP. This can be problematic if such user's password needs to > be reset. > The proposal is to support multiple such users and switch between them if > necessary, more info in GroupsMapping.md / core-default.xml in the patches. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16125: Status: Patch Available (was: In Progress) > Support multiple bind users in LdapGroupsMapping > > > Key: HADOOP-16125 > URL: https://issues.apache.org/jira/browse/HADOOP-16125 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-16125.001.patch > > > Currently, LdapGroupsMapping supports only a single user to bind to when > connecting to LDAP. This can be problematic if such user's password needs to > be reset. > The proposal is to support multiple such users and switch between them if > necessary, more info in GroupsMapping.md / core-default.xml in the patches. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16125: Attachment: HADOOP-16125.001.patch > Support multiple bind users in LdapGroupsMapping > > > Key: HADOOP-16125 > URL: https://issues.apache.org/jira/browse/HADOOP-16125 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-16125.001.patch > > > Currently, LdapGroupsMapping supports only a single user to bind to when > connecting to LDAP. This can be problematic if such user's password needs to > be reset. > The proposal is to support multiple such users and switch between them if > necessary, more info in GroupsMapping.md / core-default.xml in the patches. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Work started] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on HADOOP-16125 started by Lukas Majercak. --- > Support multiple bind users in LdapGroupsMapping > > > Key: HADOOP-16125 > URL: https://issues.apache.org/jira/browse/HADOOP-16125 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-16125.001.patch > > > Currently, LdapGroupsMapping supports only a single user to bind to when > connecting to LDAP. This can be problematic if such user's password needs to > be reset. > The proposal is to support multiple such users and switch between them if > necessary, more info in GroupsMapping.md / core-default.xml in the patches. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-16125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16125: Description: Currently, LdapGroupsMapping supports only a single user to bind to when connecting to LDAP. This can be problematic if such user's password needs to be reset. The proposal is to support multiple such users and switch between them if necessary, more info in GroupsMapping.md / core-default.xml in the patches. > Support multiple bind users in LdapGroupsMapping > > > Key: HADOOP-16125 > URL: https://issues.apache.org/jira/browse/HADOOP-16125 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > > Currently, LdapGroupsMapping supports only a single user to bind to when > connecting to LDAP. This can be problematic if such user's password needs to > be reset. > The proposal is to support multiple such users and switch between them if > necessary, more info in GroupsMapping.md / core-default.xml in the patches. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Created] (HADOOP-16125) Support multiple bind users in LdapGroupsMapping
Lukas Majercak created HADOOP-16125: --- Summary: Support multiple bind users in LdapGroupsMapping Key: HADOOP-16125 URL: https://issues.apache.org/jira/browse/HADOOP-16125 Project: Hadoop Common Issue Type: New Feature Components: common, security Reporter: Lukas Majercak Assignee: Lukas Majercak -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16045) Don't run TestDU on Windows
[ https://issues.apache.org/jira/browse/HADOOP-16045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16742457#comment-16742457 ] Lukas Majercak commented on HADOOP-16045: - Thanks [~elgoiri]. We'd need to backport HADOOP-14729 for this to be applicable to branch-2, but I don't think that's necessary. > Don't run TestDU on Windows > --- > > Key: HADOOP-16045 > URL: https://issues.apache.org/jira/browse/HADOOP-16045 > Project: Hadoop Common > Issue Type: Sub-task > Components: common, test >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Trivial > Fix For: 3.0.4, 3.3.0, 3.2.1, 3.1.3 > > Attachments: HADOOP-16045.001.patch > > > DU is not supported on Windows, ignore the test. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16045) Don't run TestDU on Windows
[ https://issues.apache.org/jira/browse/HADOOP-16045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16045: Status: Patch Available (was: Open) > Don't run TestDU on Windows > --- > > Key: HADOOP-16045 > URL: https://issues.apache.org/jira/browse/HADOOP-16045 > Project: Hadoop Common > Issue Type: Bug > Components: common, test >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Trivial > Attachments: HADOOP-16045.001.patch > > > DU is not supported on Windows, ignore the test. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16045) Don't run TestDU on Windows
[ https://issues.apache.org/jira/browse/HADOOP-16045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16740899#comment-16740899 ] Lukas Majercak commented on HADOOP-16045: - Windows uses WindowsGetSpaceUsed > Don't run TestDU on Windows > --- > > Key: HADOOP-16045 > URL: https://issues.apache.org/jira/browse/HADOOP-16045 > Project: Hadoop Common > Issue Type: Sub-task > Components: common, test >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Trivial > Attachments: HADOOP-16045.001.patch > > > DU is not supported on Windows, ignore the test. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-16045) Don't run TestDU on Windows
