[
https://issues.apache.org/jira/browse/HADOOP-16454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17061264#comment-17061264
]
Wei-Chiu Chuang commented on HADOOP-16454:
------------------------------------------
Hi [~aajisaka] any updates on this jira?
We recently had a user hitting this issue, and the below instruction made it
work:
Under HDFS -> Configuration -> Role HTTPFS -> HttpFS Advanced Configuration
Snippet (Safety Valve) for httpfs-site.xml
For example in the Sandbox environment, Add the following properties:
Under HDFS -> Configuration -> Role HTTPFS -> HttpFS Advanced Configuration
Snippet (Safety Valve) for httpfs-site.xml
For example in the Sandbox environment, Add the following properties:
# description
[ property => value ]
# description: enable zookeeper token manager
httpfs.authentication.zk-dt-secret-manager.enable => true
# description: zookeeper servers
httpfs.authentication.zk-dt-secret-manager.zkConnectionString =
master-jgmq2s2.hadoop.ams5.tools:2181,master-jgqq2s2.hadoop.ams5.tools:2181,master-jgvn2s2.hadoop.ams5.tools:2181
# description: authType, either sasl, or none
httpfs.authentication.zk-dt-secret-manager.zkAuthType = sasl
# description: the kerberos principal of the load balancer
httpfs.authentication.zk-dt-secret-manager.kerberos.principal = <LB-Principal>
# description: the httpfs keytab
httpfs.authentication.zk-dt-secret-manager.kerberos.keytab = <HttpFs.keytab>
After making above changes, a restart would be require to make changes come
into effect.
> Document how to share delegation tokens between multiple HttpFS servers
> -----------------------------------------------------------------------
>
> Key: HADOOP-16454
> URL: https://issues.apache.org/jira/browse/HADOOP-16454
> Project: Hadoop Common
> Issue Type: Improvement
> Components: documentation, httpfs
> Environment: Kerberized, clients connect to multiple HttpFS servers
> via load balancer
> Reporter: Akira Ajisaka
> Assignee: Akira Ajisaka
> Priority: Minor
>
> In our environment, multiple HttpFS servers are deployed for the clients
> outside the HDFS cluster. As we are using external load balancer service for
> the HttpFS servers, the following situation may happen:
> 1. A client authenticates with a HttpFS server and gets a delegation token.
> Using the delegation token, the client can access to the NameNode.
> 2. In the next session, the client authenticates with another HttpFS server
> (via load balancer) using the same delegation token. The client fails to
> access because the other HttpFS server does not have the information of the
> delegation token.
> This issue is to document how to fix this situation.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
