----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55680/#review162278 -----------------------------------------------------------
Ship it! Ship It! - Sebastian Toader On Jan. 19, 2017, 1:39 p.m., Laszlo Puskas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/55680/ > ----------------------------------------------------------- > > (Updated Jan. 19, 2017, 1:39 p.m.) > > > Review request for Ambari, Attila Magyar, Robert Levas, and Sebastian Toader. > > > Bugs: AMBARI-19613 > https://issues.apache.org/jira/browse/AMBARI-19613 > > > Repository: ambari > > > Description > ------- > > On secure namenode HA clusters the ZKFC component needs to access the > zookeeper securely. > On enabling security appropriate settings are configured to secure this > connection. > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hadoop-env.xml > c2f37c1 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json > f30c9e4 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/utils.py > 3270430 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py > f1891a5 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/templates/hdfs_jaas.conf.j2 > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/params.py > 783f811 > > ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/hadoop-env.xml > 5be2b74 > > ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/hadoop-env.xml > 24e0193 > > ambari-server/src/main/resources/stacks/HDP/2.4/services/HDFS/configuration/hadoop-env.xml > 24e0193 > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json > 9000e95 > > ambari-server/src/main/resources/stacks/HDP/3.0/hooks/before-ANY/scripts/params.py > f70c8e9 > > ambari-server/src/main/resources/stacks/HDP/3.0/services/HDFS/configuration/hadoop-env.xml > e680c1b > > Diff: https://reviews.apache.org/r/55680/diff/ > > > Testing > ------- > > Testing done manually: > > Created an unsecure NN HA cluster > > * checked the configuration entry: ha.zookeeper.acl - doesn't exist > * checked the hadoop-env.sh - doesn't contain the variable export > HADOOP_ZKFC_OPTS > * checked the hdfs_jaas.conf - doesn't exist > * connected to zookeeper, listed znode acls - no limitations set > > Kerberized the NN HA cluster > > * checked the configuration entry: ha.zookeeper.acl - set to sasl:nn:cdrwa > * checked the hadoop-env.sh - contains the variable export HADOOP_ZKFC_OPTS > with proper value, points to the correct jaas file > * checked the hdfs_jaas.conf - OK > * connected to zookeeper, listed znode acls - set as required > (/hadoop-ha/mycluster/ActiveStandbyElectorLock) > > Disabled Kerberos on the NN HA cluster > > * checked the configuration entry: ha.zookeeper.acl - removed > * checked the hadoop-env.sh - doesn't contain the variable export > HADOOP_ZKFC_OPTS > * connected to zookeeper, listed znode acls - set as required > (/hadoop-ha/mycluster/ActiveStandbyElectorLock) > > Unit tests: > Successfully ran on local machine / unrelated test failed though. > > > Thanks, > > Laszlo Puskas > >