Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@ambari.apache.org
Content-Type: multipart/alternative;
 boundary="===============5539579934207757012=="
MIME-Version: 1.0
Subject: Re: Review Request 43465: Hdfs keytab for hawq service check on
 secured cluster
From: jun aoki <jun.aoki.dev@gmail.com>
To: jun aoki <jun.aoki.dev@gmail.com>, Robert Levas <rlevas@hortonworks.com>,
 Ambari <dev@ambari.apache.org>
Date: Fri, 12 Feb 2016 00:27:18 -0000
Message-ID: <20160212002718.24150.55855@reviews.apache.org>
Auto-Submitted: auto-generated
Sender: jun aoki <noreply@reviews.apache.org>
References: <20160211011514.24149.49628@reviews.apache.org>
In-Reply-To: <20160211011514.24149.49628@reviews.apache.org>
Reply-To: jun aoki <jun.aoki.dev@gmail.com>

--===============5539579934207757012==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit


> On Feb. 11, 2016, 1:15 a.m., Robert Levas wrote:
> > ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json, lines 5-8
> > <https://reviews.apache.org/r/43465/diff/1/?file=1240075#file1240075line5>
> >
> >     Is this identity used by both the `HAWKMASTER` and `HAWQSTANDBY` components?  If not, this block should be moved into the appropriate component since we want to use it sparingly.  Esentially the `/HDFS/NAMENODE/hdfs` is the _root_ user for HDFS.  So we need to becareful where it gets put.

@robert Levas, thank you for your comment and sharing the knowledge. hdfs identity is indeed used by both HAWQMASTER and HAWQSTANDBY, thus I drop this issue.


> On Feb. 11, 2016, 1:15 a.m., Robert Levas wrote:
> > ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json, line 31
> > <https://reviews.apache.org/r/43465/diff/1/?file=1240075#file1240075line31>
> >
> >     This is an interesting principal name choice.  Why not use a principal name that helps to identify is use.  Like, `hawq@${realm}` or better yet something like `${hawq-env/hawk_user}@${realm}`.

I agree Robert. this should've been hawq/_HOST${realm}. Currently this is a HAWQ limitation (it won't take any other principal name) https://issues.apache.org/jira/browse/HAWQ-406


- jun


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43465/#review118794
-----------------------------------------------------------


On Feb. 11, 2016, 1 a.m., jun aoki wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43465/
> -----------------------------------------------------------
> 
> (Updated Feb. 11, 2016, 1 a.m.)
> 
> 
> Review request for Ambari.
> 
> 
> Bugs: AMBARI-15001
>     https://issues.apache.org/jira/browse/AMBARI-15001
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> This is to add hdfs keytab for hawq nodes.
> Currently HAWQ's service check fails due to data clean up after service check is completed and causes a false negative.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json cc11c15 
> 
> Diff: https://reviews.apache.org/r/43465/diff/
> 
> 
> Testing
> -------
> 
> Locally teted.
> 
> 
> Thanks,
> 
> jun aoki
> 
>


--===============5539579934207757012==--