[jira] [Comment Edited] (HDFS-12697) Ozone services must stay disabled in secure setup for alpha

Thu, 26 Oct 2017 07:50:01 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-12697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16220475#comment-16220475
 ] 

Elek, Marton edited comment on HDFS-12697 at 10/26/17 2:48 PM:
---------------------------------------------------------------

I am not sure it works well. 

It will return a security error even if ozone is turned off and not the 
security on.

With ozone.enabled !=false, but security is turned off:

{code}
scm_1       | 2017-10-26 14:03:17 ERROR StorageContainerManager:320 - SCM 
cannot be started in secure mode
scm_1       | SCM cannot be started in secure mode
{code}

UPDATE: I found the reviewboard and Xiaoyu wrote the same...


was (Author: elek):
I am not sure it works well. 

It will return a security error even if ozone is turned off and not the 
security on.

With ozone.enabled !=false, but security is turned off:

{code}
scm_1       | 2017-10-26 14:03:17 ERROR StorageContainerManager:320 - SCM 
cannot be started in secure mode
scm_1       | SCM cannot be started in secure mode
{code}


> Ozone services must stay disabled in secure setup for alpha
> -----------------------------------------------------------
>
>                 Key: HDFS-12697
>                 URL: https://issues.apache.org/jira/browse/HDFS-12697
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>            Reporter: Jitendra Nath Pandey
>            Assignee: Bharat Viswanadham
>            Priority: Blocker
>         Attachments: HDFS-12697-HDFS-7240.01.patch, 
> HDFS-12697-HDFS-7240.02.patch
>
>
> When security is enabled, ozone services should not start up, even if ozone 
> configurations are enabled. This is important to ensure a user experimenting 
> with ozone doesn't inadvertently get exposed to attacks. Specifically,
> 1) KSM should not start up.
> 2) SCM should not startup.
> 3) Datanode's ozone xceiverserver should not startup, and must not listen on 
> a port.
> 4) Datanode's ozone handler port should not be open, and webservice must stay 
> disabled.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to