[ https://issues.apache.org/jira/browse/HADOOP-16045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16740897#comment-16740897 ] Lukas Majercak commented on HADOOP-16045: - DU line 72 > Don't run TestDU on Windows > --- > > Key: HADOOP-16045 > URL: https://issues.apache.org/jira/browse/HADOOP-16045 > Project: Hadoop Common > Issue Type: Sub-task > Components: common, test >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Trivial > Attachments: HADOOP-16045.001.patch > > > DU is not supported on Windows, ignore the test. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Created] (HADOOP-16045) Don't run TestDU on Windows
Lukas Majercak created HADOOP-16045: --- Summary: Don't run TestDU on Windows Key: HADOOP-16045 URL: https://issues.apache.org/jira/browse/HADOOP-16045 Project: Hadoop Common Issue Type: Bug Components: common, test Reporter: Lukas Majercak Assignee: Lukas Majercak DU is not supported on Windows, ignore the test. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16045) Don't run TestDU on Windows
[ https://issues.apache.org/jira/browse/HADOOP-16045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-16045: Attachment: HADOOP-16045.001.patch > Don't run TestDU on Windows > --- > > Key: HADOOP-16045 > URL: https://issues.apache.org/jira/browse/HADOOP-16045 > Project: Hadoop Common > Issue Type: Bug > Components: common, test >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Trivial > Attachments: HADOOP-16045.001.patch > > > DU is not supported on Windows, ignore the test. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16718330#comment-16718330 ] Lukas Majercak commented on HADOOP-15995: - I changed it from conf to config because checkstyle was complaining about hiding a filed (the LdapGroupMapping's member variable named "conf" as well). > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch, > HADOOP-15995.006.patch, HADOOP-15995.007.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16718330#comment-16718330 ] Lukas Majercak edited comment on HADOOP-15995 at 12/12/18 1:24 AM: --- I changed it from conf to config because checkstyle was complaining about hiding a field (the LdapGroupMapping's member variable named "conf" as well). was (Author: lukmajercak): I changed it from conf to config because checkstyle was complaining about hiding a filed (the LdapGroupMapping's member variable named "conf" as well). > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch, > HADOOP-15995.006.patch, HADOOP-15995.007.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16718330#comment-16718330 ] Lukas Majercak edited comment on HADOOP-15995 at 12/12/18 1:25 AM: --- Thanks! I changed it from conf to config because checkstyle was complaining about hiding a field (the LdapGroupMapping's member variable named "conf" as well). was (Author: lukmajercak): I changed it from conf to config because checkstyle was complaining about hiding a field (the LdapGroupMapping's member variable named "conf" as well). > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch, > HADOOP-15995.006.patch, HADOOP-15995.007.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16718272#comment-16718272 ] Lukas Majercak commented on HADOOP-15995: - I agree some of the configs from LDAPGroupsMapping lack documentation. We can create a separate JIRA to track it. > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch, > HADOOP-15995.006.patch, HADOOP-15995.007.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16718005#comment-16718005 ] Lukas Majercak commented on HADOOP-15995: - Patch007 changes to use testConfGetPasswordUsingAlias in TestLdapGroupsMapping.testConfGetPasswordUsingAlias to avoid javac warnings > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch, > HADOOP-15995.006.patch, HADOOP-15995.007.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Attachment: HADOOP-15995.007.patch > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch, > HADOOP-15995.006.patch, HADOOP-15995.007.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16717950#comment-16717950 ] Lukas Majercak commented on HADOOP-15995: - [~lmccay], does the latest patch look good to you? Thanks! > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch, > HADOOP-15995.006.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Attachment: HADOOP-15995.006.patch > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch, > HADOOP-15995.006.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16717867#comment-16717867 ] Lukas Majercak commented on HADOOP-15995: - I changed to getPasswordFromCredentialProviders for the alias approach, left the others the same. > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch, > HADOOP-15995.006.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Attachment: HADOOP-15995.005.patch > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16717767#comment-16717767 ] Lukas Majercak commented on HADOOP-15995: - Thanks [~elgoiri]. I fixed the style issue in the test. For the deprecated method. I don't really know why this was deprecated, since we still used it. Also, the comment says to use getPasswordFromCredentialProviders, but conf.getPassword interally uses just that, so I don't know what the big deal is and personally would just remove the Deprecated annotation. It's not even like it's a primary api of the class, it's just a utility method for getting the password. > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch, HADOOP-15995.005.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16715795#comment-16715795 ] Lukas Majercak commented on HADOOP-15995: - For some reason, yetus still picked patch002. > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Attachment: HADOOP-15995.004.patch > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Status: Patch Available (was: Open) > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Status: Open (was: Patch Available) > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16715772#comment-16715772 ] Lukas Majercak commented on HADOOP-15995: - Another checkstyle issue fixed in patch004. > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch, HADOOP-15995.004.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Attachment: HADOOP-15995.003.patch > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16715707#comment-16715707 ] Lukas Majercak commented on HADOOP-15995: - Patch 003 to fix the checkstyle issue. > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch, > HADOOP-15995.003.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) LdapGroupsMapping should use the bind.password config value as credential alias
