You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@falcon.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/04/21 09:24:25 UTC

[jira] [Commented] (FALCON-1916) Allow RM principal to be specified in Cluster entity

    [ https://issues.apache.org/jira/browse/FALCON-1916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15251464#comment-15251464 ] 

ASF GitHub Bot commented on FALCON-1916:
----------------------------------------

GitHub user vrangan opened a pull request:

    https://github.com/apache/falcon/pull/111

    FALCON-1916: Allow RM principal to be specified in Cluster entity

    When we have clusters setup with individual security domains with  cross realm trusts, the RM principal needs to be specified explicitly to disambiguate the realm of the resource manager of the corresponding cluster entities.
    
    This patch allows RM principal to be set and processed from the cluster properties

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/vrangan/falcon master

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/falcon/pull/111.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #111
    
----
commit bc5a458217b79a56210ac2b10a481c9588dcc407
Author: Venkat Ranganathan <ve...@hortonworks.com>
Date:   2016-03-30T00:57:25Z

    Falcon webUI returns 413 (Full head - Request entity too large) error when TLS is enabled in a secure cluster with AD integration

commit 5edcc8fd69608c714809756838e01e3a7bb85a31
Author: Venkat Ranganathan <ve...@hortonworks.com>
Date:   2016-04-21T07:11:08Z

    Merge remote-tracking branch 'upstream/master'

commit 157a4f78797934a449d6cea27730abd4fae6a1d1
Author: Venkat Ranganathan <ve...@hortonworks.com>
Date:   2016-04-19T05:16:12Z

    Fix for allowing RM principal to be specified in cluster entity

----


> Allow RM principal to be specified in Cluster entity 
> -----------------------------------------------------
>
>                 Key: FALCON-1916
>                 URL: https://issues.apache.org/jira/browse/FALCON-1916
>             Project: Falcon
>          Issue Type: Bug
>          Components: common
>         Environment: secure cluster
>            Reporter: Venkat Ranganathan
>            Assignee: Venkat Ranganathan
>   Original Estimate: 1m
>  Remaining Estimate: 1m
>
> When we define cluster entities where clusters are in different kerberos realms with cross-realm trust setup (or the auth to local rules for RM varies in different clusters),  we need to explicitly define the RM principal (like NN principal) so that the cluster entity can be validated and used.
> For example, if Falcon server is  in a cluster using REALM A and the RM being accessed is in REALM B, the Falcon server will try to use the principal for the RM as rm/_HOST@A instead of rm/_HOST@B which is the valid realm, which can result in exceptions like below
> {quote}
> 2016-04-01 11:01:16,870 WARN - .... POST//entities/submit/cluster ~ Exception encountered while connecting to the server : (Client:680)
> java.lang.IllegalArgumentException: Server has invalid Kerberos principal: rm/host@realm
> at org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:334)
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)