[jira] [Comment Edited] (HDFS-9254) HDFS Secure Mode Documentation updates

Arpit Agarwal (JIRA) Fri, 23 Oct 2015 09:42:06 -0700

    [ 
https://issues.apache.org/jira/browse/HDFS-9254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14971312#comment-14971312
 ]


Arpit Agarwal edited comment on HDFS-9254 at 10/23/15 4:37 PM:
---------------------------------------------------------------

So yes it looks like at least the {{SaslRpcClient}} doesn't like principals 
without a host component.

{code}
192.168.56.80:8485: Failed on local exception: java.io.IOException: 
java.lang.IllegalArgumentException: Kerberos principal name does NOT have the 
expected hostname part: j...@example.com; Host Details : local host is: 
"cm0.example.com/192.168.56.80"; destination host is: "cm0.example.com":8485;
        at 
org.apache.hadoop.hdfs.qjournal.client.QuorumException.create(QuorumException.java:81)
        at 
org.apache.hadoop.hdfs.qjournal.client.QuorumCall.rethrowException(QuorumCall.java:223)
        at 
org.apache.hadoop.hdfs.qjournal.client.QuorumJournalManager.hasSomeData(QuorumJournalManager.java:232)
        at 
org.apache.hadoop.hdfs.server.common.Storage.confirmFormat(Storage.java:899)
{code}

Whereas SecurityUtil handles them fine. We should be consistent. I'll file a 
separate bug to fix the {{SaslRpcClient}}, and any other components I run into, 
but also update the doc patch for now. Thanks for the catch.


was (Author: arpitagarwal):
So yes it looks like at least the Journal Node doesn't like principals without 
a host component.

{code}
192.168.56.80:8485: Failed on local exception: java.io.IOException: 
java.lang.IllegalArgumentException: Kerberos principal name does NOT have the 
expected hostname part: j...@example.com; Host Details : local host is: 
"cm0.example.com/192.168.56.80"; destination host is: "cm0.example.com":8485;
        at 
org.apache.hadoop.hdfs.qjournal.client.QuorumException.create(QuorumException.java:81)
        at 
org.apache.hadoop.hdfs.qjournal.client.QuorumCall.rethrowException(QuorumCall.java:223)
        at 
org.apache.hadoop.hdfs.qjournal.client.QuorumJournalManager.hasSomeData(QuorumJournalManager.java:232)
        at 
org.apache.hadoop.hdfs.server.common.Storage.confirmFormat(Storage.java:899)
{code}

Whereas SecurityUtil handles them fine. We should be consistent. I'll file a 
separate bug to fix the JN, and any other components I run into, but also 
update the doc patch for now. Thanks for the catch.

> HDFS Secure Mode Documentation updates
> --------------------------------------
>
>                 Key: HDFS-9254
>                 URL: https://issues.apache.org/jira/browse/HDFS-9254
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: documentation
>    Affects Versions: 2.7.1
>            Reporter: Arpit Agarwal
>            Assignee: Arpit Agarwal
>         Attachments: HDFS-9254.01.patch
>
>
> Some Kerberos configuration parameters are not documented well enough. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Comment Edited] (HDFS-9254) HDFS Secure Mode Documentation updates

Reply via email to