You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Martin Bukatovic (JIRA)" <ji...@apache.org> on 2015/03/06 22:09:38 UTC

[jira] [Created] (AMBARI-9966) On GlusterFS stack, Enable Security Wizard doesn't actually enable secure mode

Martin Bukatovic created AMBARI-9966:
----------------------------------------

             Summary: On GlusterFS stack, Enable Security Wizard doesn't actually enable secure mode
                 Key: AMBARI-9966
                 URL: https://issues.apache.org/jira/browse/AMBARI-9966
             Project: Ambari
          Issue Type: Bug
          Components: stacks
    Affects Versions: 1.6.1
         Environment: HDP 2.1 on RHEL 6 with 2.1.GlusterFS stack
package: ambari-server-1.6.1-98.noarch
            Reporter: Martin Bukatovic


When I try to enable Hadoop Secure Mode via Ambari "Enable Security Wizard" on
GlusterFS stack, the properties which controls security are not changed.
Moreover Ambari reports that Secure mode is enabled and didn't notice
the problem.

h3. Actual results

There are no {{hadoop.security}} properties defined anywhere:

{noformat}
# grep hadoop.security /etc/hadoop/conf/*.xml
#
{noformat}

This means that the security mode hasn't been actually enabled.

Note that keytab definitons are configured fine, see eg.:

{noformat}
# grep keytab /etc/hadoop/conf/*.xml
/etc/hadoop/conf/mapred-site.xml:      <name>mapreduce.jobhistory.webapp.spnego-keytab-file</name>
/etc/hadoop/conf/mapred-site.xml:      <value>/etc/security/keytabs/spnego.service.keytab</value>
/etc/hadoop/conf/mapred-site.xml:      <name>mapreduce.jobhistory.keytab.file</name>
/etc/hadoop/conf/mapred-site.xml:      <value>/etc/security/keytabs/jhs.service.keytab</value>
/etc/hadoop/conf/mapred-site.xml:      <name>mapreduce.jobhistory.keytab</name>
/etc/hadoop/conf/mapred-site.xml:      <value>/etc/security/keytabs/jhs.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml:      <name>yarn.nodemanager.webapp.spnego-keytab-file</name>
/etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/spnego.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml:      <name>yarn.nodemanager.keytab</name>
/etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/nm.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml:      <name>yarn.resourcemanager.webapp.spnego-keytab-file</name>
/etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/spnego.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml:      <name>yarn.resourcemanager.keytab</name>
/etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/rm.service.keytab</value>
{noformat}

h3. Expected results

Following configuration properties can be found in {{core-site}} conf file.

{code:xml}
<property>
   <name>hadoop.security.authentication</name>
   <value>kerberos</value>
</property>

<property>
  <name>hadoop.security.authorization</name>
  <value>true</value>
</property>

<property>
  <name>hadoop.security.auth_to_local</name>
  <value>RULE:[2:$1@$0](rm@.*RHSHADOOPQA.REDHAT.COM)s/.*/yarn/
RULE:[2:$1@$0](nm@.*RHSHADOOPQA.REDHAT.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
RULE:[2:$1@$0](dn@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
RULE:[2:$1@$0](hbase@.*RHSHADOOPQA.REDHAT.COM)s/.*/hbase/
RULE:[2:$1@$0](hbase@.*RHSHADOOPQA.REDHAT.COM)s/.*/hbase/
RULE:[2:$1@$0](oozie@.*RHSHADOOPQA.REDHAT.COM)s/.*/oozie/
RULE:[2:$1@$0](jhs@.*RHSHADOOPQA.REDHAT.COM)s/.*/mapred/
RULE:[2:$1@$0](jn/_HOST@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
RULE:[2:$1@$0](falcon@.*RHSHADOOPQA.REDHAT.COM)s/.*/falcon/
DEFAULT</value>
</property>
{code}

Expected configuration is based on result of "Enable Security Wizard" for
normal HDFS stack.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)