Hello ! I'm using Ranger embedded with HDP 2.3.4.7 (this is Ranger 0.5) I have some kerberized clusters.
On two clusters A1 and A2, I don't have namenode HA. On two other clusters, B1 and B2, I have namenodo HA. My first question concerns the property dfs.datanode.kerberos.principal. I don't have any datanode on the namenode and I don't have any dn principal on the namenode. What is the usage of this property please ? My second question concerns the property dfs.secondary.namenode.kerberos.principal. In this one, I must set the value of the secondary namenode, which is useful only when namenode is not HA. Which value do I need to set here when namenode HA is enabled ? My third question concerns the property dfs.namenode.kerberos.principal. In this property, I saw that ambari wrote the host for one of the namenode. But what will happen if I have two namenodes in HA ? This principal won't potentially have the right value it there is a namenode failover. If the dfs.namenode.kerberos.principal contains the passive namenode, will Ranger check the value of dfs.secondary.namenode.kerberos.principal to see if it found the active namenode ? What Ranger do with these principal properties please ? Best regards. Lune.
