You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Andrii Tkach (JIRA)" <ji...@apache.org> on 2013/10/25 18:34:33 UTC
[jira] [Commented] (AMBARI-3592) Reassign Master(secure cluster):
Display principal and keytab path creation as a required manual step.
[ https://issues.apache.org/jira/browse/AMBARI-3592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13805432#comment-13805432 ]
Andrii Tkach commented on AMBARI-3592:
--------------------------------------
+1 for the patch.
> Reassign Master(secure cluster): Display principal and keytab path creation as a required manual step.
> ------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-3592
> URL: https://issues.apache.org/jira/browse/AMBARI-3592
> Project: Ambari
> Issue Type: Task
> Components: client
> Affects Versions: 1.4.2
> Reporter: Aleksandr Kovalenko
> Assignee: Aleksandr Kovalenko
> Fix For: 1.4.2
>
> Attachments: AMBARI-3592.patch
>
>
> If the cluster is detected to be a kerberos secure cluster, we should add an informative message about creating appropriate keytab. There is already a step in the wizard that displays manual steps for HDFS components reassignment. We can add this message over there. For ResourceManager reassignment, we will require a manual step page to display this information.
> Cluster security status can be retrieved from hadoop.security.authentication property in core-site.xml and if value found is kerberos, add appropriate message. Example:
> *For NameNode reassignment:*
> Note:
> # Keytab file <dfs.namenode.keytab.file value> containing principal <dfs.namenode.kerberos.principal value with _HOST substituted with real target host hostname> should exist on <target host hostname>.
> # Keytab file <dfs.web.authentication.kerberos.keytab value> containing principal <dfs.web.authentication.kerberos.principal value with _HOST in the value substituted with real target host hostname > should exist on <target host hostname>
--
This message was sent by Atlassian JIRA
(v6.1#6144)