Vipin Rathor created HADOOP-15519:
-------------------------------------
Summary: KMS fails to read the existing key metadata after
upgrading to JDK 1.8u171
Key: HADOOP-15519
URL: https://issues.apache.org/jira/browse/HADOOP-15519
Project: Hadoop Common
Issue Type: Bug
Components: kms
Affects Versions: 2.7.3
Reporter: Vipin Rathor
Steps to reproduce are:
a. Setup a KMS with any OpenJDK 1.8 before u171 and create few KMS keys.
b. Update KMS to run with OpenJDK 1.8u171 JDK and keys can't be read anymore,
as can be seen below
{code:java}
hadoop key list -metadata
<keyname> : null
{code}
c. Going back to earlier JDK version fixes the issue.
There are no direct error / stacktrace in kms.log when it is not able to read
the key metadata. Only Java serialization INFO messages are printed, followed
by this one empty line in log which just says:
{code:java}
ERROR RangerKeyStore -
{code}
In some cases, kms.log can also have these lines:
{code:java}
2018-05-18 10:40:46,438 DEBUG RangerKmsAuthorizer - <==
RangerKmsAuthorizer.assertAccess(null, rangerkms/node1.host....@env.com
(auth:KERBEROS), GET_METADATA)
2018-05-18 10:40:46,598 INFO serialization - ObjectInputFilter REJECTED: class
org.apache.hadoop.crypto.key.RangerKeyStoreProvider$KeyMetadata, array length:
-1, nRefs: 1, depth: 1, bytes: 147, ex: n/a
2018-05-18 10:40:46,598 ERROR RangerKeyStore -
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