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Attachment: HADOOP-15995.002.patch > LdapGroupsMapping should use the bind.password config value as credential > alias > --- > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. The proposal is to use the value of the property > instead, which would fix this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Attachment: HADOOP-15995.002.patch > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Attachment: (was: HADOOP-15995.002.patch) > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Description: Currently, the property name hadoop.security.group.mapping.ldap.bind.password is used as an alias to get password from CredentialProviders. This has a big issue, which is that when we configure multiple LdapGroupsMapping providers through CompositeGroupsMapping, they will all have the same alias, and won't be able to be distinguished. (was: Currently, the property name hadoop.security.group.mapping.ldap.bind.password is used as an alias to get password from CredentialProviders. This has a big issue, which is that when we configure multiple LdapGroupsMapping providers through CompositeGroupsMapping, they will all have the same alias, and won't be able to be distinguished. The proposal is to use the value of the property instead, which would fix this issue.) > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Summary: Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when using multiple providers through CompositeGroupsMapping (was: LdapGroupsMapping should use the bind.password config value as credential alias) > Add ldap.bind.password.alias in LdapGroupsMapping to distinguish aliases when > using multiple providers through CompositeGroupsMapping > - > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. The proposal is to use the value of the property > instead, which would fix this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) LdapGroupsMapping should use the bind.password config value as credential alias
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16715614#comment-16715614 ] Lukas Majercak commented on HADOOP-15995: - Added .ldap.bind.password.alias in patch002. > LdapGroupsMapping should use the bind.password config value as credential > alias > --- > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch, HADOOP-15995.002.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. The proposal is to use the value of the property > instead, which would fix this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) LdapGroupsMapping should use the bind.password config value as credential alias
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16715570#comment-16715570 ] Lukas Majercak commented on HADOOP-15995: - I guess we could add a "ldap.bind.password.alias" configuration, and try that first, if we don't find anything we just fallback to the current version? > LdapGroupsMapping should use the bind.password config value as credential > alias > --- > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. The proposal is to use the value of the property > instead, which would fix this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) LdapGroupsMapping should use the bind.password config value as credential alias
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16715569#comment-16715569 ] Lukas Majercak commented on HADOOP-15995: - Mm, not sure about adding a new property, as the password management is already quite convoluted in the ldapgroupsmapping. For your second suggestion, we would need to change the logic in CompositeGroupsMapping, as it currently creates a copy of the config and populates the needed configuration keys and stripping the provider name. > LdapGroupsMapping should use the bind.password config value as credential > alias > --- > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. The proposal is to use the value of the property > instead, which would fix this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) LdapGroupsMapping should use the bind.password config value as credential alias
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Assignee: Lukas Majercak Status: Patch Available (was: Open) > LdapGroupsMapping should use the bind.password config value as credential > alias > --- > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15995) LdapGroupsMapping should use the bind.password config value as credential alias
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16715554#comment-16715554 ] Lukas Majercak commented on HADOOP-15995: - Thanks for the quick comment [~lmccay]. Say i have two providers: hadoop.security.group.mapping=org.apache.hadoop.security.CompositeGroupsMapping hadoop.security.group.mapping.providers=a,b hadoop.security.group.mapping.provider.a=org.apache.hadoop.security.LdapGroupsMapping hadoop.security.group.mapping.provider.b=org.apache.hadoop.security.LdapGroupsMapping hadoop.security.group.mapping.provider.a.ldap.bind.password=foo hadoop.security.group.mapping.provider.b.ldap.bind.password=bar Both providers will use "hadoop.security.group.mapping.provider.ldap.bind.password" as the alias to get password from config. i.e. they won't be distinguishable. > LdapGroupsMapping should use the bind.password config value as credential > alias > --- > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. The proposal is to use the value of the property > instead, which would fix this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) LdapGroupsMapping should use the bind.password config value as credential alias
