ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Creeley (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-9966) On GlusterFS stack, Enable Security Wizard doesn't actually enable secure mode
Date Thu, 04 Jun 2015 19:39:38 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-9966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Scott Creeley updated AMBARI-9966:
----------------------------------
    Fix Version/s: 2.1.0

> On GlusterFS stack, Enable Security Wizard doesn't actually enable secure mode
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-9966
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9966
>             Project: Ambari
>          Issue Type: Bug
>          Components: stacks
>    Affects Versions: 1.6.1
>         Environment: HDP 2.1 on RHEL 6 with 2.1.GlusterFS stack
> package: ambari-server-1.6.1-98.noarch
>            Reporter: Martin Bukatovic
>            Assignee: Scott Creeley
>              Labels: glusterfs, keberos, secure
>             Fix For: 2.1.0
>
>
> When I try to enable Hadoop Secure Mode via Ambari "Enable Security Wizard" on
> GlusterFS stack, the properties which controls security are not changed.
> Moreover Ambari reports that Secure mode is enabled and didn't notice
> the problem.
> h3. Actual results
> There are no {{hadoop.security}} properties defined anywhere:
> {noformat}
> # grep hadoop.security /etc/hadoop/conf/*.xml
> #
> {noformat}
> This means that the security mode hasn't been actually enabled.
> Note that keytab definitons are configured fine, see eg.:
> {noformat}
> # grep keytab /etc/hadoop/conf/*.xml
> /etc/hadoop/conf/mapred-site.xml:      <name>mapreduce.jobhistory.webapp.spnego-keytab-file</name>
> /etc/hadoop/conf/mapred-site.xml:      <value>/etc/security/keytabs/spnego.service.keytab</value>
> /etc/hadoop/conf/mapred-site.xml:      <name>mapreduce.jobhistory.keytab.file</name>
> /etc/hadoop/conf/mapred-site.xml:      <value>/etc/security/keytabs/jhs.service.keytab</value>
> /etc/hadoop/conf/mapred-site.xml:      <name>mapreduce.jobhistory.keytab</name>
> /etc/hadoop/conf/mapred-site.xml:      <value>/etc/security/keytabs/jhs.service.keytab</value>
> /etc/hadoop/conf/yarn-site.xml:      <name>yarn.nodemanager.webapp.spnego-keytab-file</name>
> /etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/spnego.service.keytab</value>
> /etc/hadoop/conf/yarn-site.xml:      <name>yarn.nodemanager.keytab</name>
> /etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/nm.service.keytab</value>
> /etc/hadoop/conf/yarn-site.xml:      <name>yarn.resourcemanager.webapp.spnego-keytab-file</name>
> /etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/spnego.service.keytab</value>
> /etc/hadoop/conf/yarn-site.xml:      <name>yarn.resourcemanager.keytab</name>
> /etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/rm.service.keytab</value>
> {noformat}
> h3. Expected results
> Following configuration properties can be found in {{core-site}} conf file.
> {code:xml}
> <property>
>    <name>hadoop.security.authentication</name>
>    <value>kerberos</value>
> </property>
> <property>
>   <name>hadoop.security.authorization</name>
>   <value>true</value>
> </property>
> <property>
>   <name>hadoop.security.auth_to_local</name>
>   <value>RULE:[2:$1@$0](rm@.*RHSHADOOPQA.REDHAT.COM)s/.*/yarn/
> RULE:[2:$1@$0](nm@.*RHSHADOOPQA.REDHAT.COM)s/.*/yarn/
> RULE:[2:$1@$0](nn@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
> RULE:[2:$1@$0](dn@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
> RULE:[2:$1@$0](hbase@.*RHSHADOOPQA.REDHAT.COM)s/.*/hbase/
> RULE:[2:$1@$0](hbase@.*RHSHADOOPQA.REDHAT.COM)s/.*/hbase/
> RULE:[2:$1@$0](oozie@.*RHSHADOOPQA.REDHAT.COM)s/.*/oozie/
> RULE:[2:$1@$0](jhs@.*RHSHADOOPQA.REDHAT.COM)s/.*/mapred/
> RULE:[2:$1@$0](jn/_HOST@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
> RULE:[2:$1@$0](falcon@.*RHSHADOOPQA.REDHAT.COM)s/.*/falcon/
> DEFAULT</value>
> </property>
> {code}
> Expected configuration is based on result of "Enable Security Wizard" for
> normal HDFS stack.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message