You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/02/25 20:41:06 UTC

Review Request 31422: Local user mapping for hdfs headless principal not set in Kerberos descriptor

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31422/
-----------------------------------------------------------

Review request for Ambari, Emil Anca, Jaimin Jetly, and Yusaku Sako.


Bugs: AMBARI-9786
    https://issues.apache.org/jira/browse/AMBARI-9786


Repository: ambari


Description
-------

The local user mapping for the hdfs headless principal not set in Kerberos descriptor.  It should be set to `hadoop-env/hdfs_user`


Diffs
-----

  ambari-server/src/main/resources/stacks/HDP/2.0.6/kerberos.json 271fffd 

Diff: https://reviews.apache.org/r/31422/diff/


Testing
-------

Manually tested in cluster and found expetected auth-to-local rules generated:

```
RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
DEFAULT
```

See `RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/` and `RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/`


Thanks,

Robert Levas

Re: Review Request 31422: Local user mapping for hdfs headless principal not set in Kerberos descriptor

Posted by Yusaku Sako <yu...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31422/#review74078
-----------------------------------------------------------

Ship it!


Ship It!

- Yusaku Sako


On Feb. 25, 2015, 7:41 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31422/
> -----------------------------------------------------------
> 
> (Updated Feb. 25, 2015, 7:41 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-9786
>     https://issues.apache.org/jira/browse/AMBARI-9786
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The local user mapping for the hdfs headless principal not set in Kerberos descriptor.  It should be set to `hadoop-env/hdfs_user`
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/kerberos.json 271fffd 
> 
> Diff: https://reviews.apache.org/r/31422/diff/
> 
> 
> Testing
> -------
> 
> Manually tested in cluster and found expetected auth-to-local rules generated:
> 
> ```
> RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/
> RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
> DEFAULT
> ```
> 
> See `RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/` and `RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/`
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 31422: Local user mapping for hdfs headless principal not set in Kerberos descriptor

Posted by Vitalyi Brodetskyi <vb...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31422/#review74077
-----------------------------------------------------------

Ship it!


Ship It!

- Vitalyi Brodetskyi


On Feb. 25, 2015, 7:41 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31422/
> -----------------------------------------------------------
> 
> (Updated Feb. 25, 2015, 7:41 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-9786
>     https://issues.apache.org/jira/browse/AMBARI-9786
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The local user mapping for the hdfs headless principal not set in Kerberos descriptor.  It should be set to `hadoop-env/hdfs_user`
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/kerberos.json 271fffd 
> 
> Diff: https://reviews.apache.org/r/31422/diff/
> 
> 
> Testing
> -------
> 
> Manually tested in cluster and found expetected auth-to-local rules generated:
> 
> ```
> RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/
> RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
> DEFAULT
> ```
> 
> See `RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/` and `RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/`
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 31422: Local user mapping for hdfs headless principal not set in Kerberos descriptor

Posted by Robert Levas <rl...@hortonworks.com>.


> On Feb. 25, 2015, 2:44 p.m., Yusaku Sako wrote:
> > How about the HBase headless principal?

That exists in `common-services/HBASE/0.96.0.2.0/kerberos.json`


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31422/#review74070
-----------------------------------------------------------


On Feb. 25, 2015, 2:41 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31422/
> -----------------------------------------------------------
> 
> (Updated Feb. 25, 2015, 2:41 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-9786
>     https://issues.apache.org/jira/browse/AMBARI-9786
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The local user mapping for the hdfs headless principal not set in Kerberos descriptor.  It should be set to `hadoop-env/hdfs_user`
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/kerberos.json 271fffd 
> 
> Diff: https://reviews.apache.org/r/31422/diff/
> 
> 
> Testing
> -------
> 
> Manually tested in cluster and found expetected auth-to-local rules generated:
> 
> ```
> RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/
> RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
> DEFAULT
> ```
> 
> See `RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/` and `RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/`
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 31422: Local user mapping for hdfs headless principal not set in Kerberos descriptor

Posted by Yusaku Sako <yu...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31422/#review74070
-----------------------------------------------------------


How about the HBase headless principal?

- Yusaku Sako


On Feb. 25, 2015, 7:41 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31422/
> -----------------------------------------------------------
> 
> (Updated Feb. 25, 2015, 7:41 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-9786
>     https://issues.apache.org/jira/browse/AMBARI-9786
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The local user mapping for the hdfs headless principal not set in Kerberos descriptor.  It should be set to `hadoop-env/hdfs_user`
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/kerberos.json 271fffd 
> 
> Diff: https://reviews.apache.org/r/31422/diff/
> 
> 
> Testing
> -------
> 
> Manually tested in cluster and found expetected auth-to-local rules generated:
> 
> ```
> RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/
> RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/
> RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/
> DEFAULT
> ```
> 
> See `RULE:[1:$1@$0](hdfs@EXAMPLE.COM)s/.*/hdfs/` and `RULE:[1:$1@$0](ambari-qa@EXAMPLE.COM)s/.*/ambari-qa/`
> 
> 
> Thanks,
> 
> Robert Levas
> 
>