hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-12532) DN Reg can Fail when principal doesn't contain hostname and floatingIP is configured.
Date Wed, 25 Oct 2017 16:37:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-12532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16219017#comment-16219017
] 

Daryn Sharp commented on HDFS-12532:
------------------------------------

I see.  You want to sacrifice security for convenience: using a single principal and keytab
for all nodes instead of unique principals for the nodes.  If yes, I hope your customer specifically
requested this insecure setup, or has been informed this misuse of kerberos will seriously
degrade security.

While I do not condone this setup, you should be able to append the junk service host "hadoop"
 to the line in /etc/hosts corresponding to the interface you want to use.  Or make the DN
listen on 0.0.0.0.

> DN Reg can Fail when principal doesn't contain hostname and floatingIP is configured.
> -------------------------------------------------------------------------------------
>
>                 Key: HDFS-12532
>                 URL: https://issues.apache.org/jira/browse/HDFS-12532
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Brahma Reddy Battula
>            Assignee: Brahma Reddy Battula
>         Attachments: HDFS-12532.patch
>
>
> Configure principal without hostname (i.e hdfs/hadoop@HADOOP.com)
> Configure floatingIP
> Start Cluster.
> Here DN will fail to register as it can take IP which is not in "/etc/hosts".



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message