Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-9966

On GlusterFS stack, Enable Security Wizard doesn't actually enable secure mode

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.6.1
    • None
    • stacks

    • HDP 2.1 on RHEL 6 with 2.1.GlusterFS stack
      package: ambari-server-1.6.1-98.noarch

    Description

      When I try to enable Hadoop Secure Mode via Ambari "Enable Security Wizard" on
      GlusterFS stack, the properties which controls security are not changed.
      Moreover Ambari reports that Secure mode is enabled and didn't notice
      the problem.

      Actual results

      There are no hadoop.security properties defined anywhere:

      # grep hadoop.security /etc/hadoop/conf/*.xml
#

      This means that the security mode hasn't been actually enabled.

      Note that keytab definitons are configured fine, see eg.:

      # grep keytab /etc/hadoop/conf/*.xml
/etc/hadoop/conf/mapred-site.xml:      <name>mapreduce.jobhistory.webapp.spnego-keytab-file</name>
/etc/hadoop/conf/mapred-site.xml:      <value>/etc/security/keytabs/spnego.service.keytab</value>
/etc/hadoop/conf/mapred-site.xml:      <name>mapreduce.jobhistory.keytab.file</name>
/etc/hadoop/conf/mapred-site.xml:      <value>/etc/security/keytabs/jhs.service.keytab</value>
/etc/hadoop/conf/mapred-site.xml:      <name>mapreduce.jobhistory.keytab</name>
/etc/hadoop/conf/mapred-site.xml:      <value>/etc/security/keytabs/jhs.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml:      <name>yarn.nodemanager.webapp.spnego-keytab-file</name>
/etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/spnego.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml:      <name>yarn.nodemanager.keytab</name>
/etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/nm.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml:      <name>yarn.resourcemanager.webapp.spnego-keytab-file</name>
/etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/spnego.service.keytab</value>
/etc/hadoop/conf/yarn-site.xml:      <name>yarn.resourcemanager.keytab</name>
/etc/hadoop/conf/yarn-site.xml:      <value>/etc/security/keytabs/rm.service.keytab</value>

      Expected results

      Following configuration properties can be found in core-site conf file.

      <property>
   <name>hadoop.security.authentication</name>
   <value>kerberos</value>
</property>

<property>
  <name>hadoop.security.authorization</name>
  <value>true</value>
</property>

<property>
  <name>hadoop.security.auth_to_local</name>
  <value>RULE:[2:$1@$0](rm@.*RHSHADOOPQA.REDHAT.COM)s/.*/yarn/
RULE:[2:$1@$0](nm@.*RHSHADOOPQA.REDHAT.COM)s/.*/yarn/
RULE:[2:$1@$0](nn@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
RULE:[2:$1@$0](dn@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
RULE:[2:$1@$0](hbase@.*RHSHADOOPQA.REDHAT.COM)s/.*/hbase/
RULE:[2:$1@$0](hbase@.*RHSHADOOPQA.REDHAT.COM)s/.*/hbase/
RULE:[2:$1@$0](oozie@.*RHSHADOOPQA.REDHAT.COM)s/.*/oozie/
RULE:[2:$1@$0](jhs@.*RHSHADOOPQA.REDHAT.COM)s/.*/mapred/
RULE:[2:$1@$0](jn/_HOST@.*RHSHADOOPQA.REDHAT.COM)s/.*/hdfs/
RULE:[2:$1@$0](falcon@.*RHSHADOOPQA.REDHAT.COM)s/.*/falcon/
DEFAULT</value>
</property>

      Expected configuration is based on result of "Enable Security Wizard" for
      normal HDFS stack.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. AMBARI-8043 Remove nonrequired attributes for Kerberos when using non-HDFS storage type

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            People

              screeley Scott Creeley
              mbukatov Martin Bukatovic
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: