You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hadoop.apache.org by 尉雁磊 <yu...@qianxin.com> on 2022/09/29 02:10:44 UTC
When Kerberos is enabled, the rolling upgrade of Hadoop (2.7.2 upgrade 3.3.4) fails
When Kerberos is enabled and Hadoop is upgraded from 2.7.2 to 3.3.4, when Acitve Namenode version is 3.3.4 and Datanode version is 2.7.2, The BlockToken authentication between Namenode and Datanode fails. As a result, the client cannot read and write.
The datanode error:
org.apache.hadoop.security.token.SecretManager$InvalidToken: Block token with block_token_identifier (expiryDate=1664452892587, keyId=2032735264, userId=work, blockPoolId=BP-874546658-10.48.20.234-1660635316009, blockId=1152681184, access modes=[READ]) doesn't have the correct token password
at org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.checkAccess(BlockTokenSecretManager.java:303)
at org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager.checkAccess(BlockPoolTokenSecretManager.java:97)
at org.apache.hadoop.hdfs.server.datanode.DataXceiver.checkAccess(DataXceiver.java:1296)
at org.apache.hadoop.hdfs.server.datanode.DataXceiver.readBlock(DataXceiver.java:521)
at org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.opReadBlock(Receiver.java:116)
at org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.processOp(Receiver.java:71)
at org.apache.hadoop.hdfs.server.datanode.DataXceiver.run(DataXceiver.java:253)
at java.lang.Thread.run(Thread.java:745)
This phenomenon like https://issues.apache.org/jira/browse/HDFS-14509, but can't merge the issues on the version 2.7.2 patch, so now can't in the case of open kerberos, Perform a rolling upgrade of Hadoop (2.7.2 upgrading 3.3.4)
I think it's a problem. What do you think
Re: When Kerberos is enabled, the rolling upgrade of Hadoop (2.7.2 upgrade 3.3.4) fails
Posted by Brahma Reddy Battula <br...@apache.org>.
If I remember correctly, Yes, you need to have the HDFS-14509 patch in your
2.7.3 code and then go upgrade.
On Thu, Sep 29, 2022 at 7:42 AM 尉雁磊 <yu...@qianxin.com> wrote:
> When Kerberos is enabled and Hadoop is upgraded from 2.7.2 to 3.3.4, when
> Acitve Namenode version is 3.3.4 and Datanode version is 2.7.2, The
> BlockToken authentication between Namenode and Datanode fails. As a result,
> the client cannot read and write.
>
> The datanode error:
>
>
> org.apache.hadoop.security.token.SecretManager$InvalidToken: Block token
> with block_token_identifier (expiryDate=1664452892587, keyId=2032735264,
> userId=work, blockPoolId=BP-874546658-10.48.20.234-1660635316009,
> blockId=1152681184, access modes=[READ]) doesn't have the correct token
> password
> at
> org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.checkAccess(BlockTokenSecretManager.java:303)
> at
> org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager.checkAccess(BlockPoolTokenSecretManager.java:97)
> at
> org.apache.hadoop.hdfs.server.datanode.DataXceiver.checkAccess(DataXceiver.java:1296)
> at
> org.apache.hadoop.hdfs.server.datanode.DataXceiver.readBlock(DataXceiver.java:521)
> at
> org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.opReadBlock(Receiver.java:116)
> at
> org.apache.hadoop.hdfs.protocol.datatransfer.Receiver.processOp(Receiver.java:71)
> at
> org.apache.hadoop.hdfs.server.datanode.DataXceiver.run(DataXceiver.java:253)
> at java.lang.Thread.run(Thread.java:745)
>
> This phenomenon like https://issues.apache.org/jira/browse/HDFS-14509,
> but can't merge the issues on the version 2.7.2 patch, so now can't in the
> case of open kerberos, Perform a rolling upgrade of Hadoop (2.7.2 upgrading
> 3.3.4)
> I think it's a problem. What do you think
>
>