You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Evert Lammerts (Created) (JIRA)" <ji...@apache.org> on 2012/03/07 17:34:57 UTC

[jira] [Created] (HDFS-3059) ssl-server.xml causes NullPointer

ssl-server.xml causes NullPointer
---------------------------------

                 Key: HDFS-3059
                 URL: https://issues.apache.org/jira/browse/HDFS-3059
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: data-node, security
    Affects Versions: 1.0.0, 0.20.205.0
         Environment: in core-site.xml:
{code:xml}
  <property>
    <name>hadoop.security.authentication</name>
    <value>kerberos</value>
  </property>

  <property>
    <name>hadoop.security.authorization</name>
    <value>true</value>
  </property>
{code}

in hdfs-site.xml:
{code:xml}
  <property>
    <name>dfs.https.server.keystore.resource</name>
    <value>/etc/hadoop/conf/ssl-server.xml</value>
  </property>

  <property>
    <name>dfs.https.enable</name>
    <value>true</value>
  </property>

  <property>
    ...other security props
  </property>
{code}

            Reporter: Evert Lammerts
            Priority: Minor


If ssl is enabled (dfs.https.enable) but ssl-server.xml is not available, a DN will crash during startup while setting up an SSL socket with a NullPointerException:

{noformat}12/03/07 17:08:36 DEBUG security.Krb5AndCertsSslSocketConnector: useKerb = false, useCerts = true
jetty.ssl.password : jetty.ssl.keypassword : 12/03/07 17:08:36 INFO mortbay.log: jetty-6.1.26.cloudera.1
12/03/07 17:08:36 INFO mortbay.log: Started SelectChannelConnector@p-worker35.alley.sara.nl:1006
12/03/07 17:08:36 DEBUG security.Krb5AndCertsSslSocketConnector: Creating new KrbServerSocket for: 0.0.0.0
12/03/07 17:08:36 WARN mortbay.log: java.lang.NullPointerException
12/03/07 17:08:36 WARN mortbay.log: failed Krb5AndCertsSslSocketConnector@0.0.0.0:50475: java.io.IOException: !JsseListener: java.lang.NullPointerException
12/03/07 17:08:36 WARN mortbay.log: failed Server@604788d5: java.io.IOException: !JsseListener: java.lang.NullPointerException
12/03/07 17:08:36 INFO mortbay.log: Stopped Krb5AndCertsSslSocketConnector@0.0.0.0:50475
12/03/07 17:08:36 INFO mortbay.log: Stopped SelectChannelConnector@p-worker35.alley.sara.nl:1006
12/03/07 17:08:37 INFO datanode.DataNode: Waiting for threadgroup to exit, active threads is 0{noformat}

The same happens if I set an absolute path to an existing dfs.https.server.keystore.resource - in this case the file cannot be found but not even a WARN is given.

Since in dfs.https.server.keystore.resource we know we need to have 4 properties specified (ssl.server.truststore.location, ssl.server.keystore.location, ssl.server.keystore.password, and ssl.server.keystore.keypassword) we should check if they are set and throw an IOException if they are not.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira