You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Martin Bukatovic (JIRA)" <ji...@apache.org> on 2015/03/06 22:09:38 UTC
[jira] [Created] (AMBARI-9966) On GlusterFS stack, Enable Security
Wizard doesn't actually enable secure mode
Martin Bukatovic created AMBARI-9966:
----------------------------------------
Summary: On GlusterFS stack, Enable Security Wizard doesn't actually enable secure mode
Key: AMBARI-9966
URL: https://issues.apache.org/jira/browse/AMBARI-9966
Project: Ambari
Issue Type: Bug
Components: stacks
Affects Versions: 1.6.1
Environment: HDP 2.1 on RHEL 6 with 2.1.GlusterFS stack
package: ambari-server-1.6.1-98.noarch
Reporter: Martin Bukatovic
When I try to enable Hadoop Secure Mode via Ambari "Enable Security Wizard" on
GlusterFS stack, the properties which controls security are not changed.
Moreover Ambari reports that Secure mode is enabled and didn't notice
the problem.
h3. Actual results
There are no {{hadoop.security}} properties defined anywhere:
{noformat}
# grep hadoop.security /etc/hadoop/conf/*.xml
#
{noformat}
This means that the security mode hasn't been actually enabled.
Note that keytab definitons are configured fine, see eg.:
{noformat}
# grep keytab /etc/hadoop/conf/*.xml
/etc/hadoop/conf/mapred-site.xml: <name>mapreduce.jobhistory.webapp.spnego-keytab-file</name>
/etc/hadoop/conf/mapred-site.xml: <value>/etc/security/keytabs/spnego.service.keytab</value>
/etc/hadoop/conf/mapred-site.xml: <name>mapreduce.jobhistory.keytab.file</name>
/etc/hadoop/conf/mapred-site.xml: <value>/etc/security/keytabs/jhs.service.keytab</value>
/etc/hadoop/conf/mapred-site.xml: <name>mapreduce.jobhistory.keytab</name>
/etc/hadoop/conf/mapred-site.xml: <value>/etc/security/keytabs/jhs.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml: <name>yarn.nodemanager.webapp.spnego-keytab-file</name>
/etc/hadoop/conf/yarn-site.xml: <value>/etc/security/keytabs/spnego.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml: <name>yarn.nodemanager.keytab</name>
/etc/hadoop/conf/yarn-site.xml: <value>/etc/security/keytabs/nm.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml: <name>yarn.resourcemanager.webapp.spnego-keytab-file</name>
/etc/hadoop/conf/yarn-site.xml: <value>/etc/security/keytabs/spnego.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml: <name>yarn.resourcemanager.keytab</name>
/etc/hadoop/conf/yarn-site.xml: <value>/etc/security/keytabs/rm.service.keytab</value>
{noformat}
h3. Expected results
Following configuration properties can be found in {{core-site}} conf file.
{code:xml}
<property>
<name>hadoop.security.authentication</name>
<value>kerberos</value>
</property>
<property>
<name>hadoop.security.authorization</name>
<value>true</value>
</property>
<property>
<name>hadoop.security.auth_to_local</name>
<value>RULE:[2:$1@$0](rm@.*RHSHADOOPQA.REDHAT.COM)s/.*/yarn/
RULE:[2:$1@$0](nm@.*RHSHADOOPQA.REDHAT.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
RULE:[2:$1@$0](dn@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
RULE:[2:$1@$0](hbase@.*RHSHADOOPQA.REDHAT.COM)s/.*/hbase/
RULE:[2:$1@$0](hbase@.*RHSHADOOPQA.REDHAT.COM)s/.*/hbase/
RULE:[2:$1@$0](oozie@.*RHSHADOOPQA.REDHAT.COM)s/.*/oozie/
RULE:[2:$1@$0](jhs@.*RHSHADOOPQA.REDHAT.COM)s/.*/mapred/
RULE:[2:$1@$0](jn/_HOST@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
RULE:[2:$1@$0](falcon@.*RHSHADOOPQA.REDHAT.COM)s/.*/falcon/
DEFAULT</value>
</property>
{code}
Expected configuration is based on result of "Enable Security Wizard" for
normal HDFS stack.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)