ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Onischuk" <aonis...@hortonworks.com>
Subject Re: Review Request 22730: Secure cluster: JCE policy files not distributed on non-client hosts.
Date Wed, 18 Jun 2014 14:08:06 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22730/
-----------------------------------------------------------

(Updated June 18, 2014, 2:08 p.m.)


Review request for Ambari and Dmitro Lisnichenko.


Bugs: AMBARI-6185
    https://issues.apache.org/jira/browse/AMBARI-6185


Repository: ambari


Description
-------

Looks like code to distribute JCE policy is in before-install hooks
[code](https://git-wip-
us.apache.org/repos/asf/ambari/repo?p=ambari.git;a=blob;f=ambari-
server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared
_initialization.py;h=a1196a8d2c997be37d65760aa3cd5de13e2cc747;hb=HEAD#l210).
So if no INSTALL task has executed on a host in secure cluster (for agent
hadoop.security.authentication=kerberos is security enabled) then JCE policy
will not be distributed and unzipped on that host

Cluster can easily fall in a situation where a host has no client component.
Following are example scenarios

  1. While installing partial set of services with default selection for serviceComponent
allocation to hosts in installer wizard
  2. Adding a new host with slave components but no client components.

This leads to failure of starting serviceComponent that has no client
installed with them on a host in secure cluster.

I discovered this bug while securing a cluster with just HDFS+ZK+STORM
installed. Security wizard start all services failed with ZK quorum check
failure. Once I installed HDFS_CLIENT on all hosts and restarted all services
then all services came up in secure cluster.


Diffs (updated)
-----

  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-INSTALL/scripts/shared_initialization.py
3a0bf93 
  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/hook.py 8ad8c70

  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/params.py 6f22e79

  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/shared_initialization.py
07858ad 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py
a1196a8 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/hook.py 703889e

  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/params.py fbb358f

  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/shared_initialization.py
4a9bc42 

Diff: https://reviews.apache.org/r/22730/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message