Re: Review Request 59520: Custom RM principal causes zookeeper HA state store to be inaccessible

Wed, 24 May 2017 09:30:54 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59520/#review175949
-----------------------------------------------------------


Ship it!




Ship It!

- Alejandro Fernandez


On May 24, 2017, 9:32 a.m., Attila Magyar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59520/
> -----------------------------------------------------------
> 
> (Updated May 24, 2017, 9:32 a.m.)
> 
> 
> Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, 
> and Sebastian Toader.
> 
> 
> Bugs: AMBARI-20877
>     https://issues.apache.org/jira/browse/AMBARI-20877
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> HDP 2.6 stack introduced settings for ACLs on the Yarn Resource Manager HA 
> state store. In `yarn-site/yarn.resourcemanager.zk-acl` the ACL user is set 
> to `rm`.
> If this user name does not match the primary component of the Yarn RM 
> Kerberos principal in `yarn-site/yarn.resourcemanager.principal`, then Yarn 
> is unable to access the state store and RM will stop immediately after start.
> During the Kerberos wizard there needs to be a check to see if these settings 
> are out of sync. Or, the zk-acl setting needs to somehow reference the 
> principal and extract the primary root through a variable.
> 
> 
> Diffs
> -----
> 
>   ambari-agent/src/test/python/resource_management/TestSecurityCommons.py 
> 870ca92 
>   
> ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
>  9ceeea7 
>   
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
>  3579fcb 
>   
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json 
> ae4db4f 
>   
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
>  66194ed 
>   ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json 
> ae4db4f 
> 
> 
> Diff: https://reviews.apache.org/r/59520/diff/1/
> 
> 
> Testing
> -------
> 
> - Create a cluster with yarn, hdfs
> - enabled kerberos using custom principal names
> - checked custom principal names in hadoop.registry.system.accounts and 
> yarn.resourcemanager.zk-acl properties in yarn config
> 
> 
> Tests: PENDING
> 
> 
> Thanks,
> 
> Attila Magyar
> 
>

Reply via email to