Sahara

Cluster security improvements

Registered by Sergey Lukjanov on 2013-04-01

Currently, all Hadoop nodes should be accessible using root account and password stored in Savanna configurations.

There several possible improvements:

1. generate new key-pairs for inter-cluster communication, store private key in db to have an ability to access to cluster in feature (to support scaling ops, for example);

2. use specified user key-pair to provide an access to Hadoop for end users (like vms).

Blueprint information

Status:: Complete

Approver:: Sergey Lukjanov

Priority:: Medium

Drafter:: Alexander Kuznetsov

Direction:: Approved

Assignee:: Alexander Kuznetsov

Definition:: Approved

Series goal:: Accepted for 0.2

Implementation:: Implemented

Milestone target:: 0.2a1

Started by: Alexander Kuznetsov on 2013-05-29

Completed by: Alexander Kuznetsov on 2013-06-04

Related branches

Related bugs

Bug #1179815: Hadoop cluster security: user keys	Fix Released
Bug #1179821: Hadoop cluster security: hadoop keys	Fix Released

Sprints

Whiteboard

There are 2 issues created for 0.2a1 milestone to cover this blueprint:

Hadoop cluster security: hadoop keys - https://bugs.launchpad.net/savanna/+bug/1179821
Hadoop cluster security: user keys - https://bugs.launchpad.net/savanna/+bug/1179815

Gerrit topic: https://review.openstack.org/#q,topic:bp/node-placement-control,n,z

Addressed by: https://review.openstack.org/31490
Adding user key to the cluster Each cluster will have a it own private key for passwordless login It is possible to schedule a data nodes on diffirent hosts implements: blueprint node-placement-control and blueprint cluster-security fixed: #1179815 and #1

Gerrit topic: https://review.openstack.org/#q,topic:cluster_security_and_anti_affinity_for_nodes,n,z

Gerrit topic: https://review.openstack.org/#q,topic:bug/1179815,n,z

(?)