[
https://issues.apache.org/jira/browse/HDDS-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015945#comment-17015945
]
Marton Elek commented on HDDS-2891:
---
Multipart upload is not working in secure environment as the
OzoneClientProducer might create the the OzoneClient *after* executing the
HeaderPreprocessor filter. HeaderPreprocessor modifies the header and the AWS
signature check is not possible after executing this filter. It should be done
before.
> Apache NiFi PutFile processor is failing with secure Ozone S3G
> --
>
> Key: HDDS-2891
> URL: https://issues.apache.org/jira/browse/HDDS-2891
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
>Reporter: Marton Elek
>Priority: Major
>
>
> (1) Create a simple PutS3Object processor in NiFi
> (2) The request from NiFi to S3g will fail with HTTP 500
> (3) The exception in the s3g log:
>
> {code:java}
> s3g_1 | Caused by: java.io.IOException: Couldn't create RpcClient
> protocol
> s3g_1 | at
> org.apache.hadoop.ozone.client.OzoneClientFactory.getClientProtocol(OzoneClientFactory.java:197)
> s3g_1 | at
> org.apache.hadoop.ozone.client.OzoneClientFactory.getClientProtocol(OzoneClientFactory.java:173)
> s3g_1 | at
> org.apache.hadoop.ozone.client.OzoneClientFactory.getClient(OzoneClientFactory.java:74)
> s3g_1 | at
> org.apache.hadoop.ozone.s3.OzoneClientProducer.getClient(OzoneClientProducer.java:114)
> s3g_1 | at
> org.apache.hadoop.ozone.s3.OzoneClientProducer.createClient(OzoneClientProducer.java:71)
> s3g_1 | at
> jdk.internal.reflect.GeneratedMethodAccessor10.invoke(Unknown Source)
> s3g_1 | at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> s3g_1 | at
> java.base/java.lang.reflect.Method.invoke(Method.java:566)
> s3g_1 | at
> org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:88)
> s3g_1 | ... 92 more
> s3g_1 | Caused by:
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.token.SecretManager$InvalidToken):
> Invalid S3 identifier:OzoneToken owner=testuser/s...@example.com, renewer=,
> realUser=, issueDate=0, maxDate=0, sequenceNumber=0, masterKeyId=0,
> strToSign=AWS4-HMAC-SHA256
> s3g_1 | 20200115T101329Z
> s3g_1 | 20200115/us-east-1/s3/aws4_request
> s3g_1 | (hash), signature=(sign),
> awsAccessKeyId=testuser/s...@example.com{code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: ozone-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: ozone-issues-h...@hadoop.apache.org