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Description: Currently, the property name hadoop.security.group.mapping.ldap.bind.password is used as an alias to get password from CredentialProviders. This has a big issue, which is that when we configure multiple LdapGroupsMapping providers through CompositeGroupsMapping, they will all have the same alias, and won't be able to be distinguished. The proposal is to use the value of the property instead, which would fix this issue. > LdapGroupsMapping should use the bind.password config value as credential > alias > --- > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch > > > Currently, the property name hadoop.security.group.mapping.ldap.bind.password > is used as an alias to get password from CredentialProviders. This has a big > issue, which is that when we configure multiple LdapGroupsMapping providers > through CompositeGroupsMapping, they will all have the same alias, and won't > be able to be distinguished. The proposal is to use the value of the property > instead, which would fix this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15995) LdapGroupsMapping should use the bind.password config value as credential alias
[ https://issues.apache.org/jira/browse/HADOOP-15995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15995: Attachment: HADOOP-15995.001.patch > LdapGroupsMapping should use the bind.password config value as credential > alias > --- > > Key: HADOOP-15995 > URL: https://issues.apache.org/jira/browse/HADOOP-15995 > Project: Hadoop Common > Issue Type: Bug > Components: common >Reporter: Lukas Majercak >Priority: Major > Attachments: HADOOP-15995.001.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Created] (HADOOP-15995) LdapGroupsMapping should use the bind.password config value as credential alias
Lukas Majercak created HADOOP-15995: --- Summary: LdapGroupsMapping should use the bind.password config value as credential alias Key: HADOOP-15995 URL: https://issues.apache.org/jira/browse/HADOOP-15995 Project: Hadoop Common Issue Type: Bug Components: common Reporter: Lukas Majercak -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.011.branch-2.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Fix For: 2.10.0, 3.0.4, 3.3.0, 3.2.1, 2.9.3, 3.1.3 > > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch, HADOOP-15950.007.patch, HADOOP-15950.008.patch, > HADOOP-15950.009.patch, HADOOP-15950.010.patch, > HADOOP-15950.011.branch-2.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16707807#comment-16707807 ] Lukas Majercak commented on HADOOP-15950: - Posted patch 011 to change ldapUrls in TestLdapGroupsMappingWithFailover.testFailover to be final. > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Fix For: 2.10.0, 3.0.4, 3.3.0, 3.2.1, 2.9.3, 3.1.3 > > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch, HADOOP-15950.007.patch, HADOOP-15950.008.patch, > HADOOP-15950.009.patch, HADOOP-15950.010.patch, HADOOP-15950.011.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.011.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Fix For: 2.10.0, 3.0.4, 3.3.0, 3.2.1, 2.9.3, 3.1.3 > > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch, HADOOP-15950.007.patch, HADOOP-15950.008.patch, > HADOOP-15950.009.patch, HADOOP-15950.010.patch, HADOOP-15950.011.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.010.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch, HADOOP-15950.007.patch, HADOOP-15950.008.patch, > HADOOP-15950.009.patch, HADOOP-15950.010.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.009.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch, HADOOP-15950.007.patch, HADOOP-15950.008.patch, > HADOOP-15950.009.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16705372#comment-16705372 ] Lukas Majercak commented on HADOOP-15950: - Thanks [~jojochuang], I added currentLdapUrl to the log message. > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch, HADOOP-15950.007.patch, HADOOP-15950.008.patch, > HADOOP-15950.009.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.008.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch, HADOOP-15950.007.patch, HADOOP-15950.008.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.007.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch, HADOOP-15950.007.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16705129#comment-16705129 ] Lukas Majercak commented on HADOOP-15950: - Thanks [~elgoiri]. Added patch 007 with these changes. > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch, HADOOP-15950.007.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.006.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16704104#comment-16704104 ] Lukas Majercak commented on HADOOP-15950: - Added patch006 with changes to GroupsMapping.md and core-default.xml. Could you review this [~jojochuang]? Thanks! > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch, > HADOOP-15950.006.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16702485#comment-16702485 ] Lukas Majercak commented on HADOOP-15950: - Thanks [~elgoiri] and [~jojochuang] for looking into this. I added patch005 to address Inigo's comments. For the documentation, I'm aware of this, expect a patch soon. > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.005.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch, HADOOP-15950.005.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.004.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16699751#comment-16699751 ] Lukas Majercak commented on HADOOP-15950: - Patch 004 to fix the unit test + checkstyle. > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch, HADOOP-15950.004.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.003.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16699663#comment-16699663 ] Lukas Majercak commented on HADOOP-15950: - + [~liuml07], [~cnauroth], [~jojochuang], [~shwethags], [~jnpandey]. I've seen you guys contributed to this part of the codebase, anyone available to review/provide feedback? Thanks! > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15951) LdapGroupsMapping should distinguish between retryable/nonretryable LDAP exceptions
