[
https://issues.apache.org/jira/browse/SLIDER-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15060113#comment-15060113
]
Steve Loughran commented on SLIDER-1027:
----------------------------------------
core is implemented.
Features
# lives in the hadoop security package, needed to reset the renewal time —long
term goal would be HADOOP-12426, moving it into hadoop core
# cranks up some of the JRE diagnostics (and doesn't crank them down
afterwards); these go to stderr
# doesn't actually attempt to connect to any services (RM, RM proxy, HDFS, ZK
...). That couldn't go into a hadoop-core feature
# dumps out the various env vars, sysprops and hadoop options related to
security.
To add
# doesnt have any tests: needs a secure cluster for this. I should add an
integration test.
# the {{--fail}} option is meant to trigger a '41' exit code on auth failures,
but it's not complete
# no network diagnostics (DNS to KDC). This would need parsing of the krb conf
file, or just add a {{--kdc host}} probe
> add a kdiag command for kerberos diagnostics
> --------------------------------------------
>
> Key: SLIDER-1027
> URL: https://issues.apache.org/jira/browse/SLIDER-1027
> Project: Slider
> Issue Type: New Feature
> Components: client
> Affects Versions: Slider 0.90
> Environment: Kerberos
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Fix For: Slider 0.90
>
>
> Trying to debug kerberos problems is painful exercise
> Add a kerberos diagnostics command, `kdiag` to aid this; output to stdout or
> to a named file.
> add other args as appropriate, etg
> * `--required` - fail with exit code if no login
> * `--zookeeper` check zk details
> * `--hdfs` check HDFS
> * `--yarn` check yarn login
> * --keytab + keytab name`: check for accessibility, contents
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
