This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new ce7237c [AMBARI-22981] Updating Hadoop RPC Encryption Properties
During Upgrade (#546)
ce7237c is described below
commit ce7237cc4a2f1dd78b929c83a6db5ef62018bd84
Author: smolnar82 <[email protected]>
AuthorDate: Wed Mar 7 17:20:03 2018 +0100
[AMBARI-22981] Updating Hadoop RPC Encryption Properties During Upgrade
(#546)
* AMBARI-22981. Updating Hadoop RPC Encryption Properties During Upgrade
* AMBARI-22981. Removed unnecessary security_enabled check
---
.../resources/stacks/HDP/2.6/upgrades/config-upgrade.xml | 12 ++++--------
.../stacks/HDP/2.6/upgrades/nonrolling-upgrade-3.0.xml | 5 ++---
ambari-web/app/data/configs/wizards/secure_mapping.js | 16 ++++++++++++++++
3 files changed, 22 insertions(+), 11 deletions(-)
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml
b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml
index 4608673..1ce0455 100644
---
a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml
+++
b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml
@@ -53,18 +53,14 @@
</component>
<component name="DATANODE">
<changes>
- <definition xsi:type="configure"
id="hdfs_set_data_transfer_protection"
- summary="Enables SASL for authentication of data
transfer protocol">
+ <definition xsi:type="configure"
id="hdfs_set_data_transfer_protection" summary="Enables SASL for authentication
of data transfer protocol">
<type>hdfs-site</type>
- <set key="dfs.data.transfer.protection"
value="authentication,privacy" if-type="hdfs-site"
- if-key="dfs.http.policy" if-value="HTTPS_ONLY"/>
+ <set key="dfs.data.transfer.protection"
value="authentication,privacy" />
</definition>
- <definition xsi:type="configure"
id="hdfs_set_hadoop_rpc_protection_on_kerberized_cluster"
- summary="Encrypting the data transfered between hadoop
services and clients">
+ <definition xsi:type="configure"
id="hdfs_set_hadoop_rpc_protection_on_kerberized_cluster" summary="Encrypting
the data transfered between hadoop services and clients">
<type>core-site</type>
- <set key="hadoop.rpc.protection" value="authentication,privacy"
if-type="cluster-env"
- if-key="security_enabled" if-value="true"/>
+ <set key="hadoop.rpc.protection" value="authentication,privacy" />
</definition>
</changes>
</component>
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-3.0.xml
b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-3.0.xml
index a842f40..3e6b7bd 100644
---
a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-3.0.xml
+++
b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-3.0.xml
@@ -295,14 +295,13 @@
<!--HDFS-->
<execute-stage service="HDFS" component="DATANODE"
title="Enables SASL for authentication of data
transfer protocol">
- <condition xsi:type="config" type="hdfs-site"
property="dfs.http.policy" value="HTTPS_ONLY"
- comparison="equals"/>
+ <condition xsi:type="security" type="kerberos" />
<task xsi:type="configure"
id="hdfs_set_data_transfer_protection"/>
</execute-stage>
<execute-stage service="HDFS" component="DATANODE"
title="Encrypting the data transfered between
hadoop services and clients">
- <condition xsi:type="security" type="kerberos"/>
+ <condition xsi:type="security" type="kerberos" />
<task xsi:type="configure"
id="hdfs_set_hadoop_rpc_protection_on_kerberized_cluster"/>
</execute-stage>
diff --git a/ambari-web/app/data/configs/wizards/secure_mapping.js
b/ambari-web/app/data/configs/wizards/secure_mapping.js
index 2d24628..fcc981a 100644
--- a/ambari-web/app/data/configs/wizards/secure_mapping.js
+++ b/ambari-web/app/data/configs/wizards/secure_mapping.js
@@ -39,6 +39,14 @@ var props = [
"serviceName": "HDFS"
},
{
+ "name": "hadoop.rpc.protection",
+ "templateName": [],
+ "foreignKey": null,
+ "value": "authentication,privacy",
+ "filename": "core-site.xml",
+ "serviceName": "HDFS"
+ },
+ {
"name": "hadoop.security.auth_to_local",
"templateName": ["resourcemanager_primary_name", "kerberos_domain",
"yarn_user", "nodemanager_primary_name", "namenode_primary_name", "hdfs_user",
"datanode_primary_name", "hbase_master_primary_name",
"hbase_user","hbase_regionserver_primary_name","oozie_primary_name","oozie_user","jobhistory_primary_name","mapred_user","journalnode_principal_name","falcon_primary_name","falcon_user"],
"foreignKey": null,
@@ -170,6 +178,14 @@ var props = [
"serviceName": "HDFS"
},
{
+ "name": "dfs.data.transfer.protection",
+ "templateName": [],
+ "foreignKey": null,
+ "value": "authentication,privacy",
+ "filename": "hdfs-site.xml",
+ "serviceName": "HDFS"
+ },
+ {
"name": "mapreduce.jobhistory.principal",
"templateName": ["jobhistory_principal_name", "kerberos_domain"],
"foreignKey": null,
--
To stop receiving notification emails like this one, please contact
[email protected].
