[jira] [Commented] (HADOOP-11754) RM fails to start in non-secure mode due to authentication filter failure

[Allen Wittenauer (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-11754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14382076#comment-14382076
 ] 

Allen Wittenauer commented on HADOOP-11754:
-------------------------------------------

bq.  If security is enabled, the absence of the file should be a failure. 

That's a definite change in behavior.  If a secret wasn't configured, the 2.6 
and previous filters generated a random one since it was assumed that the 
serving system was a single host.

bq. Wouldn't that break users that were simply relying on the default value for 
this property in the secure mode? I'm not sure if that qualifies as not 
backward compatible, but does sound like there will be user impact if that 
change is made.

... which means that, yes, changing this behavior is most definitely not 
backward compatible.

> RM fails to start in non-secure mode due to authentication filter failure
> -------------------------------------------------------------------------
>
>                 Key: HADOOP-11754
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11754
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.7.0
>            Reporter: Sangjin Lee
>            Priority: Blocker
>         Attachments: HADOOP-11754-v1.patch, HADOOP-11754-v2.patch
>
>
> RM fails to start in the non-secure mode with the following exception:
> {noformat}
> 2015-03-25 22:02:42,526 WARN org.mortbay.log: failed RMAuthenticationFilter: 
> javax.servlet.ServletException: java.lang.RuntimeException: Could not read 
> signature secret file: /Users/sjlee/hadoop-http-auth-signature-secret
> 2015-03-25 22:02:42,526 WARN org.mortbay.log: Failed startup of context 
> org.mortbay.jetty.webapp.WebAppContext@6de50b08{/,jar:file:/Users/sjlee/hadoop-3.0.0-SNAPSHOT/share/hadoop/yarn/hadoop-yarn-common-3.0.0-SNAPSHOT.jar!/webapps/cluster}
> javax.servlet.ServletException: java.lang.RuntimeException: Could not read 
> signature secret file: /Users/sjlee/hadoop-http-auth-signature-secret
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeSecretProvider(AuthenticationFilter.java:266)
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:225)
>       at 
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.init(DelegationTokenAuthenticationFilter.java:161)
>       at 
> org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.init(RMAuthenticationFilter.java:53)
>       at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
>       at 
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
>       at 
> org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
>       at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
>       at 
> org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
>       at 
> org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
>       at 
> org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
>       at 
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
>       at 
> org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
>       at 
> org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
>       at 
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
>       at 
> org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
>       at org.mortbay.jetty.Server.doStart(Server.java:224)
>       at 
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
>       at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:773)
>       at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:274)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.startWepApp(ResourceManager.java:974)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1074)
>       at 
> org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1208)
> Caused by: java.lang.RuntimeException: Could not read signature secret file: 
> /Users/sjlee/hadoop-http-auth-signature-secret
>       at 
> org.apache.hadoop.security.authentication.util.FileSignerSecretProvider.init(FileSignerSecretProvider.java:59)
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeSecretProvider(AuthenticationFilter.java:264)
>       ... 23 more
> ...
> 2015-03-25 22:02:42,538 FATAL 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager: Error starting 
> ResourceManager
> org.apache.hadoop.yarn.webapp.WebAppException: Error starting http server
>       at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:279)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.startWepApp(ResourceManager.java:974)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1074)
>       at 
> org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)
>       at 
> org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1208)
> Caused by: java.io.IOException: Problem in starting http server. Server 
> handlers failed
>       at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:785)
>       at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:274)
>       ... 4 more
> {noformat}
> This is likely a regression introduced by HADOOP-10670.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)