When Kerberos is enabled, the rolling upgrade of Hadoop (2.7.2 upgrade 3.3.4) fails

Wed, 28 Sep 2022 19:12:15 -0700 

When Kerberos is enabled and Hadoop is upgraded from 2.7.2 to 3.3.4, when 
Acitve Namenode version is 3.3.4 and Datanode version is 2.7.2, The BlockToken 
authentication between Namenode and Datanode fails. As a result, the client 
cannot read and write.

The datanode error:


org.apache.hadoop.security.token.SecretManager$InvalidToken: Block token with 
block_token_identifier (expiryDate=1664452892587, keyId=2032735264, 
userId=work, blockPoolId=BP-874546658-10.48.20.234-1660635316009, 
blockId=1152681184, access modes=[READ]) doesn't have the correct token password
        at 
org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.checkAccess(BlockTokenSecretManager.java:303)
        at 
org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager.checkAccess(BlockPoolTokenSecretManager.java:97)
        at 
org.apache.hadoop.hdfs.server.datanode.DataXceiver.checkAccess(DataXceiver.java:1296)
        at 
org.apache.hadoop.hdfs.server.datanode.DataXceiver.readBlock(DataXceiver.java:521)
        at 
org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.opReadBlock(Receiver.java:116)
        at 
org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.processOp(Receiver.java:71)
        at 
org.apache.hadoop.hdfs.server.datanode.DataXceiver.run(DataXceiver.java:253)
        at java.lang.Thread.run(Thread.java:745)


This phenomenon like https://issues.apache.org/jira/browse/HDFS-14509, but 
can't merge the issues on the version 2.7.2 patch, so now can't in the case of 
open kerberos, Perform a rolling upgrade of Hadoop (2.7.2 upgrading 3.3.4)
I think it's a problem. What do you think

Reply via email to