Venkat Ranganathan created FALCON-1916:
------------------------------------------
Summary: Allow RM principal to be specified in Cluster entity
Key: FALCON-1916
URL: https://issues.apache.org/jira/browse/FALCON-1916
Project: Falcon
Issue Type: Bug
Components: common
Environment: secure cluster
Reporter: Venkat Ranganathan
Assignee: Venkat Ranganathan
When we define cluster entities where clusters are in different kerberos realms
with cross-realm trust setup (or the auth to local rules for RM varies in
different clusters), we need to explicitly define the RM principal (like NN
principal) so that the cluster entity can be validated and used.
For example, if Falcon server is in a cluster using REALM A and the RM being
accessed is in REALM B, the Falcon server will try to use the principal for the
RM as rm/_HOST@A instead of rm/_HOST@B which is the valid realm, which can
result in exceptions like below
{quote}
2016-04-01 11:01:16,870 WARN - .... POST//entities/submit/cluster ~ Exception
encountered while connecting to the server : (Client:680)
java.lang.IllegalArgumentException: Server has invalid Kerberos principal:
rm/host@realm
at
org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:334)
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
