IBM Platform Symphony
Description
This fix patch applies only to the following platform:
· Linux 64-bit
This patch includes bug fixes for Symphony security Kerberos plug-in.
Readme file for: IBM® Platform Symphony
Product/Component
Release:
Update Name: Fix pack
Fix ID: sym-
Publication date: 17th January 2014
Last modified date: 17th January 2014
Contents:
1. Download location
2. Products or components affected
3. System requirements
4. Installation and configuration
5. Usage
6. List of fixes
7. List of files
8. Copyright and trademark information
1. Download location
Search Fix ID in http://www.ibm.com/eserver/support/fixes/
2. Products or components affected
Product/Component Name, Platform, Fix ID:
Platform Symphony/sec_ego_kerberos.so, PSMR, Linux 64-bit, sym-6.1.1-build228048
3. System requirements
None
4. Installation and configuration
4.1 Before installation
1. Stop the cluster:
Log on to the master host as the cluster administrator and run:
> source $EGO_TOP/cshrc.platform
> soamcontrol app disable all
> egosh service stop all
> sudo egosh ego shutdown all
2. Back up the following file on all hosts if you want to be able to roll back the change:
$EGO_TOP/
$SOAM_HOME/mapreduce/
$SOAM_HOME/mapreduce/
$SOAM_HOME/mapreduce/
$SOAM_HOME/mapreduce/
4.2 Installation steps
1. Copy the shared library and scripts to the following directory on all hosts:
$EGO_TOP/
$SOAM_HOME/mapreduce/
$SOAM_HOME/mapreduce/
$SOAM_HOME/mapreduce/
$SOAM_HOME/mapreduce/
4.3 After installation
1. Start the upgraded cluster
Log on to the master host as the cluster administrator and run:
> source $EGO_TOP/cshrc.platform
> sudo egosh ego start all
> soamcontrol app enable <app_name>
4.4 Uninstalling
1. Stop the cluster
Log on to the master host as the cluster administrator and run:
> source $EGO_TOP/cshrc.platform
> soamcontrol app disable all
> egosh service stop all
> sudo egosh ego shutdown all
2. Restore the following file on all hosts with the backed-up files:
$EGO_TOP/
$SOAM_HOME/mapreduce/
$SOAM_HOME/mapreduce/
$SOAM_HOME/mapreduce/
$SOAM_HOME/mapreduce/
3. Start the cluster
Log on to the master host as the cluster administrator and run:
> source $EGO_TOP/cshrc.platform
> sudo egosh ego start all
> soamcontrol app enable <app_name>
5. Usage
1) Enable Kerberos authentication for Symphony cluster.
a. Edit $EGO_CONFDIR/ego.conf and modify the value of parameter EGO_SEC_PLUGIN as follows::
EGO_SEC_PLUGIN=sec_ego_kerberos
b. Edit $EGO_CONFDIR/sec_ego_kerberos.conf and modify the value of the following parameters:
REALM: realm, e.g. PLATFORM.COM
PRINCIPALNAM: Name of the service principal; recommended to be <NameNodeConsumer>/<clustername>
KEYTAB: Location of the keytab file for the service principal
c. Run “kinit” to generate a TGT before starting cluster.
2) How to open the debug log for Kerberos.
Edit $EGO_CONFDIR/ego.conf on management hosts and modify the value of parameters EGO_SEC_PLUGIN and EGO_SEC_CONF as follows:
EGO_SEC_PLUGIN=sec_ego_kerberos
EGO_SEC_CONF=/opt/egoshare/kernel/conf,INFO,/opt/egoshare/kernel/log
Specifies settings for EGO_SEC_CONF in this format: <plugin-configuration-directory,plugin-log-level,plugin-log-directory>
plugin-log-level is DEBUG, INFO, WARN, ERROR.
6. List of fixes
#224387: Debugability: there is no log information when Kerberos authentication failed
#226444: Kerberos authentication, RS complains "Authentication Failed" when view service package
#226448: Kerberos authentication, ticket not automatically renew
#227199:
SD, PERF, PMC errors when Kerberos ticket expired
#228724:
PMR service can't start
#228654:
vemkd crashes.
#228765:
NameNode (NN) service failed to "safe mode"
status
#228319:
Change log level of some log messages
7. List of files
sec_ego_kerberos.so
CommonHA.sh
DataNodeService.sh
NameNodeService.sh
SecondaryNodeService.sh
8. Copyright and trademark information
© Copyright IBM Corporation 2014
U.S.Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.