IBM Platform Symphony 6.1.1 Fix Patch #228048 Readme File

Description

This fix patch applies only to the following platform:

·         Linux 64-bit

This patch includes bug fixes for Symphony security Kerberos plug-in.

 

Readme file for: IBM® Platform Symphony

Product/Component Release: 6.1.1

Update Name: Fix pack

Fix ID: sym-6.1.1-build228048

Publication date: 17th January 2014

Last modified date: 17th January 2014

 

Contents:

1.      Download location

2.      Products or components affected

3.      System requirements

4.      Installation and configuration

5.    Usage

6.      List of fixes

7.      List of files

8.      Copyright and trademark information

1.   Download location

Search Fix ID in http://www.ibm.com/eserver/support/fixes/

2.   Products or components affected

Product/Component Name, Platform, Fix ID:

Platform Symphony/sec_ego_kerberos.so, PSMR, Linux 64-bit, sym-6.1.1-build228048

3.   System requirements

None

4.   Installation and configuration

4.1         Before installation

1.     Stop the cluster:

Log on to the master host as the cluster administrator and run:

> source $EGO_TOP/cshrc.platform

> soamcontrol app disable all

> egosh service stop all

> sudo egosh ego shutdown all

2.    Back up the following file on all hosts if you want to be able to roll back the change:

$EGO_TOP/1.2.8/linux2.6-glibc2.3-x86_64/lib/sec_ego_kerberos.so

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/CommonHA.sh

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/DataNodeService.sh

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/NameNodeService.sh

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/SecondaryNodeService.sh

 

 

4.2      Installation steps

1.    Copy the shared library and scripts to the following directory on all hosts:

$EGO_TOP/1.2.8/linux2.6-glibc2.3-x86_64/lib/sec_ego_kerberos.so

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/CommonHA.sh

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/DataNodeService.sh

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/NameNodeService.sh

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/SecondaryNodeService.sh

 

4.3          After installation

1.    Start the upgraded cluster

Log on to the master host as the cluster administrator and run:

> source $EGO_TOP/cshrc.platform

> sudo egosh ego start all

> soamcontrol app enable <app_name>

 

4.4          Uninstalling

1.        Stop the cluster

Log on to the master host as the cluster administrator and run:

> source $EGO_TOP/cshrc.platform

> soamcontrol app disable all

> egosh service stop all

> sudo egosh ego shutdown all

2.        Restore the following file on all hosts with the backed-up files:

$EGO_TOP/1.2.8/linux2.6-glibc2.3-x86_64/lib/sec_ego_kerberos.so

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/CommonHA.sh

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/DataNodeService.sh

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/NameNodeService.sh

$SOAM_HOME/mapreduce/6.1.1/linux2.6-glibc2.3-x86_64/etc/SecondaryNodeService.sh

3.        Start the cluster

Log on to the master host as the cluster administrator and run:

> source $EGO_TOP/cshrc.platform

> sudo egosh ego start all

> soamcontrol app enable <app_name>

 

5.  Usage

1)  Enable Kerberos authentication for Symphony cluster.

a. Edit $EGO_CONFDIR/ego.conf and modify the value of parameter EGO_SEC_PLUGIN as follows::

       EGO_SEC_PLUGIN=sec_ego_kerberos

b. Edit $EGO_CONFDIR/sec_ego_kerberos.conf and modify the value of the following parameters:

       REALM: realm, e.g. PLATFORM.COM

       PRINCIPALNAM: Name of the service principal; recommended to be <NameNodeConsumer>/<clustername>

       KEYTAB: Location of the keytab file for the service principal

c. Run kinitto generate a TGT before starting cluster.

 

2)  How to open the debug log for Kerberos.

Edit $EGO_CONFDIR/ego.conf on management hosts and modify the value of parameters EGO_SEC_PLUGIN and EGO_SEC_CONF as follows:

EGO_SEC_PLUGIN=sec_ego_kerberos

EGO_SEC_CONF=/opt/egoshare/kernel/conf,INFO,/opt/egoshare/kernel/log

Specifies settings for EGO_SEC_CONF in this format: <plugin-configuration-directory,plugin-log-level,plugin-log-directory>

plugin-log-level is DEBUG, INFO, WARN, ERROR.

 

6.   List of fixes

 

#224387: Debugability: there is no log information when Kerberos authentication failed

#226444: Kerberos authentication, RS complains "Authentication Failed" when view service package

#226448: Kerberos authentication, ticket not automatically renew

#227199: SD, PERF, PMC errors when Kerberos ticket expired

#228724: PMR service can't start

#228654: vemkd crashes.

#228765: NameNode (NN) service failed to "safe mode" status

#228319: Change log level of some log messages

 

7.   List of files

 

sec_ego_kerberos.so

CommonHA.sh

DataNodeService.sh

NameNodeService.sh

SecondaryNodeService.sh

 

8.       Copyright and trademark information

© Copyright IBM Corporation 2014

U.S.Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.