You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Wei-Chiu Chuang (Jira)" <ji...@apache.org> on 2020/03/20 18:15:00 UTC
[jira] [Commented] (HADOOP-16647) Support OpenSSL 1.1.1 LTS
[ https://issues.apache.org/jira/browse/HADOOP-16647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17063556#comment-17063556 ]
Wei-Chiu Chuang commented on HADOOP-16647:
------------------------------------------
So looks like HADOOP-16405 takes care of the openssl 1.1.1 in cloud connectors.
For the Hadoop services (YARN, HDFS), one of my colleague is taking a look at it and found Hadoop does not currently run on openssl 1.1.1.
It generates error like the following:
{noformat}
20/03/20 05:20:07 ERROR random.OpensslSecureRandom: Failed to load Openssl SecureRandom
java.lang.UnsatisfiedLinkError: CRYPTO_num_locks
at org.apache.hadoop.crypto.random.OpensslSecureRandom.initSR(Native Method)
at org.apache.hadoop.crypto.random.OpensslSecureRandom.<clinit>(OpensslSecureRandom.java:57)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at org.apache.hadoop.conf.Configuration.getClassByNameOrNull(Configuration.java:2598)
at org.apache.hadoop.conf.Configuration.getClassByName(Configuration.java:2563)
at org.apache.hadoop.conf.Configuration.getClass(Configuration.java:2659)
at org.apache.hadoop.conf.Configuration.getClass(Configuration.java:2685)
at org.apache.hadoop.crypto.OpensslAesCtrCryptoCodec.setConf(OpensslAesCtrCryptoCodec.java:59)
at org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:77)
at org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:137)
at org.apache.hadoop.crypto.CryptoCodec.getInstance(CryptoCodec.java:69)
at org.apache.hadoop.hdfs.HdfsKMSUtil.getCryptoCodec(HdfsKMSUtil.java:110)
at org.apache.hadoop.hdfs.DFSClient.createWrappedOutputStream(DFSClient.java:961)
at org.apache.hadoop.hdfs.DFSClient.createWrappedOutputStream(DFSClient.java:947)
at org.apache.hadoop.hdfs.DistributedFileSystem$8.doCall(DistributedFileSystem.java:538)
at org.apache.hadoop.hdfs.DistributedFileSystem$8.doCall(DistributedFileSystem.java:532)
at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
at org.apache.hadoop.hdfs.DistributedFileSystem.create(DistributedFileSystem.java:546)
at org.apache.hadoop.hdfs.DistributedFileSystem.create(DistributedFileSystem.java:473)
at org.apache.hadoop.fs.FilterFileSystem.create(FilterFileSystem.java:195)
at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:1133)
at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:1113)
at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:1002)
at
{noformat}
> Support OpenSSL 1.1.1 LTS
> -------------------------
>
> Key: HADOOP-16647
> URL: https://issues.apache.org/jira/browse/HADOOP-16647
> Project: Hadoop Common
> Issue Type: Task
> Components: security
> Reporter: Wei-Chiu Chuang
> Priority: Critical
>
> See Hadoop user mailing list http://mail-archives.apache.org/mod_mbox/hadoop-user/201910.mbox/%3CCADiq6%3DweDFxHTL_7eGwDNnxVCza39y2QYQTSggfLn7mXhMLOdg%40mail.gmail.com%3E
> Hadoop 2 supports OpenSSL 1.0.2.
> Hadoop 3 supports OpenSSL 1.1.0 (HADOOP-14597) and I believe 1.0.2 too.
> Per OpenSSL blog https://www.openssl.org/policies/releasestrat.html
> * 1.1.0 is EOL 2019/09/11
> * 1.0.2 EOL 2019/12/31
> * 1.1.1 is EOL 2023/09/11 (LTS)
> Many Hadoop installation relies on the OpenSSL package provided by Linux distros, but it's not clear to me if Linux distros are going support 1.1.0/1.0.2 beyond this date.
> We should make sure Hadoop works with OpenSSL 1.1.1, as well as document the openssl version supported. File this jira to test/document/fix bugs.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org