----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/59520/#review176300 -----------------------------------------------------------
Ship it! Ship It! - Sebastian Toader On May 30, 2017, 3:15 p.m., Attila Magyar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/59520/ > ----------------------------------------------------------- > > (Updated May 30, 2017, 3:15 p.m.) > > > Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Nate Cole, > Robert Levas, and Sebastian Toader. > > > Bugs: AMBARI-20877 > https://issues.apache.org/jira/browse/AMBARI-20877 > > > Repository: ambari > > > Description > ------- > > HDP 2.6 stack introduced settings for ACLs on the Yarn Resource Manager HA > state store. In `yarn-site/yarn.resourcemanager.zk-acl` the ACL user is set > to `rm`. > If this user name does not match the primary component of the Yarn RM > Kerberos principal in `yarn-site/yarn.resourcemanager.principal`, then Yarn > is unable to access the state store and RM will stop immediately after start. > During the Kerberos wizard there needs to be a check to see if these settings > are out of sync. Or, the zk-acl setting needs to somehow reference the > principal and extract the primary root through a variable. > > > Diffs > ----- > > ambari-server/docs/security/kerberos/kerberos_descriptor.md 54af50f > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > 6a403c6 > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java > a1b9e5c > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java > b9e2841 > > ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json > ae4db4f > ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json > ae4db4f > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > e654c72 > > ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java > a63da61 > > ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelperTest.java > f00f694 > > > Diff: https://reviews.apache.org/r/59520/diff/4/ > > > Testing > ------- > > - Create a cluster with yarn, hdfs > - enabled kerberos using custom principal names > - checked custom principal names in hadoop.registry.system.accounts and > yarn.resourcemanager.zk-acl properties in yarn config > > > Tests: PENDING > > > Thanks, > > Attila Magyar > >
