ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 31422: Local user mapping for hdfs headless principal not set in Kerberos descriptor
Date Wed, 25 Feb 2015 19:53:32 GMT


> On Feb. 25, 2015, 2:44 p.m., Yusaku Sako wrote:
> > How about the HBase headless principal?

That exists in `common-services/HBASE/0.96.0.2.0/kerberos.json`


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31422/#review74070
-----------------------------------------------------------


On Feb. 25, 2015, 2:41 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31422/
> -----------------------------------------------------------
> 
> (Updated Feb. 25, 2015, 2:41 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-9786
>     https://issues.apache.org/jira/browse/AMBARI-9786
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The local user mapping for the hdfs headless principal not set in Kerberos descriptor.
 It should be set to `hadoop-env/hdfs_user`
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/kerberos.json 271fffd 
> 
> Diff: https://reviews.apache.org/r/31422/diff/
> 
> 
> Testing
> -------
> 
> Manually tested in cluster and found expetected auth-to-local rules generated:
> 
> ```
> RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/
> RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
> DEFAULT
> ```
> 
> See `RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/` and `RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/`
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message