incubator-ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksandr Kovalenko (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-3592) Reassign Master(secure cluster): Display principal and keytab path creation as a required manual step.
Date Fri, 25 Oct 2013 16:32:30 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-3592?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aleksandr Kovalenko updated AMBARI-3592:
----------------------------------------

    Attachment: AMBARI-3592.patch

> Reassign Master(secure cluster): Display principal and keytab path creation as a required
manual step.
> ------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-3592
>                 URL: https://issues.apache.org/jira/browse/AMBARI-3592
>             Project: Ambari
>          Issue Type: Task
>          Components: client
>    Affects Versions: 1.4.2
>            Reporter: Aleksandr Kovalenko
>            Assignee: Aleksandr Kovalenko
>             Fix For: 1.4.2
>
>         Attachments: AMBARI-3592.patch
>
>
> If the cluster is detected to be a kerberos secure cluster, we should add an informative
message about creating appropriate keytab. There is already a step in the wizard that displays
manual steps for HDFS components reassignment. We can add this message over there. For ResourceManager
reassignment, we will require a manual step page to display this information.
> Cluster security status can be retrieved from hadoop.security.authentication property
in core-site.xml and if value found is kerberos, add appropriate message. Example: 
> *For NameNode reassignment:*
>  Note: 
> # Keytab file <dfs.namenode.keytab.file value> containing principal <dfs.namenode.kerberos.principal
value with _HOST substituted with real target host hostname> should exist on <target
host hostname>. 
> # Keytab file <dfs.web.authentication.kerberos.keytab value> containing principal
<dfs.web.authentication.kerberos.principal value with _HOST in the value substituted with
real target host hostname > should exist on <target host hostname>



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message