falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-1916) Allow RM principal to be specified in Cluster entity
Date Thu, 21 Apr 2016 07:24:25 GMT

    [ https://issues.apache.org/jira/browse/FALCON-1916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15251464#comment-15251464

ASF GitHub Bot commented on FALCON-1916:

GitHub user vrangan opened a pull request:


    FALCON-1916: Allow RM principal to be specified in Cluster entity

    When we have clusters setup with individual security domains with  cross realm trusts,
the RM principal needs to be specified explicitly to disambiguate the realm of the resource
manager of the corresponding cluster entities.
    This patch allows RM principal to be set and processed from the cluster properties

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/vrangan/falcon master

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #111
commit bc5a458217b79a56210ac2b10a481c9588dcc407
Author: Venkat Ranganathan <venkat@hortonworks.com>
Date:   2016-03-30T00:57:25Z

    Falcon webUI returns 413 (Full head - Request entity too large) error when TLS is enabled
in a secure cluster with AD integration

commit 5edcc8fd69608c714809756838e01e3a7bb85a31
Author: Venkat Ranganathan <venkat@hortonworks.com>
Date:   2016-04-21T07:11:08Z

    Merge remote-tracking branch 'upstream/master'

commit 157a4f78797934a449d6cea27730abd4fae6a1d1
Author: Venkat Ranganathan <venkat@hortonworks.com>
Date:   2016-04-19T05:16:12Z

    Fix for allowing RM principal to be specified in cluster entity


> Allow RM principal to be specified in Cluster entity 
> -----------------------------------------------------
>                 Key: FALCON-1916
>                 URL: https://issues.apache.org/jira/browse/FALCON-1916
>             Project: Falcon
>          Issue Type: Bug
>          Components: common
>         Environment: secure cluster
>            Reporter: Venkat Ranganathan
>            Assignee: Venkat Ranganathan
>   Original Estimate: 1m
>  Remaining Estimate: 1m
> When we define cluster entities where clusters are in different kerberos realms with
cross-realm trust setup (or the auth to local rules for RM varies in different clusters),
 we need to explicitly define the RM principal (like NN principal) so that the cluster entity
can be validated and used.
> For example, if Falcon server is  in a cluster using REALM A and the RM being accessed
is in REALM B, the Falcon server will try to use the principal for the RM as rm/_HOST@A instead
of rm/_HOST@B which is the valid realm, which can result in exceptions like below
> {quote}
> 2016-04-01 11:01:16,870 WARN - .... POST//entities/submit/cluster ~ Exception encountered
while connecting to the server : (Client:680)
> java.lang.IllegalArgumentException: Server has invalid Kerberos principal: rm/host@realm
> at org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:334)
> {quote}

This message was sent by Atlassian JIRA

View raw message