falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Balu Vellanki (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (FALCON-1916) Allow RM principal to be specified in Cluster entity
Date Mon, 06 Jun 2016 20:59:21 GMT

     [ https://issues.apache.org/jira/browse/FALCON-1916?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Balu Vellanki updated FALCON-1916:
----------------------------------
    Fix Version/s: 0.10

> Allow RM principal to be specified in Cluster entity 
> -----------------------------------------------------
>
>                 Key: FALCON-1916
>                 URL: https://issues.apache.org/jira/browse/FALCON-1916
>             Project: Falcon
>          Issue Type: Bug
>          Components: common
>         Environment: secure cluster
>            Reporter: Venkat Ranganathan
>            Assignee: Venkat Ranganathan
>             Fix For: trunk, 0.10
>
>   Original Estimate: 1m
>  Remaining Estimate: 1m
>
> When we define cluster entities where clusters are in different kerberos realms with
cross-realm trust setup (or the auth to local rules for RM varies in different clusters),
 we need to explicitly define the RM principal (like NN principal) so that the cluster entity
can be validated and used.
> For example, if Falcon server is  in a cluster using REALM A and the RM being accessed
is in REALM B, the Falcon server will try to use the principal for the RM as rm/_HOST@A instead
of rm/_HOST@B which is the valid realm, which can result in exceptions like below
> {quote}
> 2016-04-01 11:01:16,870 WARN - .... POST//entities/submit/cluster ~ Exception encountered
while connecting to the server : (Client:680)
> java.lang.IllegalArgumentException: Server has invalid Kerberos principal: rm/host@realm
> at org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:334)
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message