Hari Sekhon created AMBARI-8786:
-----------------------------------
Summary: Enable NameNode HA without disabling Kerberos
Key: AMBARI-8786
URL: https://issues.apache.org/jira/browse/AMBARI-8786
Project: Ambari
Issue Type: Improvement
Affects Versions: 1.7.0
Environment: HDP 2.1
Reporter: Hari Sekhon
Need to allow enabling NameNode HA without first having to disable Kerberos.
It's bad practice to disable security for the period of time it takes to enable
NN HA as this could result in data breaches for an existing cluster with data
in it and this process doesn't go down well when working for a bank.
Although ideally NN HA + Kerberos should be implemented up front before having
data in the cluster, at cluster planning time, this may not always be the case
either due to newbie learning curve or lack of the 3 nodes required for quorum
(this was the case for me as I had to migrate nodes in phases for a small
staging cluster).
Must also make sure the additional required Kerberos principals for NN, journal
nodes and any additional ZooKeepers required for quorum are defined with
exportable CSV for automation. See also AMBARI-8610 and AMBARI-8785 which are
related.
Regards,
Hari Sekhon
http://www.linkedin.com/in/harisekhon
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
