You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Xiaoyu Yao (JIRA)" <ji...@apache.org> on 2018/09/22 16:53:00 UTC

[jira] [Created] (HDDS-540) Unblock certain SCM client APIs from SCM#checkAdminAccess

Xiaoyu Yao created HDDS-540:
-------------------------------

             Summary: Unblock certain SCM client APIs from SCM#checkAdminAccess
                 Key: HDDS-540
                 URL: https://issues.apache.org/jira/browse/HDDS-540
             Project: Hadoop Distributed Data Store
          Issue Type: Sub-task
            Reporter: Xiaoyu Yao
            Assignee: Xiaoyu Yao


Currently most of SCM Client APIs has been guarded with checkAdminAccess. This ticket is opened to unblock non-admin client from accessing SCM container/pipeline during block allocation. 

 

{code}

scm_1           | 2018-09-22 02:52:32 INFO  Server:2726 - IPC Server handler 5 on 9860, call Call#4 Retry#0 org.apache.hadoop.ozone.protocol.StorageContainerLocationProtocol.getContainerWithPipeline from 192.168.0.2:34101

scm_1           | java.io.IOException: Access denied for user testuser/datanode@EXAMPLE.COM. Superuser privilege is required.

scm_1           | at org.apache.hadoop.hdds.scm.server.StorageContainerManager.checkAdminAccess(StorageContainerManager.java:867)

scm_1           | at org.apache.hadoop.hdds.scm.server.SCMClientProtocolServer.getContainerWithPipeline(SCMClientProtocolServer.java:190)

scm_1           | at org.apache.hadoop.ozone.protocolPB.StorageContainerLocationProtocolServerSideTranslatorPB.getContainerWithPipeline(StorageContainerLocationProtocolServerSideTranslatorPB.java:120)

scm_1           | at org.apache.hadoop.hdds.protocol.proto.StorageContainerLocationProtocolProtos$StorageContainerLocationProtocolService$2.callBlockingMethod(StorageContainerLocationProtocolProtos.java:10790)

scm_1           | at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:524)

scm_1           | at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1025)

scm_1           | at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:876)

scm_1           | at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:822)

scm_1           | at java.security.AccessController.doPrivileged(Native Method)

scm_1           | at javax.security.auth.Subject.doAs(Subject.java:422)

scm_1           | at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730)

scm_1           | at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2682)

{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org