falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-1916) Allow RM principal to be specified in Cluster entity
Date Thu, 21 Apr 2016 23:51:12 GMT

    [ https://issues.apache.org/jira/browse/FALCON-1916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15253026#comment-15253026

ASF GitHub Bot commented on FALCON-1916:

Github user asfgit closed the pull request at:


> Allow RM principal to be specified in Cluster entity 
> -----------------------------------------------------
>                 Key: FALCON-1916
>                 URL: https://issues.apache.org/jira/browse/FALCON-1916
>             Project: Falcon
>          Issue Type: Bug
>          Components: common
>         Environment: secure cluster
>            Reporter: Venkat Ranganathan
>            Assignee: Venkat Ranganathan
>             Fix For: trunk
>   Original Estimate: 1m
>  Remaining Estimate: 1m
> When we define cluster entities where clusters are in different kerberos realms with
cross-realm trust setup (or the auth to local rules for RM varies in different clusters),
 we need to explicitly define the RM principal (like NN principal) so that the cluster entity
can be validated and used.
> For example, if Falcon server is  in a cluster using REALM A and the RM being accessed
is in REALM B, the Falcon server will try to use the principal for the RM as rm/_HOST@A instead
of rm/_HOST@B which is the valid realm, which can result in exceptions like below
> {quote}
> 2016-04-01 11:01:16,870 WARN - .... POST//entities/submit/cluster ~ Exception encountered
while connecting to the server : (Client:680)
> java.lang.IllegalArgumentException: Server has invalid Kerberos principal: rm/host@realm
> at org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:334)
> {quote}

This message was sent by Atlassian JIRA

View raw message