[jira] [Comment Edited] (HDFS-12697) Ozone services must stay disabled in secure setup for alpha
[ https://issues.apache.org/jira/browse/HDFS-12697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16222756#comment-16222756 ] Bharat Viswanadham edited comment on HDFS-12697 at 10/27/17 8:43 PM: - [~elek] [~xyao] Thanks for review. Addressed the review comments. Attached patch v03 and also updated the reviewboard. was (Author: bharatviswa): [~elek] [~xyao] Thanks for review. Addressed the review comments. Attached patch v03 . > Ozone services must stay disabled in secure setup for alpha > --- > > Key: HDFS-12697 > URL: https://issues.apache.org/jira/browse/HDFS-12697 > Project: Hadoop HDFS > Issue Type: Sub-task >Reporter: Jitendra Nath Pandey >Assignee: Bharat Viswanadham >Priority: Blocker > Attachments: HDFS-12697-HDFS-7240.01.patch, > HDFS-12697-HDFS-7240.02.patch, HDFS-12697-HDFS-7240.03.patch > > > When security is enabled, ozone services should not start up, even if ozone > configurations are enabled. This is important to ensure a user experimenting > with ozone doesn't inadvertently get exposed to attacks. Specifically, > 1) KSM should not start up. > 2) SCM should not startup. > 3) Datanode's ozone xceiverserver should not startup, and must not listen on > a port. > 4) Datanode's ozone handler port should not be open, and webservice must stay > disabled. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HDFS-12697) Ozone services must stay disabled in secure setup for alpha
[ https://issues.apache.org/jira/browse/HDFS-12697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16222756#comment-16222756 ] Bharat Viswanadham edited comment on HDFS-12697 at 10/27/17 8:31 PM: - [~elek] [~xyao] Thanks for review. Addressed the review comments. Attached patch v03 . was (Author: bharatviswa): [~elek] Thanks for review. Addressed the review comments. Attached patch v03 . > Ozone services must stay disabled in secure setup for alpha > --- > > Key: HDFS-12697 > URL: https://issues.apache.org/jira/browse/HDFS-12697 > Project: Hadoop HDFS > Issue Type: Sub-task >Reporter: Jitendra Nath Pandey >Assignee: Bharat Viswanadham >Priority: Blocker > Attachments: HDFS-12697-HDFS-7240.01.patch, > HDFS-12697-HDFS-7240.02.patch, HDFS-12697-HDFS-7240.03.patch > > > When security is enabled, ozone services should not start up, even if ozone > configurations are enabled. This is important to ensure a user experimenting > with ozone doesn't inadvertently get exposed to attacks. Specifically, > 1) KSM should not start up. > 2) SCM should not startup. > 3) Datanode's ozone xceiverserver should not startup, and must not listen on > a port. > 4) Datanode's ozone handler port should not be open, and webservice must stay > disabled. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HDFS-12697) Ozone services must stay disabled in secure setup for alpha
[ https://issues.apache.org/jira/browse/HDFS-12697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16220475#comment-16220475 ] Elek, Marton edited comment on HDFS-12697 at 10/26/17 2:48 PM: --- I am not sure it works well. It will return a security error even if ozone is turned off and not the security on. With ozone.enabled !=false, but security is turned off: {code} scm_1 | 2017-10-26 14:03:17 ERROR StorageContainerManager:320 - SCM cannot be started in secure mode scm_1 | SCM cannot be started in secure mode {code} UPDATE: I found the reviewboard and Xiaoyu wrote the same... was (Author: elek): I am not sure it works well. It will return a security error even if ozone is turned off and not the security on. With ozone.enabled !=false, but security is turned off: {code} scm_1 | 2017-10-26 14:03:17 ERROR StorageContainerManager:320 - SCM cannot be started in secure mode scm_1 | SCM cannot be started in secure mode {code} > Ozone services must stay disabled in secure setup for alpha > --- > > Key: HDFS-12697 > URL: https://issues.apache.org/jira/browse/HDFS-12697 > Project: Hadoop HDFS > Issue Type: Sub-task >Reporter: Jitendra Nath Pandey >Assignee: Bharat Viswanadham >Priority: Blocker > Attachments: HDFS-12697-HDFS-7240.01.patch, > HDFS-12697-HDFS-7240.02.patch > > > When security is enabled, ozone services should not start up, even if ozone > configurations are enabled. This is important to ensure a user experimenting > with ozone doesn't inadvertently get exposed to attacks. Specifically, > 1) KSM should not start up. > 2) SCM should not startup. > 3) Datanode's ozone xceiverserver should not startup, and must not listen on > a port. > 4) Datanode's ozone handler port should not be open, and webservice must stay > disabled. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HDFS-12697) Ozone services must stay disabled in secure setup for alpha
[ https://issues.apache.org/jira/browse/HDFS-12697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16217755#comment-16217755 ] Bharat Viswanadham edited comment on HDFS-12697 at 10/24/17 9:42 PM: - Addressed review comments from [~anu] in the reviewboard. Attached patch v02. was (Author: bharatviswa): Addressed review comments from [~anu] in the reviewboard. > Ozone services must stay disabled in secure setup for alpha > --- > > Key: HDFS-12697 > URL: https://issues.apache.org/jira/browse/HDFS-12697 > Project: Hadoop HDFS > Issue Type: Sub-task >Reporter: Jitendra Nath Pandey >Assignee: Bharat Viswanadham >Priority: Blocker > Attachments: HDFS-12697-HDFS-7240.01.patch, > HDFS-12697-HDFS-7240.02.patch > > > When security is enabled, ozone services should not start up, even if ozone > configurations are enabled. This is important to ensure a user experimenting > with ozone doesn't inadvertently get exposed to attacks. Specifically, > 1) KSM should not start up. > 2) SCM should not startup. > 3) Datanode's ozone xceiverserver should not startup, and must not listen on > a port. > 4) Datanode's ozone handler port should not be open, and webservice must stay > disabled. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org