Ray Burgemeestre created HADOOP-14212:
-----------------------------------------
Summary: Expose SecurityEnabled boolean field in JMX for other
services besides NameNode
Key: HADOOP-14212
URL: https://issues.apache.org/jira/browse/HADOOP-14212
Project: Hadoop Common
Issue Type: Improvement
Reporter: Ray Burgemeestre
Priority: Minor
The following commit
https://github.com/apache/hadoop/commit/dc17bda4b677e30c02c2a9a053895a43e41f7a12
introduced a "SecurityEnabled" field in the JMX output for the NameNode. I
believe it would be nice to add this same change to the JMX output of other
services: Secondary Namenode, ResourceManager, NodeManagers, DataNodes, etc. So
that it can be queried whether Security is enabled in all JMX resources.
The reason I am suggesting this feature / improvement is that I think it would
provide a clean way to check whether your cluster is completely Kerberized or
not. I don't think there is an easy/clean way to do this now, other than
checking the logs, checking ports etc.?
The file where the change was made is
hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
has the following function now:
{code:java}
@Override // NameNodeStatusMXBean
public boolean isSecurityEnabled() {
return UserGroupInformation.isSecurityEnabled();
}
{code}
I would be happy to develop a patch if it seems useful by others as well?
This is a snippet from the JMX output from the NameNode in case security is not
enabled:
{code}
{
"name" : "Hadoop:service=NameNode,name=NameNodeStatus",
"modelerType" : "org.apache.hadoop.hdfs.server.namenode.NameNode",
"NNRole" : "NameNode",
"HostAndPort" : "node001.cm.cluster:8020",
"SecurityEnabled" : false,
"LastHATransitionTime" : 0,
"State" : "standby"
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
