You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-user@hadoop.apache.org by Rainer Toebbicke <rt...@pclella.cern.ch> on 2013/12/17 12:44:06 UTC
How to add a new node to a secure cluster without namenode/jobtracker restart?
Hello,
How do you add a new datanode to a secure cluster, without restarting the namenode?
In order to prevent identity theft of mapred or hdfs, a secure cluster needs to carefully maintain
auth_to_local in core-site.xml as far as I understand, typically with lines such as
RULE:[2:$1/$2@$0](.*/node@example.com@EXAMPLE.COM)s/^([a-zA-Z]*).*/$1/
where "node" is a member of the cluster.
Now, if a new node appears, you change core-site.xml, but I didn't find anything that makes the namenode refresh what seems like an internal table.
At least "hdfs dfsadmin -refreshXXX" doesn't (XXX = {Nodes,ServiceAcl,UserToGroupsMappings,SuperUserGroupsConfiguration): the namenode continues to claim
"Authorization failed" as it does not map "hdfs/node.example.com@EXAMPLE.COM" to hdfs. Until you restart it.
Same holds for the jobtracker.
Have I missed something?
(This is Hadoop 2.0.0, cdh4.3.0)