[GitHub] [hadoop] anuengineer commented on a change in pull request #1511: HDDS-2162. Make Kerberos related configuration support HA style config.

Thu, 26 Sep 2019 19:07:07 -0700 

anuengineer commented on a change in pull request #1511: HDDS-2162. Make 
Kerberos related configuration support HA style config.
URL: https://github.com/apache/hadoop/pull/1511#discussion_r328889881
 
 

 ##########
 File path: 
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerConfiguration.java
 ##########
 @@ -119,10 +119,13 @@ public void testDefaultPortIfNotSpecified() throws 
Exception {
     String omNode1Id = "omNode1";
     String omNode2Id = "omNode2";
     String omNodesKeyValue = omNode1Id + "," + omNode2Id;
-    conf.set(OMConfigKeys.OZONE_OM_NODES_KEY, omNodesKeyValue);
+    String serviceID = "service1";
+    conf.set(OMConfigKeys.OZONE_OM_SERVICE_IDS_KEY, serviceID);
+    conf.set(OMConfigKeys.OZONE_OM_NODES_KEY + "." + serviceID,
+        omNodesKeyValue);
 
-    String omNode1RpcAddrKey = getOMAddrKeyWithSuffix(null, omNode1Id);
-    String omNode2RpcAddrKey = getOMAddrKeyWithSuffix(null, omNode2Id);
+    String omNode1RpcAddrKey = getOMAddrKeyWithSuffix(serviceID, omNode1Id);
+    String omNode2RpcAddrKey = getOMAddrKeyWithSuffix(serviceID, omNode2Id);
 
 
 Review comment:
   > Not got your last part what is proposed.
   
   
https://docs.microsoft.com/en-us/windows/win32/ad/name-formats-for-unique-spns
   
   OzoneManager/host1.example.com/CN=hrdb,OU=mktg,DC=example,DC=com
   OzoneManager/host2.example.com/CN=hrdb,OU=mktg,DC=example,DC=com
   OzoneManager/host3.example.com/CN=hrdb,OU=mktg,DC=example,DC=com
   
   This is all we need, is what I am trying to say. 
   > Suppose the user wants to use different keytab file location/principal 
name it will also help in this situation.
   
   Why would you want separate identities to communicate to the same service ? 
Can you give me an example of why this would be needed ? More over, why support 
that identity via naming tricks in Ozone instead of creating an new SPN in 
Kerberos Domain?
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to