-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46661/
-----------------------------------------------------------

(Updated May 23, 2016, 9:08 p.m.)


Review request for Ambari, Robert Levas, Sumit Mohanty, and Sid Wagle.


Changes
-------

set hbase.master.ui.readonly to false when kerberos is disabled. Use 
cluster-env to check if kerberos is enabled.


Bugs: AMBARI-16164
    https://issues.apache.org/jira/browse/AMBARI-16164


Repository: ambari


Description
-------

Currently in secure deployment, user can request compaction / splitting through 
hbase master UI.
This potentially exposes vulnerability to various attacks.
There is config parameter, hbase.master.ui.readonly, with default value of 
false.
In secure deployment, Master UI should be put to readonly mode (setting the 
above parameter to true).
Admin can always request compaction / splitting through hbase shell.


Diffs (updated)
-----

  ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
689e1fd 

Diff: https://reviews.apache.org/r/46661/diff/


Testing
-------

Manual testing, sceenshot attached (after kerberizing cluster).


File Attachments
----------------

hbase-site.png
  
https://reviews.apache.org/media/uploaded/files/2016/05/11/75e8d2ae-99a4-4e8d-8a69-52cd974734fb__hbase-site.png


Thanks,

Ajit Kumar

Reply via email to