[ https://issues.apache.org/jira/browse/HADOOP-15951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15951: Description: Currently, LdapGroupsMapping.doGetGroups catches a very generic NamingException and retries no matter what the actual root cause is. In a lot of cases, for example when the actual exception is NameNotFoundException, retrying will be pointless. The proposal is to distinguish between retryable (e.g. CommunicationException) and non-retryable LDAP exceptions (such as InvalidAttributesException). > LdapGroupsMapping should distinguish between retryable/nonretryable LDAP > exceptions > --- > > Key: HADOOP-15951 > URL: https://issues.apache.org/jira/browse/HADOOP-15951 > Project: Hadoop Common > Issue Type: Improvement >Reporter: Lukas Majercak >Priority: Major > > Currently, LdapGroupsMapping.doGetGroups catches a very generic > NamingException and retries no matter what the actual root cause is. In a lot > of cases, for example when the actual exception is NameNotFoundException, > retrying will be pointless. > The proposal is to distinguish between retryable (e.g. > CommunicationException) and non-retryable LDAP exceptions (such as > InvalidAttributesException). -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16699658#comment-16699658 ] Lukas Majercak commented on HADOOP-15950: - Will add documentation for the new configurations next. Would appreciate feedback on this so far. > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16699656#comment-16699656 ] Lukas Majercak commented on HADOOP-15950: - The patch also includes a bunch of cleanup in the code (exceptions that are not thrown etc). I thought about making a separate JIRA for this, but then thought that would just create problems when moving these changes across branches. > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.002.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16699654#comment-16699654 ] Lukas Majercak commented on HADOOP-15950: - Added patch003 to refactor LdapGroupsMapping.ldapUrls member variable. (removed reference to the list and kept the iterator only). > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch, > HADOOP-15950.003.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16699650#comment-16699650 ] Lukas Majercak commented on HADOOP-15950: - Added patch002 to rename "retry" to "attempt", which makes things clearer imho. > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch, HADOOP-15950.002.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Created] (HADOOP-15951) LdapGroupsMapping should distinguish between retryable/nonretryable LDAP exceptions
Lukas Majercak created HADOOP-15951: --- Summary: LdapGroupsMapping should distinguish between retryable/nonretryable LDAP exceptions Key: HADOOP-15951 URL: https://issues.apache.org/jira/browse/HADOOP-15951 Project: Hadoop Common Issue Type: Improvement Reporter: Lukas Majercak -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16699643#comment-16699643 ] Lukas Majercak commented on HADOOP-15950: - Added patch001 with the implementation. This still needs documentation to be updated. > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Status: Patch Available (was: In Progress) > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Work started] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on HADOOP-15950 started by Lukas Majercak. --- > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Attachment: HADOOP-15950.001.patch > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15950.001.patch > > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15950) Failover for LdapGroupsMapping
[ https://issues.apache.org/jira/browse/HADOOP-15950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15950: Description: Currently, LdapGroupsMapping supports only a single ldap server url, this can obviously cause issues if the ldap instance goes down. This JIRA attempts to improve this by allowing users to list multiple ldap server urls, and performing a failover if we detect any issues. > Failover for LdapGroupsMapping > -- > > Key: HADOOP-15950 > URL: https://issues.apache.org/jira/browse/HADOOP-15950 > Project: Hadoop Common > Issue Type: New Feature > Components: common, security >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > > Currently, LdapGroupsMapping supports only a single ldap server url, this can > obviously cause issues if the ldap instance goes down. This JIRA attempts to > improve this by allowing users to list multiple ldap server urls, and > performing a failover if we detect any issues. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Created] (HADOOP-15950) Failover for LdapGroupsMapping
Lukas Majercak created HADOOP-15950: --- Summary: Failover for LdapGroupsMapping Key: HADOOP-15950 URL: https://issues.apache.org/jira/browse/HADOOP-15950 Project: Hadoop Common Issue Type: New Feature Components: common, security Reporter: Lukas Majercak Assignee: Lukas Majercak -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15684) triggerActiveLogRoll stuck on dead name node, when ConnectTimeoutException happens.
[ https://issues.apache.org/jira/browse/HADOOP-15684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16611060#comment-16611060 ] Lukas Majercak commented on HADOOP-15684: - patch004 LGTM. Thanks [~trjianjianjiao] > triggerActiveLogRoll stuck on dead name node, when ConnectTimeoutException > happens. > > > Key: HADOOP-15684 > URL: https://issues.apache.org/jira/browse/HADOOP-15684 > Project: Hadoop Common > Issue Type: Bug > Components: ha >Affects Versions: 3.0.0-alpha1 >Reporter: Rong Tang >Assignee: Rong Tang >Priority: Critical > Attachments: > 0001-RollEditLog-try-next-NN-when-exception-happens.patch, > HADOOP-15684.000.patch, HADOOP-15684.001.patch, HADOOP-15684.002.patch, > HADOOP-15684.003.patch, HADOOP-15684.004.patch, > hadoop--rollingUpgrade-SourceMachine001.log > > > When name node call triggerActiveLogRoll, and the cachedActiveProxy is a dead > name node, it will throws a ConnectTimeoutException, expected behavior is to > try next NN, but current logic doesn't do so, instead, it keeps trying the > dead, mistakenly take it as active. > > 2018-08-17 10:02:12,001 WARN [Edit log tailer] > org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer: Unable to trigger a > roll of the active NN > org.apache.hadoop.net.ConnectTimeoutException: Call From > SourceMachine001/SourceIP to001 TargetMachine001.ap.gbl:8020 failed on socket > timeout exception: org.apache.hadoop.net.ConnectTimeoutException: 2 > millis timeout > org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer$2.doWork(EditLogTailer.java:298) > > C:\Users\rotang>ping TargetMachine001 > Pinging TargetMachine001[TargetIP001] with 32 bytes of data: > Request timed out. > Request timed out. > Request timed out. > Request timed out. > Attachment is a log file saying how it repeatedly retries a dead name node, > and a fix patch. > I replaced the actual machine name/ip as SourceMachine001/SourceIP001 and > TargetMachine001/TargetIP001. > > How to Repro: > In a good running NNs, take down the active NN (don't let it come back during > test), and then the stand by NNs will keep trying dead (old active) NN, > because it is the cached one. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-10219) ipc.Client.setupIOstreams() needs to check for ClientCache.stopClient requested shutdowns
[ https://issues.apache.org/jira/browse/HADOOP-10219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16603448#comment-16603448 ] Lukas Majercak commented on HADOOP-10219: - Thanks for spending time on this [~ste...@apache.org] and merging it. Added a branch-2 patch. > ipc.Client.setupIOstreams() needs to check for ClientCache.stopClient > requested shutdowns > -- > > Key: HADOOP-10219 > URL: https://issues.apache.org/jira/browse/HADOOP-10219 > Project: Hadoop Common > Issue Type: Bug > Components: ipc >Affects Versions: 2.2.0, 2.6.0 >Reporter: Steve Loughran >Assignee: Kihwal Lee >Priority: Major > Fix For: 3.2.0, 3.1.2 > > Attachments: HADOOP-10219-branch-2.000.patch, HADOOP-10219.patch, > HADOOP-10219.v1.patch, HADOOP-10219.v2.patch, HADOOP-10219.v3.patch, > HADOOP-10219.v4.patch > > > When {{ClientCache.stopClient()}} is called to stop the IPC client, if the > client > is blocked spinning due to a connectivity problem, it does not exit until > the policy has timed out -so the stopClient() operation can hang for an > extended period of time. > This can surface in the shutdown hook of FileSystem.cache.closeAll() > Also, Client.stop() is for used in NN switch from Standby to Active, and can > therefore have very bad consequences and cause downtime. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-10219) ipc.Client.setupIOstreams() needs to check for ClientCache.stopClient requested shutdowns
