Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-7615

Ambari support for DataNode no longer running as root.

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.7.0
    • 1.7.0
    • ambari-server
    • None

    Description

      This feature is new in Champlain.
      This feature is intended for use in secure (Kerberized) clusters. The full steps for configuration are:

      1. Configure in hdfs-site.xml:
        1. Set dfs.data.transfer.protection to authentication, integrity, or privacy. I think authentication makes sense as the default on new installs.
        2. Set dfs.datanode.address to use a non-privileged port, i.e. 0.0.0.0:50010.
        3. Set dfs.datanode.https.address to use a non-privileged port, i.e. 0.0.0.0:50475.
        4. Set dfs.http.policy to HTTPS_ONLY.
      2. Start DataNode as hdfs.

      BTW, running as root using privileged ports is still a fully supported configuration. This should continue to be the default mode. Running as non-root is opt-in only, so all of the above should be optional.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. AMBARI-7126 Run DataNode as hdfs instead of root

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link review board

          Activity

            People

              dmitriusan Dmitry Lysnichenko
              dmitriusan Dmitry Lysnichenko
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: