[
https://issues.apache.org/jira/browse/FALCON-1916?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Balu Vellanki updated FALCON-1916:
----------------------------------
Issue Type: Improvement (was: Bug)
> Allow RM principal to be specified in Cluster entity
> -----------------------------------------------------
>
> Key: FALCON-1916
> URL: https://issues.apache.org/jira/browse/FALCON-1916
> Project: Falcon
> Issue Type: Improvement
> Components: common
> Environment: secure cluster
> Reporter: Venkat Ranganathan
> Assignee: Venkat Ranganathan
> Fix For: trunk, 0.10
>
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> When we define cluster entities where clusters are in different kerberos
> realms with cross-realm trust setup (or the auth to local rules for RM varies
> in different clusters), we need to explicitly define the RM principal (like
> NN principal) so that the cluster entity can be validated and used.
> For example, if Falcon server is in a cluster using REALM A and the RM being
> accessed is in REALM B, the Falcon server will try to use the principal for
> the RM as rm/_HOST@A instead of rm/_HOST@B which is the valid realm, which
> can result in exceptions like below
> {quote}
> 2016-04-01 11:01:16,870 WARN - .... POST//entities/submit/cluster ~ Exception
> encountered while connecting to the server : (Client:680)
> java.lang.IllegalArgumentException: Server has invalid Kerberos principal:
> rm/host@realm
> at
> org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:334)
> {quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
