----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55680/ -----------------------------------------------------------
Review request for Ambari, Attila Magyar, Robert Levas, and Sebastian Toader. Bugs: AMBARI-19613 https://issues.apache.org/jira/browse/AMBARI-19613 Repository: ambari Description ------- On secure namenode HA clusters the ZKFC component needs to access the zookeeper securely. On enabling security appropriate settings are configured to secure this connection. Diffs ----- ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hadoop-env.xml c2f37c1 ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json f30c9e4 ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py 3270430 ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py f1891a5 ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/templates/hdfs_jaas.conf.j2 PRE-CREATION ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/params.py 783f811 ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/hadoop-env.xml 5be2b74 ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/hadoop-env.xml 24e0193 ambari-server/src/main/resources/stacks/HDP/2.4/services/HDFS/configuration/hadoop-env.xml 24e0193 ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json 9000e95 Diff: https://reviews.apache.org/r/55680/diff/ Testing ------- Testing done manually: 1. Created an unsecure NN HA cluster * checked the configuration entry: ha.zookeeper.acl - doesn't exist * checked the hadoop-env.sh - doesn't contain the variable export HADOOP_ZKFC_OPTS * checked the hdfs_jaas.conf - doesn't exist * connected to zookeeper, listed znode acls - no limitations set 2. Kerberized the NN HA cluster * checked the configuration entry: ha.zookeeper.acl - set to sasl:nn:cdrwa * checked the hadoop-env.sh - contains the variable export HADOOP_ZKFC_OPTS with proper value, points to the correct jaas file * checked the hdfs_jaas.conf - OK 3. Disabled Kerberos on the NN HA cluster * checked the configuration entry: ha.zookeeper.acl - removed * checked the hadoop-env.sh - doesn't contain the variable export HADOOP_ZKFC_OPTS Unit tests running. Thanks, Laszlo Puskas