If I remember correctly, Yes, you need to have the HDFS-14509 patch in your 2.7.3 code and then go upgrade.
On Thu, Sep 29, 2022 at 7:42 AM 尉雁磊 <yuyan...@qianxin.com> wrote: > When Kerberos is enabled and Hadoop is upgraded from 2.7.2 to 3.3.4, when > Acitve Namenode version is 3.3.4 and Datanode version is 2.7.2, The > BlockToken authentication between Namenode and Datanode fails. As a result, > the client cannot read and write. > > The datanode error: > > > org.apache.hadoop.security.token.SecretManager$InvalidToken: Block token > with block_token_identifier (expiryDate=1664452892587, keyId=2032735264, > userId=work, blockPoolId=BP-874546658-10.48.20.234-1660635316009, > blockId=1152681184, access modes=[READ]) doesn't have the correct token > password > at > org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.checkAccess(BlockTokenSecretManager.java:303) > at > org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager.checkAccess(BlockPoolTokenSecretManager.java:97) > at > org.apache.hadoop.hdfs.server.datanode.DataXceiver.checkAccess(DataXceiver.java:1296) > at > org.apache.hadoop.hdfs.server.datanode.DataXceiver.readBlock(DataXceiver.java:521) > at > org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.opReadBlock(Receiver.java:116) > at > org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.processOp(Receiver.java:71) > at > org.apache.hadoop.hdfs.server.datanode.DataXceiver.run(DataXceiver.java:253) > at java.lang.Thread.run(Thread.java:745) > > This phenomenon like https://issues.apache.org/jira/browse/HDFS-14509, > but can't merge the issues on the version 2.7.2 patch, so now can't in the > case of open kerberos, Perform a rolling upgrade of Hadoop (2.7.2 upgrading > 3.3.4) > I think it's a problem. What do you think > >