You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2012/09/11 06:54:07 UTC

[jira] [Resolved] (HDFS-3915) QJM: Failover fails with auth error in secure cluster

     [ https://issues.apache.org/jira/browse/HDFS-3915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Todd Lipcon resolved HDFS-3915.
-------------------------------

       Resolution: Fixed
    Fix Version/s: QuorumJournalManager (HDFS-3077)
     Hadoop Flags: Reviewed
    
> QJM: Failover fails with auth error in secure cluster
> -----------------------------------------------------
>
>                 Key: HDFS-3915
>                 URL: https://issues.apache.org/jira/browse/HDFS-3915
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: ha, security
>    Affects Versions: QuorumJournalManager (HDFS-3077)
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>             Fix For: QuorumJournalManager (HDFS-3077)
>
>         Attachments: hdfs-3915.txt
>
>
> When testing failover in a secure cluster with QJM, we ran into the following error:
> {code}
> java.io.IOException: Exception trying to open authenticated connection to http://xxxxx:8480/getJournal?jid=journal&segmentTxId=4325&storageInfo=-40%3A1049822920%3A0%3ACID-d7c84ac3-bb09-4d55-baae-0d561bb55e9b
> 	at org.apache.hadoop.security.SecurityUtil.openSecureHttpConnection(SecurityUtil.java:510)
> 	at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream$URLLog$1.run(EditLogFileInputStream.java:376)
> ...	at org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.doTailEdits(EditLogTailer.java:217)
> 	at org.apache.hadoop.hdfs.server.namenode.ha.EditLogTailer.catchupDuringFailover(EditLogTailer.java:176)
> 	at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startActiveServices(FSNamesystem.java:635)
> Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
> {code}
> The issue is that the EditLogFileInputStream uses the "current" user, which in the case of the failover trigger is the admin's remote user, rather than the NN's login user.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira