You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ao...@apache.org on 2015/11/16 19:27:08 UTC
[2/2] ambari git commit: AMBARI-13695. Minimize HDFS and other
headless keytab distribution (security concerns) (aonishuk)
AMBARI-13695. Minimize HDFS and other headless keytab distribution (security concerns) (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9f715b3a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9f715b3a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9f715b3a
Branch: refs/heads/branch-2.1
Commit: 9f715b3aaa7d762e2062f465db9c019f15997820
Parents: 6e7108b
Author: Andrew Onishuk <ao...@hortonworks.com>
Authored: Mon Nov 16 20:26:56 2015 +0200
Committer: Andrew Onishuk <ao...@hortonworks.com>
Committed: Mon Nov 16 20:26:56 2015 +0200
----------------------------------------------------------------------
.../ACCUMULO/1.6.1.2.2.0/kerberos.json | 10 ++--
.../FALCON/0.5.0.2.1/kerberos.json | 6 +-
.../HBASE/0.96.0.2.0/kerberos.json | 6 +-
.../HDFS/2.1.0.2.0/kerberos.json | 50 +++++++++-------
.../HIVE/0.12.0.2.0/kerberos.json | 3 +
.../MAHOUT/1.0.0.2.3/kerberos.json | 10 ++--
.../OOZIE/4.0.0.2.0/kerberos.json | 6 +-
.../OOZIE/4.2.0.2.3/kerberos.json | 6 +-
.../PIG/0.12.0.2.0/kerberos.json | 17 ++++++
.../SLIDER/0.60.0.2.2/kerberos.json | 17 ++++++
.../SPARK/1.2.0.2.2/kerberos.json | 10 ++--
.../SPARK/1.4.1.2.3/kerberos.json | 61 ++++++++++++++++++++
.../common-services/TEZ/0.4.0.2.1/kerberos.json | 17 ++++++
.../YARN/2.1.0.2.0/kerberos.json | 9 +--
.../stacks/HDP/2.2/services/YARN/kerberos.json | 9 +--
.../services/ACCUMULO/kerberos.json | 2 +-
.../HDP/2.3/services/ACCUMULO/kerberos.json | 10 ++--
.../stacks/HDP/2.3/services/TEZ/kerberos.json | 5 ++
.../stacks/HDP/2.3/services/YARN/kerberos.json | 9 +--
19 files changed, 195 insertions(+), 68 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
index 9101005..e76f809 100644
--- a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
@@ -47,15 +47,17 @@
}
},
{
- "name": "/HDFS/hdfs"
- },
- {
"name": "/smokeuser"
}
],
"components": [
{
- "name": "ACCUMULO_MASTER"
+ "name": "ACCUMULO_MASTER",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ]
},
{
"name": "ACCUMULO_TSERVER"
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json
index 8d5923a..08af720 100644
--- a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json
@@ -8,9 +8,6 @@
},
{
"name": "/smokeuser"
- },
- {
- "name": "/HDFS/hdfs"
}
],
"configurations": [
@@ -30,6 +27,9 @@
"name": "FALCON_SERVER",
"identities": [
{
+ "name": "/HDFS/NAMENODE/hdfs"
+ },
+ {
"name": "falcon_server",
"principal": {
"value": "falcon/_HOST@${realm}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
index 1de417f..b59f727 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
@@ -7,9 +7,6 @@
"name": "/spnego"
},
{
- "name": "/HDFS/hdfs"
- },
- {
"name": "hbase",
"principal": {
"value": "${hbase-env/hbase_user}-${cluster_name}@${realm}",
@@ -51,6 +48,9 @@
"name": "HBASE_MASTER",
"identities": [
{
+ "name": "/HDFS/NAMENODE/hdfs"
+ },
+ {
"name": "hbase_master_hbase",
"principal": {
"value": "hbase/_HOST@${realm}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
index df83969..c9c738e 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
@@ -14,27 +14,6 @@
},
{
"name": "/smokeuser"
- },
- {
- "name": "hdfs",
- "principal": {
- "value": "${hadoop-env/hdfs_user}-${cluster_name}@${realm}",
- "type" : "user" ,
- "configuration": "hadoop-env/hdfs_principal_name",
- "local_username" : "${hadoop-env/hdfs_user}"
- },
- "keytab": {
- "file": "${keytab_dir}/hdfs.headless.keytab",
- "owner": {
- "name": "${hadoop-env/hdfs_user}",
- "access": "r"
- },
- "group": {
- "name": "${cluster-env/user_group}",
- "access": "r"
- },
- "configuration": "hadoop-env/hdfs_user_keytab"
- }
}
],
"auth_to_local_properties" : [
@@ -51,9 +30,38 @@
],
"components": [
{
+ "name": "HDFS_CLIENT",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ]
+ },
+ {
"name": "NAMENODE",
"identities": [
{
+ "name": "hdfs",
+ "principal": {
+ "value": "${hadoop-env/hdfs_user}-${cluster_name}@${realm}",
+ "type" : "user" ,
+ "configuration": "hadoop-env/hdfs_principal_name",
+ "local_username" : "${hadoop-env/hdfs_user}"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/hdfs.headless.keytab",
+ "owner": {
+ "name": "${hadoop-env/hdfs_user}",
+ "access": "r"
+ },
+ "group": {
+ "name": "${cluster-env/user_group}",
+ "access": "r"
+ },
+ "configuration": "hadoop-env/hdfs_user_keytab"
+ }
+ },
+ {
"name": "namenode_nn",
"principal": {
"value": "nn/_HOST@${realm}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/kerberos.json
index aac1587..872bfac 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/kerberos.json
@@ -60,6 +60,9 @@
"name": "HIVE_SERVER",
"identities": [
{
+ "name": "/HDFS/NAMENODE/hdfs"
+ },
+ {
"name": "hive_server_hive",
"principal": {
"value": "hive/_HOST@${realm}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/MAHOUT/1.0.0.2.3/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/MAHOUT/1.0.0.2.3/kerberos.json b/ambari-server/src/main/resources/common-services/MAHOUT/1.0.0.2.3/kerberos.json
index 91fff4a..1f87a6c 100644
--- a/ambari-server/src/main/resources/common-services/MAHOUT/1.0.0.2.3/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/MAHOUT/1.0.0.2.3/kerberos.json
@@ -5,14 +5,16 @@
"identities": [
{
"name": "/smokeuser"
- },
- {
- "name": "/HDFS/hdfs"
}
],
"components": [
{
- "name": "MAHOUT"
+ "name": "MAHOUT",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ]
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json
index f9ce38b..b3f932b 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json
@@ -8,9 +8,6 @@
},
{
"name": "/smokeuser"
- },
- {
- "name": "/HDFS/hdfs"
}
],
"auth_to_local_properties" : [
@@ -31,6 +28,9 @@
"name": "OOZIE_SERVER",
"identities": [
{
+ "name": "/HDFS/NAMENODE/hdfs"
+ },
+ {
"name": "oozie_server",
"principal": {
"value": "oozie/_HOST@${realm}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/kerberos.json b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/kerberos.json
index 433aca9..d2e2ab8 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/kerberos.json
@@ -8,9 +8,6 @@
},
{
"name": "/smokeuser"
- },
- {
- "name": "/HDFS/hdfs"
}
],
"auth_to_local_properties" : [
@@ -32,6 +29,9 @@
"name": "OOZIE_SERVER",
"identities": [
{
+ "name": "/HDFS/NAMENODE/hdfs"
+ },
+ {
"name": "oozie_server",
"principal": {
"value": "oozie/_HOST@${realm}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/kerberos.json
new file mode 100644
index 0000000..22dd6cb
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/kerberos.json
@@ -0,0 +1,17 @@
+{
+ "services": [
+ {
+ "name": "PIG",
+ "components": [
+ {
+ "name": "PIG",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/SLIDER/0.60.0.2.2/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SLIDER/0.60.0.2.2/kerberos.json b/ambari-server/src/main/resources/common-services/SLIDER/0.60.0.2.2/kerberos.json
new file mode 100644
index 0000000..0ebeb7d
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/SLIDER/0.60.0.2.2/kerberos.json
@@ -0,0 +1,17 @@
+{
+ "services": [
+ {
+ "name": "SLIDER",
+ "components": [
+ {
+ "name": "SLIDER",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json b/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json
index 57a282a..5354f69 100644
--- a/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json
@@ -7,9 +7,6 @@
"name": "/smokeuser"
},
{
- "name": "/HDFS/hdfs"
- },
- {
"name": "sparkuser",
"principal": {
"value": "${spark-env/spark_user}-${cluster_name}@${realm}",
@@ -40,7 +37,12 @@
],
"components": [
{
- "name": "SPARK_JOBHISTORYSERVER"
+ "name": "SPARK_JOBHISTORYSERVER",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ]
},
{
"name": "SPARK_CLIENT"
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/SPARK/1.4.1.2.3/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK/1.4.1.2.3/kerberos.json b/ambari-server/src/main/resources/common-services/SPARK/1.4.1.2.3/kerberos.json
new file mode 100644
index 0000000..3868a62
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/SPARK/1.4.1.2.3/kerberos.json
@@ -0,0 +1,61 @@
+{
+ "services": [
+ {
+ "name": "SPARK",
+ "identities": [
+ {
+ "name": "/smokeuser"
+ },
+ {
+ "name": "sparkuser",
+ "principal": {
+ "value": "${spark-env/spark_user}-${cluster_name}@${realm}",
+ "type" : "user",
+ "configuration": "spark-defaults/spark.history.kerberos.principal",
+ "local_username" : "${spark-env/spark_user}"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/spark.headless.keytab",
+ "owner": {
+ "name": "${spark-env/spark_user}",
+ "access": "r"
+ },
+ "group": {
+ "name": "${cluster-env/user_group}",
+ "access": ""
+ },
+ "configuration": "spark-defaults/spark.history.kerberos.keytab"
+ }
+ }
+ ],
+ "configurations": [
+ {
+ "spark-defaults": {
+ "spark.history.kerberos.enabled": "true"
+ }
+ }
+ ],
+ "components": [
+ {
+ "name": "SPARK_JOBHISTORYSERVER",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ]
+ },
+ {
+ "name": "SPARK_CLIENT"
+ },
+ {
+ "name": "SPARK_THRIFTSERVER",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/TEZ/0.4.0.2.1/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/TEZ/0.4.0.2.1/kerberos.json b/ambari-server/src/main/resources/common-services/TEZ/0.4.0.2.1/kerberos.json
new file mode 100644
index 0000000..65dcd33
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/TEZ/0.4.0.2.1/kerberos.json
@@ -0,0 +1,17 @@
+{
+ "services": [
+ {
+ "name": "TEZ",
+ "components": [
+ {
+ "name": "TEZ_CLIENT",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json
index 15ad5af..ff2f484 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json
@@ -7,9 +7,6 @@
"name": "/spnego"
},
{
- "name": "/HDFS/hdfs"
- },
- {
"name": "/smokeuser"
}
],
@@ -166,9 +163,6 @@
"name": "/spnego"
},
{
- "name": "/HDFS/hdfs"
- },
- {
"name": "/smokeuser"
}
],
@@ -177,6 +171,9 @@
"name": "HISTORYSERVER",
"identities": [
{
+ "name": "/HDFS/NAMENODE/hdfs"
+ },
+ {
"name": "history_server_jhs",
"principal": {
"value": "jhs/_HOST@${realm}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
index b464120..da36a25 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
@@ -7,9 +7,6 @@
"name": "/spnego"
},
{
- "name": "/HDFS/hdfs"
- },
- {
"name": "/smokeuser"
}
],
@@ -166,9 +163,6 @@
"name": "/spnego"
},
{
- "name": "/HDFS/hdfs"
- },
- {
"name": "/smokeuser"
}
],
@@ -177,6 +171,9 @@
"name": "HISTORYSERVER",
"identities": [
{
+ "name": "/HDFS/NAMENODE/hdfs"
+ },
+ {
"name": "history_server_jhs",
"principal": {
"value": "jhs/_HOST@${realm}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/stacks/HDP/2.3.GlusterFS/services/ACCUMULO/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3.GlusterFS/services/ACCUMULO/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.3.GlusterFS/services/ACCUMULO/kerberos.json
index 9089367..d621e05 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3.GlusterFS/services/ACCUMULO/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3.GlusterFS/services/ACCUMULO/kerberos.json
@@ -67,7 +67,7 @@
}
},
{
- "name": "/HDFS/hdfs"
+ "name": "/HDFS/NAMENODE/hdfs"
},
{
"name": "/smokeuser"
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/stacks/HDP/2.3/services/ACCUMULO/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/ACCUMULO/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.3/services/ACCUMULO/kerberos.json
index 1315e84..61fe31e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/ACCUMULO/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/ACCUMULO/kerberos.json
@@ -67,9 +67,6 @@
}
},
{
- "name": "/HDFS/hdfs"
- },
- {
"name": "/smokeuser"
}
],
@@ -93,7 +90,12 @@
],
"components": [
{
- "name": "ACCUMULO_MASTER"
+ "name": "ACCUMULO_MASTER",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ]
},
{
"name": "ACCUMULO_TSERVER"
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/stacks/HDP/2.3/services/TEZ/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/TEZ/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.3/services/TEZ/kerberos.json
index 3662ed8..ee7c7cf 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/TEZ/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/TEZ/kerberos.json
@@ -5,6 +5,11 @@
"components": [
{
"name": "TEZ_CLIENT",
+ "identities": [
+ {
+ "name": "/HDFS/NAMENODE/hdfs"
+ }
+ ],
"configurations": [
{
"tez-site": {
http://git-wip-us.apache.org/repos/asf/ambari/blob/9f715b3a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json
index e70287a..70d12b4 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json
@@ -7,9 +7,6 @@
"name": "/spnego"
},
{
- "name": "/HDFS/hdfs"
- },
- {
"name": "/smokeuser"
}
],
@@ -176,9 +173,6 @@
"name": "/spnego"
},
{
- "name": "/HDFS/hdfs"
- },
- {
"name": "/smokeuser"
}
],
@@ -187,6 +181,9 @@
"name": "HISTORYSERVER",
"identities": [
{
+ "name": "/HDFS/NAMENODE/hdfs"
+ },
+ {
"name": "history_server_jhs",
"principal": {
"value": "jhs/_HOST@${realm}",