-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35729/
-----------------------------------------------------------
Review request for Ambari, Jaimin Jetly and Robert Levas.
Bugs: AMBARI-12065
https://issues.apache.org/jira/browse/AMBARI-12065
Repository: ambari
Description
-------
Steps to reproduce:
* Install cluster with no HA
* Set the following core-site.xml properties and restart affected services.
||Property||Value||
|hadoop.http.authentication.simple.anonymous.allowed|false|
|hadoop.http.authentication.signature.secret.file|/etc/security/http_secret|
|hadoop.http.authentication.type|kerberos|
|hadoop.http.authentication.kerberos.keytab|/etc/security/keytabs/spnego.service.keytab|
|hadoop.http.authentication.kerberos.principal|HTTP/[email protected]|
|hadoop.http.filter.initializers|org.apache.hadoop.security.AuthenticationFilterInitializer|
|hadoop.http.authentication.cookie.domain|hortonworks.local|
* Tell Ambari to authenticate itself {{ambari-server setup-security}} Option 3
* Validate that UI's require authentication
* Enable NN HA
* Try looking at core-site.xml for all configuration properties and you'll
notice they've been reverted to defaults
**Problem**: The kerberos descriptor updated the core-site props as part of the
Kerberos descriptor
**Solution**: Removed SPNEGO related props from the HDFS Kerberos descriptor
Diffs
-----
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
f19e391
Diff: https://reviews.apache.org/r/35729/diff/
Testing
-------
Unit Tests *in progress*
Installed HDFS cluster, kerbenized, enabled HA, monitored core-site props not
getting updated.
Relied on the metrics system to report any web interface access issues, none
were reported.
Thanks,
Emil Anca