[ https://issues.apache.org/jira/browse/HADOOP-10219?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-10219: Attachment: HADOOP-10219-branch-2.000.patch > ipc.Client.setupIOstreams() needs to check for ClientCache.stopClient > requested shutdowns > -- > > Key: HADOOP-10219 > URL: https://issues.apache.org/jira/browse/HADOOP-10219 > Project: Hadoop Common > Issue Type: Bug > Components: ipc >Affects Versions: 2.2.0, 2.6.0 >Reporter: Steve Loughran >Assignee: Kihwal Lee >Priority: Major > Fix For: 3.2.0, 3.1.2 > > Attachments: HADOOP-10219-branch-2.000.patch, HADOOP-10219.patch, > HADOOP-10219.v1.patch, HADOOP-10219.v2.patch, HADOOP-10219.v3.patch, > HADOOP-10219.v4.patch > > > When {{ClientCache.stopClient()}} is called to stop the IPC client, if the > client > is blocked spinning due to a connectivity problem, it does not exit until > the policy has timed out -so the stopClient() operation can hang for an > extended period of time. > This can surface in the shutdown hook of FileSystem.cache.closeAll() > Also, Client.stop() is for used in NN switch from Standby to Active, and can > therefore have very bad consequences and cause downtime. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-15707) Add IsActiveServlet to be used for Load Balancers
[ https://issues.apache.org/jira/browse/HADOOP-15707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukas Majercak updated HADOOP-15707: Attachment: HADOOP-15707.004.patch > Add IsActiveServlet to be used for Load Balancers > - > > Key: HADOOP-15707 > URL: https://issues.apache.org/jira/browse/HADOOP-15707 > Project: Hadoop Common > Issue Type: New Feature > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15707.000.patch, HADOOP-15707.001.patch, > HADOOP-15707.002.patch, HADOOP-15707.003.patch, HADOOP-15707.004.patch > > > Hadoop has a few services with HA setups and it is common to set them behind > Load Balancers. > We should add a way for the Load Balancers to understand what should be the > UI to show. > For example, the standby RM just redirects the requests to the active RM. > However, if both RMs are behind a Load Balancer the IP might not be reachable. > Most Load balancers have probes to check if a server reports HTTP code 200: > * > [Azure|https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview] > * > [AWS|https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html] > Components in Hadoop (e.g., NN, RM, Router,...) should have a unified way to > report if they are active. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-15707) Add IsActiveServlet to be used for Load Balancers
[ https://issues.apache.org/jira/browse/HADOOP-15707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16603440#comment-16603440 ] Lukas Majercak commented on HADOOP-15707: - Patch004 to fix checkstyle > Add IsActiveServlet to be used for Load Balancers > - > > Key: HADOOP-15707 > URL: https://issues.apache.org/jira/browse/HADOOP-15707 > Project: Hadoop Common > Issue Type: New Feature > Components: common >Reporter: Lukas Majercak >Assignee: Lukas Majercak >Priority: Major > Attachments: HADOOP-15707.000.patch, HADOOP-15707.001.patch, > HADOOP-15707.002.patch, HADOOP-15707.003.patch, HADOOP-15707.004.patch > > > Hadoop has a few services with HA setups and it is common to set them behind > Load Balancers. > We should add a way for the Load Balancers to understand what should be the > UI to show. > For example, the standby RM just redirects the requests to the active RM. > However, if both RMs are behind a Load Balancer the IP might not be reachable. > Most Load balancers have probes to check if a server reports HTTP code 200: > * > [Azure|https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview] > * > [AWS|https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html] > Components in Hadoop (e.g., NN, RM, Router,...) should have a unified way to > report if they are active. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org