[jira] [Comment Edited] (HDFS-12697) Ozone services must stay disabled in secure setup for alpha
[ https://issues.apache.org/jira/browse/HDFS-12697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16222756#comment-16222756 ] Bharat Viswanadham edited comment on HDFS-12697 at 10/27/17 8:43 PM: - [~elek] [~xyao] Thanks for review. Addressed the review comments. Attached patch v03 and also updated the reviewboard. was (Author: bharatviswa): [~elek] [~xyao] Thanks for review. Addressed the review comments. Attached patch v03 . > Ozone services must stay disabled in secure setup for alpha > --- > > Key: HDFS-12697 > URL: https://issues.apache.org/jira/browse/HDFS-12697 > Project: Hadoop HDFS > Issue Type: Sub-task >Reporter: Jitendra Nath Pandey >Assignee: Bharat Viswanadham >Priority: Blocker > Attachments: HDFS-12697-HDFS-7240.01.patch, > HDFS-12697-HDFS-7240.02.patch, HDFS-12697-HDFS-7240.03.patch > > > When security is enabled, ozone services should not start up, even if ozone > configurations are enabled. This is important to ensure a user experimenting > with ozone doesn't inadvertently get exposed to attacks. Specifically, > 1) KSM should not start up. > 2) SCM should not startup. > 3) Datanode's ozone xceiverserver should not startup, and must not listen on > a port. > 4) Datanode's ozone handler port should not be open, and webservice must stay > disabled. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HDFS-12697) Ozone services must stay disabled in secure setup for alpha
[ https://issues.apache.org/jira/browse/HDFS-12697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16222756#comment-16222756 ] Bharat Viswanadham edited comment on HDFS-12697 at 10/27/17 8:31 PM: - [~elek] [~xyao] Thanks for review. Addressed the review comments. Attached patch v03 . was (Author: bharatviswa): [~elek] Thanks for review. Addressed the review comments. Attached patch v03 . > Ozone services must stay disabled in secure setup for alpha > --- > > Key: HDFS-12697 > URL: https://issues.apache.org/jira/browse/HDFS-12697 > Project: Hadoop HDFS > Issue Type: Sub-task >Reporter: Jitendra Nath Pandey >Assignee: Bharat Viswanadham >Priority: Blocker > Attachments: HDFS-12697-HDFS-7240.01.patch, > HDFS-12697-HDFS-7240.02.patch, HDFS-12697-HDFS-7240.03.patch > > > When security is enabled, ozone services should not start up, even if ozone > configurations are enabled. This is important to ensure a user experimenting > with ozone doesn't inadvertently get exposed to attacks. Specifically, > 1) KSM should not start up. > 2) SCM should not startup. > 3) Datanode's ozone xceiverserver should not startup, and must not listen on > a port. > 4) Datanode's ozone handler port should not be open, and webservice must stay > disabled. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HDFS-12697) Ozone services must stay disabled in secure setup for alpha
[
https://issues.apache.org/jira/browse/HDFS-12697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16220475#comment-16220475
]
Elek, Marton edited comment on HDFS-12697 at 10/26/17 2:48 PM:
---
I am not sure it works well.
It will return a security error even if ozone is turned off and not the
security on.
With ozone.enabled !=false, but security is turned off:
{code}
scm_1 | 2017-10-26 14:03:17 ERROR StorageContainerManager:320 - SCM
cannot be started in secure mode
scm_1 | SCM cannot be started in secure mode
{code}
UPDATE: I found the reviewboard and Xiaoyu wrote the same...
was (Author: elek):
I am not sure it works well.
It will return a security error even if ozone is turned off and not the
security on.
With ozone.enabled !=false, but security is turned off:
{code}
scm_1 | 2017-10-26 14:03:17 ERROR StorageContainerManager:320 - SCM
cannot be started in secure mode
scm_1 | SCM cannot be started in secure mode
{code}
> Ozone services must stay disabled in secure setup for alpha
> ---
>
> Key: HDFS-12697
> URL: https://issues.apache.org/jira/browse/HDFS-12697
> Project: Hadoop HDFS
> Issue Type: Sub-task
>Reporter: Jitendra Nath Pandey
>Assignee: Bharat Viswanadham
>Priority: Blocker
> Attachments: HDFS-12697-HDFS-7240.01.patch,
> HDFS-12697-HDFS-7240.02.patch
>
>
> When security is enabled, ozone services should not start up, even if ozone
> configurations are enabled. This is important to ensure a user experimenting
> with ozone doesn't inadvertently get exposed to attacks. Specifically,
> 1) KSM should not start up.
> 2) SCM should not startup.
> 3) Datanode's ozone xceiverserver should not startup, and must not listen on
> a port.
> 4) Datanode's ozone handler port should not be open, and webservice must stay
> disabled.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HDFS-12697) Ozone services must stay disabled in secure setup for alpha
[ https://issues.apache.org/jira/browse/HDFS-12697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16217755#comment-16217755 ] Bharat Viswanadham edited comment on HDFS-12697 at 10/24/17 9:42 PM: - Addressed review comments from [~anu] in the reviewboard. Attached patch v02. was (Author: bharatviswa): Addressed review comments from [~anu] in the reviewboard. > Ozone services must stay disabled in secure setup for alpha > --- > > Key: HDFS-12697 > URL: https://issues.apache.org/jira/browse/HDFS-12697 > Project: Hadoop HDFS > Issue Type: Sub-task >Reporter: Jitendra Nath Pandey >Assignee: Bharat Viswanadham >Priority: Blocker > Attachments: HDFS-12697-HDFS-7240.01.patch, > HDFS-12697-HDFS-7240.02.patch > > > When security is enabled, ozone services should not start up, even if ozone > configurations are enabled. This is important to ensure a user experimenting > with ozone doesn't inadvertently get exposed to attacks. Specifically, > 1) KSM should not start up. > 2) SCM should not startup. > 3) Datanode's ozone xceiverserver should not startup, and must not listen on > a port. > 4) Datanode's ozone handler port should not be open, and webservice must stay > disabled. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
