Hello, How do you add a new datanode to a secure cluster, without restarting the namenode?
In order to prevent identity theft of mapred or hdfs, a secure cluster needs to carefully maintain auth_to_local in core-site.xml as far as I understand, typically with lines such as RULE:[2:$1/$2@$0](.*/[email protected]@EXAMPLE.COM)s/^([a-zA-Z]*).*/$1/ where "node" is a member of the cluster. Now, if a new node appears, you change core-site.xml, but I didn't find anything that makes the namenode refresh what seems like an internal table. At least "hdfs dfsadmin -refreshXXX" doesn't (XXX = {Nodes,ServiceAcl,UserToGroupsMappings,SuperUserGroupsConfiguration): the namenode continues to claim "Authorization failed" as it does not map "hdfs/[email protected]" to hdfs. Until you restart it. Same holds for the jobtracker. Have I missed something? (This is Hadoop 2.0.0, cdh4.3.0)
