Details
-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: CDH 5.5.0
-
Fix Version/s: None
-
Component/s: Cloudera Manager
-
Labels:None
-
Environment:Ubuntu 14.04 x64
Description
hdfs dfsadmin has the ability to refresh the superuser proxy mappings without having to restart all of HDFS via the -refreshSuperUserGroupsConfiguration flag.
However, when I try to use this feature, it doesn't seem to work on CDH clusters.
The procedure I expected to work was:
1. Update proxy config in CDH UI
2. Push client configuration out
3. Run refresh command on namenode host: sudo -u hdfs hdfs dfsadmin -refreshSuperUserGroupsConfiguration
However, the updated configs are not recognized until a full HDFS restart. It looks like the new configs are staged under /var/run/cloudera-scm-agent/process/ccdeploy_<service> but the refresh command doesn't recognize them.
What seems to work is for me to modify the running configs under the current version of the process in /var/run/cloudera-scm-agent/process/<service> and then run refresh.
It seems like a bug that a feature put in place to allow for config refreshes requires a full service restart when running under CDH.
Some other notes about our environment:
-we currently do not use kerberos auth, only simple auth
-we're making use of the impersonation feature with httpfs
-we're putting a fixed list of groups for impersonation for some security controls