> On Jan. 18, 2017, 10:57 a.m., Attila Magyar wrote: > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/templates/hdfs_jaas.conf.j2, > > line 24 > > <https://reviews.apache.org/r/55680/diff/1/?file=1607730#file1607730line24> > > > > is this path always the same?
That path should not be hard-coded. It could change. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55680/#review162123 ----------------------------------------------------------- On Jan. 18, 2017, 10:58 a.m., Laszlo Puskas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/55680/ > ----------------------------------------------------------- > > (Updated Jan. 18, 2017, 10:58 a.m.) > > > Review request for Ambari, Attila Magyar, Robert Levas, and Sebastian Toader. > > > Bugs: AMBARI-19613 > https://issues.apache.org/jira/browse/AMBARI-19613 > > > Repository: ambari > > > Description > ------- > > On secure namenode HA clusters the ZKFC component needs to access the > zookeeper securely. > On enabling security appropriate settings are configured to secure this > connection. > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hadoop-env.xml > c2f37c1 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json > f30c9e4 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py > 3270430 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py > f1891a5 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/templates/hdfs_jaas.conf.j2 > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/params.py > 783f811 > > ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/hadoop-env.xml > 5be2b74 > > ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/hadoop-env.xml > 24e0193 > > ambari-server/src/main/resources/stacks/HDP/2.4/services/HDFS/configuration/hadoop-env.xml > 24e0193 > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json > 9000e95 > > Diff: https://reviews.apache.org/r/55680/diff/ > > > Testing > ------- > > Testing done manually: > > Created an unsecure NN HA cluster > > * checked the configuration entry: ha.zookeeper.acl - doesn't exist > * checked the hadoop-env.sh - doesn't contain the variable export > HADOOP_ZKFC_OPTS > * checked the hdfs_jaas.conf - doesn't exist > * connected to zookeeper, listed znode acls - no limitations set > > Kerberized the NN HA cluster > > * checked the configuration entry: ha.zookeeper.acl - set to sasl:nn:cdrwa > * checked the hadoop-env.sh - contains the variable export HADOOP_ZKFC_OPTS > with proper value, points to the correct jaas file > * checked the hdfs_jaas.conf - OK > > Disabled Kerberos on the NN HA cluster > > * checked the configuration entry: ha.zookeeper.acl - removed > * checked the hadoop-env.sh - doesn't contain the variable export > HADOOP_ZKFC_OPTS > > Unit tests running. > > > Thanks, > > Laszlo Puskas > >
