> On May 20, 2016, 5:26 a.m., Sumit Mohanty wrote:
> > ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json,
> >  line 81
> > <https://reviews.apache.org/r/47634/diff/1/?file=1388826#file1388826line81>
> >
> >     -1. This change is conflicting to AMBARI-13695 where we minimized 
> > distributing HDFS headless keytabs. Why should HBase need HDFS headless 
> > keytabs? Should the region server not use their own keytabs?

Sumit, we need the keytab to create the HDFS directory for storing Ranger Audit 
entries.

Now, for HDP > 2.5, we can put the logic in Ranger Admin, since with this 
version Ranger takes part in kerberos. (Using kerberos.json)
But for HDP < 2.5, we have only this way of doing it.


- Gautam


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47634/#review134102
-----------------------------------------------------------


On May 20, 2016, 4:49 a.m., Gautam Borad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47634/
> -----------------------------------------------------------
> 
> (Updated May 20, 2016, 4:49 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Robert Levas, Sumit Mohanty, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: AMBARI-16788
>     https://issues.apache.org/jira/browse/AMBARI-16788
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Currently HDFS keytab is not distributed to HBASE RegionServer node. In such 
> case Region Server restart will fail, since it wont find the keytab.
> The keytab is required to create HDFS dir to store audit logs to.
> 
> Added the keytab in kerberos.json file.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
>  c9536f8 
> 
> Diff: https://reviews.apache.org/r/47634/diff/
> 
> 
> Testing
> -------
> 
> Tested on 3 node cluster and ensured that the keytab is available on 
> RegionServer node.
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>

Reply via email to