ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-13897) Ambari does not configure hbase.coprocessor.regionserver.classes
Date Sat, 14 Nov 2015 19:22:11 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-13897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15005552#comment-15005552
] 

Hadoop QA commented on AMBARI-13897:
------------------------------------

{color:green}+1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12772351/AMBARI-13897.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 2 new or modified
test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in ambari-server.

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/4292//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/4292//console

This message is automatically generated.

> Ambari does not configure hbase.coprocessor.regionserver.classes 
> -----------------------------------------------------------------
>
>                 Key: AMBARI-13897
>                 URL: https://issues.apache.org/jira/browse/AMBARI-13897
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Jaimin D Jetly
>            Assignee: Jaimin D Jetly
>            Priority: Critical
>             Fix For: 2.1.3
>
>         Attachments: AMBARI-13897.patch
>
>
> In a newly installed cluster with security and ranger, I cannot find {{hbase.coprocessor.regionserver.classes}}
configured which is needed to protect some of the direct RPC's to the regionserver (stopping
regionserver is an example). 
> In a proper cluster all *three* properties should be configured:  
> {code}
> <property>
>   <name>hbase.coprocessor.region.classes</name>
>   <value>org.apache.hadoop.hbase.security.token.TokenProvider, org.apache.hadoop.hbase.security.access.AccessController,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint</value>
> </property>
> <property>
>   <name>hbase.coprocessor.master.classes</name>
>   <value>org.apache.hadoop.hbase.security.access.AccessController</value>
> </property>
> <property>
>   <name>hbase.coprocessor.regionserver.classes</name>
>   <value>org.apache.hadoop/hbase.security.access.AccessController</value>
> </property>
> {code}
> In stackadvisor, I can see that we are configuring {{hbase.coprocessor.regionserver.classes}},
but somehow in a newly installed cluster, I don't find the setting in hbase-site.xml. 
> There are a couple of action items from this jira: 
>  # Make sure that {{hbase.coprocessor.regionserver.classes}} is configured properly for
secure clusters. 
> # reading the stackadvisor code, it can be improved so that if the customer has configured
other coprocessors, they are not lost.  The logic for {{hbase.coprocessor.regionserver.classes}}
and {{hbase.coprocessor.region.classes}} and {{hbase.coprocessor.master.classes}} should be
something like this: 
>  - get the list of co-processors and put them to a set. 
>  - If security is enabled, then add either ranger or hbase native AC coprocessors to
the set 
>  - Else remove the AC and ranger AC coprocessors from the list 
>  - write the configurations to hbase-site. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message