> I am aware that one can add names to dfs.hosts and run dfsadmin > -refreshNodes, but with Kerberos I have the additional problem that the new > hosts' principals have to be added to hadoop.security.auth_to_local (I do not > have the luxury of an easy albeit secure pattern for host names). Alas, I see > no way of propagating changes there to running demons.
This is how almost all clusters running security add nodes - add to dfs.hosts or yarn-host-file configuration and do a refresh. You don't need patterns for host-names, did you see the support for _HOST in the principle names? You can specify the datanode principle to be say datanodeUser@_HOST@realm, and Hadoop libraries interpret and replace _HOST on each machine with the real host-name. HTH +Vinod -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.