[GitHub] [bigtop] iwasakims commented on pull request #1083: BIGTOP-3900. Migrate secure DataNode settings from jsvc to SASL.

Fri, 03 Feb 2023 07:25:04 -0800 


iwasakims commented on PR #1083:
URL: https://github.com/apache/bigtop/pull/1083#issuecomment-1416023888

   I tested the patch with following deployment.
   
   ```
   hadoop::hadoop_security_authentication: "kerberos"
   kerberos::krb_site::domain: "bigtop.apache.org"
   kerberos::krb_site::realm: "BIGTOP.APACHE.ORG"
   kerberos::krb_site::kdc_server: "%{hiera('bigtop::hadoop_head_node')}"
   kerberos::krb_site::kdc_port: "88"
   kerberos::krb_site::admin_port: "749"
   kerberos::krb_site::keytab_export_dir: "/var/lib/bigtop_keytabs"
   hadoop::kerberos_realm: "%{hiera('kerberos::krb_site::realm')}"
   hadoop::hadoop_ssl_hostname_verifier: "ALLOW_ALL"
   hadoop::hadoop_http_authentication_type: 
"%{hiera('hadoop::hadoop_security_authentication')}"
   hadoop::hadoop_http_authentication_signature_secret: changeit
   ```
   
   ```
   $ ./docker-hadoop.sh \
          --create 1 \
          --image bigtop/puppet:trunk-rockylinux-8 \
          --memory 16g \
          --repo file:///bigtop-home/output \
          --disable-gpg-check \
          --stack kerberos,hdfs
   ```
   
   HTTPS with Kerberos auth worked as expected:
   
   ```
   # kinit -kt /etc/hdfs.keytab
   # hdfs dfs -ls swebhdfs://$(hostname --fqdn):50475/
   Found 7 items
   drwxr-xr-x   - hdfs  hadoop          0 2023-02-03 15:03 
swebhdfs://13cd26a5ecef.bigtop.apache.org:50475/apps
   drwxrwxrwx   - hdfs  hadoop          0 2023-02-03 15:03 
swebhdfs://13cd26a5ecef.bigtop.apache.org:50475/benchmarks
   drwxr-xr-x   - hbase hbase           0 2023-02-03 15:03 
swebhdfs://13cd26a5ecef.bigtop.apache.org:50475/hbase
   drwxr-xr-x   - solr  solr            0 2023-02-03 15:03 
swebhdfs://13cd26a5ecef.bigtop.apache.org:50475/solr
   drwxrwxrwt   - hdfs  hadoop          0 2023-02-03 15:03 
swebhdfs://13cd26a5ecef.bigtop.apache.org:50475/tmp
   drwxr-xr-x   - hdfs  hadoop          0 2023-02-03 15:03 
swebhdfs://13cd26a5ecef.bigtop.apache.org:50475/user
   drwxr-xr-x   - hdfs  hadoop          0 2023-02-03 15:03 
swebhdfs://13cd26a5ecef.bigtop.apache.org:50475/var
   
   # hdfs dfs -put /bigtop-home/README.md swebhdfs://$(hostname 
--fqdn):50475/tmp/
   # curl -L -k --negotiate -u : "https://$(hostname 
--fqdn):50475/webhdfs/v1/tmp/README.md?op=OPEN"
   [![Travis 
CI](https://img.shields.io/travis/apache/bigtop.svg?branch=master)](https://travis-ci.org/apache/bigtop)
   
   Licensed to the Apache Software Foundation (ASF) under one or more
   ...
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to