-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59520/
-----------------------------------------------------------
Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and
Sebastian Toader.
Bugs: AMBARI-20877
https://issues.apache.org/jira/browse/AMBARI-20877
Repository: ambari
Description
-------
HDP 2.6 stack introduced settings for ACLs on the Yarn Resource Manager HA
state store. In `yarn-site/yarn.resourcemanager.zk-acl` the ACL user is set to
`rm`.
If this user name does not match the primary component of the Yarn RM Kerberos
principal in `yarn-site/yarn.resourcemanager.principal`, then Yarn is unable to
access the state store and RM will stop immediately after start.
During the Kerberos wizard there needs to be a check to see if these settings
are out of sync. Or, the zk-acl setting needs to somehow reference the
principal and extract the primary root through a variable.
Diffs
-----
ambari-agent/src/test/python/resource_management/TestSecurityCommons.py
870ca92
ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
9ceeea7
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
3579fcb
ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
ae4db4f
ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
66194ed
ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
ae4db4f
Diff: https://reviews.apache.org/r/59520/diff/1/
Testing
-------
- Create a cluster with yarn, hdfs
- enabled kerberos using custom principal names
- checked custom principal names in hadoop.registry.system.accounts and
yarn.resourcemanager.zk-acl properties in yarn config
Tests: PENDING
Thanks,
Attila Magyar
