ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Onischuk" <aonis...@hortonworks.com>
Subject Re: Review Request 22730: Secure cluster: JCE policy files not distributed on non-client hosts.
Date Wed, 25 Jun 2014 16:32:28 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22730/
-----------------------------------------------------------

(Updated June 25, 2014, 4:32 p.m.)


Review request for Ambari, Dmytro Sen and Nate Cole.


Bugs: AMBARI-6185
    https://issues.apache.org/jira/browse/AMBARI-6185


Repository: ambari


Description
-------

Looks like code to distribute JCE policy is in before-install hooks
[code](https://git-wip-
us.apache.org/repos/asf/ambari/repo?p=ambari.git;a=blob;f=ambari-
server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared
_initialization.py;h=a1196a8d2c997be37d65760aa3cd5de13e2cc747;hb=HEAD#l210).
So if no INSTALL task has executed on a host in secure cluster (for agent
hadoop.security.authentication=kerberos is security enabled) then JCE policy
will not be distributed and unzipped on that host

Cluster can easily fall in a situation where a host has no client component.
Following are example scenarios

  1. While installing partial set of services with default selection for serviceComponent
allocation to hosts in installer wizard
  2. Adding a new host with slave components but no client components.

This leads to failure of starting serviceComponent that has no client
installed with them on a host in secure cluster.

I discovered this bug while securing a cluster with just HDFS+ZK+STORM
installed. Security wizard start all services failed with ZK quorum check
failure. Once I installed HDFS_CLIENT on all hosts and restarted all services
then all services came up in secure cluster.


Diffs
-----

  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-ANY/scripts/hook.py PRE-CREATION

  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-ANY/scripts/params.py PRE-CREATION

  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-ANY/scripts/shared_initialization.py
PRE-CREATION 
  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-INSTALL/scripts/hook.py 626b199

  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-INSTALL/scripts/shared_initialization.py
3a0bf93 
  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-RESTART/scripts/hook.py 05977c3

  ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/hook.py 8ad8c70

  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py PRE-CREATION

  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/params.py PRE-CREATION

  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py
PRE-CREATION 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/hook.py 6904e9d

  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py
a1196a8 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-RESTART/scripts/hook.py 05977c3

  ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/hook.py 703889e

  ambari-server/src/test/python/stacks/1.3.2/hooks/before-INSTALL/test_before_install.py 58084d0

  ambari-server/src/test/python/stacks/1.3.2/hooks/before-START/test_before_start.py fc906b1

  ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py 92eed49

  ambari-server/src/test/python/stacks/2.0.6/hooks/before-START/test_before_start.py 9274fd5


Diff: https://reviews.apache.org/r/22730/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message