You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Ahmed Hussein (Jira)" <ji...@apache.org> on 2021/02/15 15:48:00 UTC
[jira] [Comment Edited] (HADOOP-16810) Increase entropy to improve
cryptographic randomness on precommit Linux VMs
[ https://issues.apache.org/jira/browse/HADOOP-16810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17284037#comment-17284037 ]
Ahmed Hussein edited comment on HADOOP-16810 at 2/15/21, 3:47 PM:
------------------------------------------------------------------
[~aajisaka] I remembered you made some changes to Yetus/hadoop in the past. So, I thought to get your feedback on the changes in the PR.
In [my comment on MAPREDUCE-7079|https://issues.apache.org/jira/browse/MAPREDUCE-7079?focusedCommentId=17013234&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17013234]
{quote}This test case has been failing for ever.
- When it timeout, MRAppMaster and some YarnChild processes remain running in the background. Therefore, the JVM running the tests fail due to OOM. No one notices that this unit test case has failed because the QA reports the unit tests that failed, but not timeout.
- It works for Mac OS X, but never works for Linux running on a virtual Box. It only works on the latter by disabling MRJobConfig.MR_ENCRYPTED_INTERMEDIATE_DATA.{quote}
In this PR:
- the {{DOCKER_EXTRAARGS}} are added to {{hadoop.sh}} to pass the random mount
- -the version 0.10.0 is not on the [release page|https://yetus.apache.org/downloads/]. So, this is upgrading the Yetus to a released version 0.13.0.-
- adding the mount parameter to {{start-build-env.sh}}
Resources:
* [Yetus Advanced Precommit - important-variables|https://yetus.apache.org/documentation/0.11.1/precommit-advanced/#important-variables]
* [DOCKER_EXTRAARGS usage in Yetus code|https://github.com/apache/yetus/search?q=DOCKER_EXTRAARGS]
We can try the new changes anyway as we are still dealing with the entropy problem.
CC: [~ebadger] [~stevel@apache.org]
was (Author: ahussein):
[~aajisaka] I remembered you made some changes to Yetus/hadoop in the past. So, I thought to get your feedback on the changes in the PR.
In [my comment on MAPREDUCE-7079|https://issues.apache.org/jira/browse/MAPREDUCE-7079?focusedCommentId=17013234&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17013234]
{quote}This test case has been failing for ever.
- When it timeout, MRAppMaster and some YarnChild processes remain running in the background. Therefore, the JVM running the tests fail due to OOM. No one notices that this unit test case has failed because the QA reports the unit tests that failed, but not timeout.
- It works for Mac OS X, but never works for Linux running on a virtual Box. It only works on the latter by disabling MRJobConfig.MR_ENCRYPTED_INTERMEDIATE_DATA.{quote}
In this PR:
- the {{DOCKER_EXTRAARGS}} are added to {{hadoop.sh}} to pass the random mount
- the version 0.10.0 is not on the [release page|https://yetus.apache.org/downloads/]. So, this is upgrading the Yetus to a released version 0.13.0.
- adding the mount parameter to {{start-build-env.sh}}
Resources:
* [Yetus Advanced Precommit - important-variables|https://yetus.apache.org/documentation/0.11.1/precommit-advanced/#important-variables]
* [DOCKER_EXTRAARGS usage in Yetus code|https://github.com/apache/yetus/search?q=DOCKER_EXTRAARGS]
We can try the new changes anyway as we are still dealing with the entropy problem.
CC: [~ebadger] [~stevel@apache.org]
> Increase entropy to improve cryptographic randomness on precommit Linux VMs
> ---------------------------------------------------------------------------
>
> Key: HADOOP-16810
> URL: https://issues.apache.org/jira/browse/HADOOP-16810
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Ahmed Hussein
> Assignee: Ahmed Hussein
> Priority: Blocker
> Labels: pull-request-available
> Time Spent: 1h
> Remaining Estimate: 0h
>
> I was investigating a JUnit test (MAPREDUCE-7079 :TestMRIntermediateDataEncryption is failing in precommit builds) that was consistently hanging on Linux VMs and failing Mapreduce pre-builds.
> I found that the test hangs slows or hangs indefinitely whenever Java reads the random file.
> I explored two different ways to get that test case to work properly on my local Linux VM running rel7:
> # To install "haveged" and "rng-tools" on the virtual machine running Rel7. Then, start rngd service {{sudo service rngd start}} . This will fix the problem for all the components on the image including java, native and any other component.
> # Change java configuration to load urandom
> {code:bash}
> sudo vim $JAVA_HOME/jre/lib/security/java.security
> ## Change the line “securerandom.source=file:/dev/random” to read: securerandom.source=file:/dev/./urandom
> {code}
> The first solution is better because this will fix the problem for everything that requires SSL/TLS or other services that depend upon encryption.
> Since the precommit build runs on Docker, then it would be best to mount {{/dev/urandom}} from the host as {{/dev/random}} into the container:
> {code:java}
> docker run -v /dev/urandom:/dev/random
> {code}
> For Yetus, we need to add the mount to the {{DOCKER_EXTRAARGS}} as follows:
> {code:java}
> DOCKER_EXTRAARGS+=("-v" "/dev/urandom:/dev/random")
> {code}
> ...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org