You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@falcon.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/04/21 09:24:25 UTC
[jira] [Commented] (FALCON-1916) Allow RM principal to be specified
in Cluster entity
[ https://issues.apache.org/jira/browse/FALCON-1916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15251464#comment-15251464 ]
ASF GitHub Bot commented on FALCON-1916:
----------------------------------------
GitHub user vrangan opened a pull request:
https://github.com/apache/falcon/pull/111
FALCON-1916: Allow RM principal to be specified in Cluster entity
When we have clusters setup with individual security domains with cross realm trusts, the RM principal needs to be specified explicitly to disambiguate the realm of the resource manager of the corresponding cluster entities.
This patch allows RM principal to be set and processed from the cluster properties
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/vrangan/falcon master
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/falcon/pull/111.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #111
----
commit bc5a458217b79a56210ac2b10a481c9588dcc407
Author: Venkat Ranganathan <ve...@hortonworks.com>
Date: 2016-03-30T00:57:25Z
Falcon webUI returns 413 (Full head - Request entity too large) error when TLS is enabled in a secure cluster with AD integration
commit 5edcc8fd69608c714809756838e01e3a7bb85a31
Author: Venkat Ranganathan <ve...@hortonworks.com>
Date: 2016-04-21T07:11:08Z
Merge remote-tracking branch 'upstream/master'
commit 157a4f78797934a449d6cea27730abd4fae6a1d1
Author: Venkat Ranganathan <ve...@hortonworks.com>
Date: 2016-04-19T05:16:12Z
Fix for allowing RM principal to be specified in cluster entity
----
> Allow RM principal to be specified in Cluster entity
> -----------------------------------------------------
>
> Key: FALCON-1916
> URL: https://issues.apache.org/jira/browse/FALCON-1916
> Project: Falcon
> Issue Type: Bug
> Components: common
> Environment: secure cluster
> Reporter: Venkat Ranganathan
> Assignee: Venkat Ranganathan
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> When we define cluster entities where clusters are in different kerberos realms with cross-realm trust setup (or the auth to local rules for RM varies in different clusters), we need to explicitly define the RM principal (like NN principal) so that the cluster entity can be validated and used.
> For example, if Falcon server is in a cluster using REALM A and the RM being accessed is in REALM B, the Falcon server will try to use the principal for the RM as rm/_HOST@A instead of rm/_HOST@B which is the valid realm, which can result in exceptions like below
> {quote}
> 2016-04-01 11:01:16,870 WARN - .... POST//entities/submit/cluster ~ Exception encountered while connecting to the server : (Client:680)
> java.lang.IllegalArgumentException: Server has invalid Kerberos principal: rm/host@realm
> at org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:334)
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)