You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Yusaku Sako (JIRA)" <ji...@apache.org> on 2015/09/26 00:32:04 UTC
[jira] [Updated] (AMBARI-9966) On GlusterFS stack, Enable Security
Wizard doesn't actually enable secure mode
[ https://issues.apache.org/jira/browse/AMBARI-9966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yusaku Sako updated AMBARI-9966:
--------------------------------
Fix Version/s: (was: 2.1.2)
> On GlusterFS stack, Enable Security Wizard doesn't actually enable secure mode
> ------------------------------------------------------------------------------
>
> Key: AMBARI-9966
> URL: https://issues.apache.org/jira/browse/AMBARI-9966
> Project: Ambari
> Issue Type: Bug
> Components: stacks
> Affects Versions: 1.6.1
> Environment: HDP 2.1 on RHEL 6 with 2.1.GlusterFS stack
> package: ambari-server-1.6.1-98.noarch
> Reporter: Martin Bukatovic
> Assignee: Scott Creeley
> Labels: glusterfs, keberos, secure
>
> When I try to enable Hadoop Secure Mode via Ambari "Enable Security Wizard" on
> GlusterFS stack, the properties which controls security are not changed.
> Moreover Ambari reports that Secure mode is enabled and didn't notice
> the problem.
> h3. Actual results
> There are no {{hadoop.security}} properties defined anywhere:
> {noformat}
> # grep hadoop.security /etc/hadoop/conf/*.xml
> #
> {noformat}
> This means that the security mode hasn't been actually enabled.
> Note that keytab definitons are configured fine, see eg.:
> {noformat}
> # grep keytab /etc/hadoop/conf/*.xml
> /etc/hadoop/conf/mapred-site.xml: <name>mapreduce.jobhistory.webapp.spnego-keytab-file</name>
> /etc/hadoop/conf/mapred-site.xml: <value>/etc/security/keytabs/spnego.service.keytab</value>
> /etc/hadoop/conf/mapred-site.xml: <name>mapreduce.jobhistory.keytab.file</name>
> /etc/hadoop/conf/mapred-site.xml: <value>/etc/security/keytabs/jhs.service.keytab</value>
> /etc/hadoop/conf/mapred-site.xml: <name>mapreduce.jobhistory.keytab</name>
> /etc/hadoop/conf/mapred-site.xml: <value>/etc/security/keytabs/jhs.service.keytab</value>
> /etc/hadoop/conf/yarn-site.xml: <name>yarn.nodemanager.webapp.spnego-keytab-file</name>
> /etc/hadoop/conf/yarn-site.xml: <value>/etc/security/keytabs/spnego.service.keytab</value>
> /etc/hadoop/conf/yarn-site.xml: <name>yarn.nodemanager.keytab</name>
> /etc/hadoop/conf/yarn-site.xml: <value>/etc/security/keytabs/nm.service.keytab</value>
> /etc/hadoop/conf/yarn-site.xml: <name>yarn.resourcemanager.webapp.spnego-keytab-file</name>
> /etc/hadoop/conf/yarn-site.xml: <value>/etc/security/keytabs/spnego.service.keytab</value>
> /etc/hadoop/conf/yarn-site.xml: <name>yarn.resourcemanager.keytab</name>
> /etc/hadoop/conf/yarn-site.xml: <value>/etc/security/keytabs/rm.service.keytab</value>
> {noformat}
> h3. Expected results
> Following configuration properties can be found in {{core-site}} conf file.
> {code:xml}
> <property>
> <name>hadoop.security.authentication</name>
> <value>kerberos</value>
> </property>
> <property>
> <name>hadoop.security.authorization</name>
> <value>true</value>
> </property>
> <property>
> <name>hadoop.security.auth_to_local</name>
> <value>RULE:[2:$1@$0](rm@.*RHSHADOOPQA.REDHAT.COM)s/.*/yarn/
> RULE:[2:$1@$0](nm@.*RHSHADOOPQA.REDHAT.COM)s/.*/yarn/
> RULE:[2:$1@$0](nn@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
> RULE:[2:$1@$0](dn@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
> RULE:[2:$1@$0](hbase@.*RHSHADOOPQA.REDHAT.COM)s/.*/hbase/
> RULE:[2:$1@$0](hbase@.*RHSHADOOPQA.REDHAT.COM)s/.*/hbase/
> RULE:[2:$1@$0](oozie@.*RHSHADOOPQA.REDHAT.COM)s/.*/oozie/
> RULE:[2:$1@$0](jhs@.*RHSHADOOPQA.REDHAT.COM)s/.*/mapred/
> RULE:[2:$1@$0](jn/_HOST@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
> RULE:[2:$1@$0](falcon@.*RHSHADOOPQA.REDHAT.COM)s/.*/falcon/
> DEFAULT</value>
> </property>
> {code}
> Expected configuration is based on result of "Enable Security Wizard" for
> normal HDFS stack.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)