[
https://issues.apache.org/jira/browse/AMBARI-22725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan Hurley updated AMBARI-22725:
-------------------------------------
Description:
Some upgrade tasks, such as configuration tasks, need to leverage the
conditional elements which change the flow of control if the cluster is
Kerberized (or based on other configuration values). For example, today we have
this:
{code:java}
<execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER"
title="Calculating Proxy Properties under kms-site">
<condition xsi:type="security" type="kerberos"/>
<task xsi:type="server_action"
class="org.apache.ambari.server.serveraction.upgrades.RangerKmsProxyConfig"/>
</execute-stage>{code}
Where {{condition}} elements can be added to an {{execute-stage}} or a
{{group}}. However, since {{execute-stage}} may only contain one task, it makes
doing this work on a per-task level impossible. This particularly impacts the
{{processing}} element. We want something like this:
{code:java}
<task xsi:type="configure" id="hdp_2_6_hadoop_rpc_protection">
<condition xsi:type="security" type="kerberos"/>
</task>
{code}
So that {{task}} elements defined in the {{pre-upgrade}} section of
{{processing}} can also be conditionally invoked.
was:
Clients should have the ability to choose encrypted communication over RPC when
talking to core hadoop components. Today, the properties that control this are:
- {{core-site.xml : hadoop.rpc.protection = authentication}}
- {{hdfs-site.xml : dfs.data.transfer.protection = authentication}}
The new value of {{privacy}} enables clients to choose an encrypted means of
communication. By keeping {{authentication}} first, it will be taken as the
default mechanism so that wire encryption is not automatically enabled by
accident.
The following properties should be changed to add {{privacy}}:
- {{core-site.xml : hadoop.rpc.protection = authentication,privacy}}
- {{hdfs-site.xml : dfs.data.transfer.protection = authentication,privacy}}
The following are cases when this needs to be performed:
- During Kerberization, the above two properties should be automatically
reconfigured.
- During a stack upgrade to any version of HDP 2.6, they should be
automatically merged
Blueprint deployment is not a scenario being covered here.
> Expose Conditional Elements For Tasks on Upgrade
> ------------------------------------------------
>
> Key: AMBARI-22725
> URL: https://issues.apache.org/jira/browse/AMBARI-22725
> Project: Ambari
> Issue Type: Task
> Affects Versions: 2.6.2
> Reporter: Jonathan Hurley
> Assignee: Jonathan Hurley
> Priority: Critical
> Fix For: 2.6.2
>
> Attachments: AMBARI-22725.patch
>
>
> Some upgrade tasks, such as configuration tasks, need to leverage the
> conditional elements which change the flow of control if the cluster is
> Kerberized (or based on other configuration values). For example, today we
> have this:
> {code:java}
> <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER"
> title="Calculating Proxy Properties under kms-site">
> <condition xsi:type="security" type="kerberos"/>
> <task xsi:type="server_action"
> class="org.apache.ambari.server.serveraction.upgrades.RangerKmsProxyConfig"/>
> </execute-stage>{code}
>
> Where {{condition}} elements can be added to an {{execute-stage}} or a
> {{group}}. However, since {{execute-stage}} may only contain one task, it
> makes doing this work on a per-task level impossible. This particularly
> impacts the {{processing}} element. We want something like this:
> {code:java}
> <task xsi:type="configure" id="hdp_2_6_hadoop_rpc_protection">
> <condition xsi:type="security" type="kerberos"/>
> </task>
> {code}
>
> So that {{task}} elements defined in the {{pre-upgrade}} section of
> {{processing}} can also be conditionally invoked.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
