From common-issues-return-154777-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org Fri Jul 13 14:01:04 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 3BEEF180626 for ; Fri, 13 Jul 2018 14:01:04 +0200 (CEST) Received: (qmail 69138 invoked by uid 500); 13 Jul 2018 12:01:03 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 69098 invoked by uid 99); 13 Jul 2018 12:01:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jul 2018 12:01:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id ABB3F180812 for ; Fri, 13 Jul 2018 12:01:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -109.501 X-Spam-Level: X-Spam-Status: No, score=-109.501 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_ASCII_DIVIDERS=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 2zFeDGUG4cNs for ; Fri, 13 Jul 2018 12:01:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 3B2585F4E5 for ; Fri, 13 Jul 2018 12:01:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 826C6E0CD2 for ; Fri, 13 Jul 2018 12:01:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 3574121EE2 for ; Fri, 13 Jul 2018 12:01:00 +0000 (UTC) Date: Fri, 13 Jul 2018 12:01:00 +0000 (UTC) From: "Adam Antal (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-14212) Expose SecurityEnabled boolean field in JMX for other services besides NameNode MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-14212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16542954#comment-16542954 ] Adam Antal commented on HADOOP-14212: ------------------------------------- Thanks you Steve, hope its all good. > Expose SecurityEnabled boolean field in JMX for other services besides NameNode > ------------------------------------------------------------------------------- > > Key: HADOOP-14212 > URL: https://issues.apache.org/jira/browse/HADOOP-14212 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Ray Burgemeestre > Assignee: Adam Antal > Priority: Minor > Labels: newbie, security > Attachments: HADOOP-14212.001.patch, HADOOP-14212.002.patch, HADOOP-14212.003.patch, HADOOP-14212.004.patch, HADOOP-14212.005.patch > > > The following commit https://github.com/apache/hadoop/commit/dc17bda4b677e30c02c2a9a053895a43e41f7a12 introduced a "SecurityEnabled" field in the JMX output for the NameNode. I believe it would be nice to add this same change to the JMX output of other services: Secondary Namenode, ResourceManager, NodeManagers, DataNodes, etc. So that it can be queried whether Security is enabled in all JMX resources. > The reason I am suggesting this feature / improvement is that I think it would provide a clean way to check whether your cluster is completely Kerberized or not. I don't think there is an easy/clean way to do this now, other than checking the logs, checking ports etc.? > The file where the change was made is hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java has the following function now: > {code:java} > @Override // NameNodeStatusMXBean > public boolean isSecurityEnabled() { > return UserGroupInformation.isSecurityEnabled(); > } > {code} > I would be happy to develop a patch if it seems useful by others as well? > This is a snippet from the JMX output from the NameNode in case security is not enabled: > {code} > { > "name" : "Hadoop:service=NameNode,name=NameNodeStatus", > "modelerType" : "org.apache.hadoop.hdfs.server.namenode.NameNode", > "NNRole" : "NameNode", > "HostAndPort" : "node001.cm.cluster:8020", > "SecurityEnabled" : false, > "LastHATransitionTime" : 0, > "State" : "standby" > } > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org