You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Todd Lipcon (Code Review)" <ge...@cloudera.org> on 2016/11/02 00:08:57 UTC
[kudu-CR] rpc: improve behavior when GSSAPI SASL plugin is missing
Hello Dan Burkert, Alexey Serbin,
I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/4908
to review the following change.
Change subject: rpc: improve behavior when GSSAPI SASL plugin is missing
......................................................................
rpc: improve behavior when GSSAPI SASL plugin is missing
* If the client cannot enable the GSSAPI plugin, it now proceeds with a
connection anyway after logging a single VLOG(1) message. This allows
a client to connect to a non-Kerberos-enabled cluster without having
to install the GSSAPI plugin.
* If the server fails to enable the GSSAPI plugin for any reason, it now
sends back a FATAL_UNAUTHORIZED error so that the client can print
something reasonable. Unfortunately this one was tricky to test, so I
tested it manually by uninstalling the GSSAPI plugin on the server
side and connecting from another machine.
* If the client fails to negotiate a matching SASL mechanism, it
replaces the confusing "No worthy mechs" error message with something
that's more usable for the average user, suggesting to install the
GSSAPI plugin.
Change-Id: I49b991fd7088666a2b8daad18d70844ed8a5451f
---
M src/kudu/rpc/connection.cc
M src/kudu/rpc/negotiation.cc
M src/kudu/rpc/sasl_client.cc
M src/kudu/rpc/sasl_helper.cc
M src/kudu/rpc/sasl_rpc-test.cc
M src/kudu/rpc/sasl_server.cc
M src/kudu/rpc/sasl_server.h
7 files changed, 47 insertions(+), 11 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/08/4908/1
--
To view, visit http://gerrit.cloudera.org:8080/4908
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I49b991fd7088666a2b8daad18d70844ed8a5451f
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
[kudu-CR] rpc: improve behavior when GSSAPI SASL plugin is missing
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Hello Dan Burkert, Alexey Serbin, Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/4908
to look at the new patch set (#2).
Change subject: rpc: improve behavior when GSSAPI SASL plugin is missing
......................................................................
rpc: improve behavior when GSSAPI SASL plugin is missing
* If the client cannot enable the GSSAPI plugin, it now proceeds with a
connection anyway after logging a single VLOG(1) message. This allows
a client to connect to a non-Kerberos-enabled cluster without having
to install the GSSAPI plugin.
* If the client fails to negotiate a matching SASL mechanism, it
replaces the confusing "No worthy mechs" error message with something
that's more usable for the average user, suggesting to install the
GSSAPI plugin.
Change-Id: I49b991fd7088666a2b8daad18d70844ed8a5451f
---
M src/kudu/rpc/connection.cc
M src/kudu/rpc/sasl_client.cc
M src/kudu/rpc/sasl_helper.cc
M src/kudu/rpc/sasl_rpc-test.cc
4 files changed, 29 insertions(+), 4 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/08/4908/2
--
To view, visit http://gerrit.cloudera.org:8080/4908
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I49b991fd7088666a2b8daad18d70844ed8a5451f
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
[kudu-CR] rpc: improve behavior when GSSAPI SASL plugin is missing
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has submitted this change and it was merged.
Change subject: rpc: improve behavior when GSSAPI SASL plugin is missing
......................................................................
rpc: improve behavior when GSSAPI SASL plugin is missing
* If the client cannot enable the GSSAPI plugin, it now proceeds with a
connection anyway after logging a single VLOG(1) message. This allows
a client to connect to a non-Kerberos-enabled cluster without having
to install the GSSAPI plugin.
* If the client fails to negotiate a matching SASL mechanism, it
replaces the confusing "No worthy mechs" error message with something
that's more usable for the average user, suggesting to install the
GSSAPI plugin.
Change-Id: I49b991fd7088666a2b8daad18d70844ed8a5451f
Reviewed-on: http://gerrit.cloudera.org:8080/4908
Tested-by: Kudu Jenkins
Reviewed-by: Dan Burkert <da...@apache.org>
---
M src/kudu/rpc/connection.cc
M src/kudu/rpc/sasl_client.cc
M src/kudu/rpc/sasl_helper.cc
M src/kudu/rpc/sasl_rpc-test.cc
4 files changed, 29 insertions(+), 4 deletions(-)
Approvals:
Dan Burkert: Looks good to me, approved
Kudu Jenkins: Verified
--
To view, visit http://gerrit.cloudera.org:8080/4908
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I49b991fd7088666a2b8daad18d70844ed8a5451f
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
[kudu-CR] rpc: improve behavior when GSSAPI SASL plugin is missing
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has posted comments on this change.
Change subject: rpc: improve behavior when GSSAPI SASL plugin is missing
......................................................................
Patch Set 1:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/4908/1/src/kudu/rpc/negotiation.cc
File src/kudu/rpc/negotiation.cc:
Line 206: // If we can't initialize SASL, that indicates some kind of issue like
> Wouldn't a missing plugin be caught in the pre-flight check? This should o
oh... yea, I added the pre-flight check after I wrote this. Not sure if there are other cases where this matters, so maybe I'll just remove this part of the patch?
--
To view, visit http://gerrit.cloudera.org:8080/4908
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I49b991fd7088666a2b8daad18d70844ed8a5451f
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: Yes
[kudu-CR] rpc: improve behavior when GSSAPI SASL plugin is missing
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change.
Change subject: rpc: improve behavior when GSSAPI SASL plugin is missing
......................................................................
Patch Set 1:
(1 comment)
http://gerrit.cloudera.org:8080/#/c/4908/1/src/kudu/rpc/negotiation.cc
File src/kudu/rpc/negotiation.cc:
Line 206: // If we can't initialize SASL, that indicates some kind of issue like
Wouldn't a missing plugin be caught in the pre-flight check? This should only occur because of an expired ticket, right?
--
To view, visit http://gerrit.cloudera.org:8080/4908
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I49b991fd7088666a2b8daad18d70844ed8a5451f
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-HasComments: Yes
[kudu-CR] rpc: improve behavior when GSSAPI SASL plugin is missing
Posted by "Dan Burkert (Code Review)" <ge...@cloudera.org>.
Dan Burkert has posted comments on this change.
Change subject: rpc: improve behavior when GSSAPI SASL plugin is missing
......................................................................
Patch Set 2: Code-Review+2
--
To view, visit http://gerrit.cloudera.org:8080/4908
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I49b991fd7088666a2b8daad18d70844ed8a5451f
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No