You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2012/09/11 06:54:07 UTC
[jira] [Resolved] (HDFS-3915) QJM: Failover fails with auth error
in secure cluster
[ https://issues.apache.org/jira/browse/HDFS-3915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon resolved HDFS-3915.
-------------------------------
Resolution: Fixed
Fix Version/s: QuorumJournalManager (HDFS-3077)
Hadoop Flags: Reviewed
> QJM: Failover fails with auth error in secure cluster
> -----------------------------------------------------
>
> Key: HDFS-3915
> URL: https://issues.apache.org/jira/browse/HDFS-3915
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: ha, security
> Affects Versions: QuorumJournalManager (HDFS-3077)
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Fix For: QuorumJournalManager (HDFS-3077)
>
> Attachments: hdfs-3915.txt
>
>
> When testing failover in a secure cluster with QJM, we ran into the following error:
> {code}
> java.io.IOException: Exception trying to open authenticated connection to http://xxxxx:8480/getJournal?jid=journal&segmentTxId=4325&storageInfo=-40%3A1049822920%3A0%3ACID-d7c84ac3-bb09-4d55-baae-0d561bb55e9b
> at org.apache.hadoop.security.SecurityUtil.openSecureHttpConnection(SecurityUtil.java:510)
> at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream$URLLog$1.run(EditLogFileInputStream.java:376)
> ... at org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.doTailEdits(EditLogTailer.java:217)
> at org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.catchupDuringFailover(EditLogTailer.java:176)
> at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startActiveServices(FSNamesystem.java:635)
> Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
> {code}
> The issue is that the EditLogFileInputStream uses the "current" user, which in the case of the failover trigger is the admin's remote user, rather than the NN's login user.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira