ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emil Anca" <ea...@hortonworks.com>
Subject Review Request 35729: Core-site config reverted after enabling NN HA
Date Mon, 22 Jun 2015 15:03:20 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35729/
-----------------------------------------------------------

Review request for Ambari, Jaimin Jetly and Robert Levas.


Bugs: AMBARI-12065
    https://issues.apache.org/jira/browse/AMBARI-12065


Repository: ambari


Description
-------

Steps to reproduce:
* Install cluster with no HA
* Set the following core-site.xml properties and restart affected services.
||Property||Value||
|hadoop.http.authentication.simple.anonymous.allowed|false|
|hadoop.http.authentication.signature.secret.file|/etc/security/http_secret|
|hadoop.http.authentication.type|kerberos|
|hadoop.http.authentication.kerberos.keytab|/etc/security/keytabs/spnego.service.keytab|
|hadoop.http.authentication.kerberos.principal|HTTP/_HOST@EXAMPLE.COM|
|hadoop.http.filter.initializers|org.apache.hadoop.security.AuthenticationFilterInitializer|
|hadoop.http.authentication.cookie.domain|hortonworks.local|
* Tell Ambari to authenticate itself {{ambari-server setup-security}} Option 3
* Validate that UI's require authentication
* Enable NN HA
* Try looking at core-site.xml for all configuration properties and you'll notice they've
been reverted to defaults


**Problem**: The kerberos descriptor updated the core-site props as part of the Kerberos descriptor
**Solution**: Removed SPNEGO related props from the HDFS Kerberos descriptor


Diffs
-----

  ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json f19e391 

Diff: https://reviews.apache.org/r/35729/diff/


Testing
-------

Unit Tests *in progress*

Installed HDFS cluster, kerbenized, enabled HA, monitored core-site props not getting updated.
Relied on the metrics system to report any web interface access issues, none were reported.


Thanks,

Emil Anca


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message