Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

fencing methods with passworded ssh

avatar
Rising Star

iam using hadoop apache 2.7.1

after setting high availability in hadoop cluster

the automatic zookeeper fail over controller zkfc will apply fencing method

to fence(stop) one of the two name nodes if it goes down

and dfs.ha.fencing.methods in hdfs-site property handles this method as sshfence

but my question is what about if we have a passworded ssh

can fencing happens or automatic fail over works only with password less ssh ?

is there any way to make sshfencce include password in ssh in configuration?

1 ACCEPTED SOLUTION

avatar
Master Mentor

@oula.alshiekh@gmail.com alshiekh

There are basically two methods which ship with Hadoop: "shell" and "sshfence".

The sshfence option SSHes to the target node and uses fuser to kill the process listening on the service’s TCP port. In order for this fencing option to work, it must be able to SSH to the target node without providing a passphrase.

You can define username though, one must also configure the dfs.ha.fencing.ssh.private-key-files option, which is a comma-separated list of SSH private key files.

However you can define the username/port/timeout of your choice as mentioned below. "sshfence([[username][:port]])"

<property>
       <name>dfs.ha.fencing.methods</name>
       <value>sshfence([[username][:port]])</value>
</property>

[1] Reference: https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithNFS.ht...

.

View solution in original post

1 REPLY 1

avatar
Master Mentor

@oula.alshiekh@gmail.com alshiekh

There are basically two methods which ship with Hadoop: "shell" and "sshfence".

The sshfence option SSHes to the target node and uses fuser to kill the process listening on the service’s TCP port. In order for this fencing option to work, it must be able to SSH to the target node without providing a passphrase.

You can define username though, one must also configure the dfs.ha.fencing.ssh.private-key-files option, which is a comma-separated list of SSH private key files.

However you can define the username/port/timeout of your choice as mentioned below. "sshfence([[username][:port]])"

<property>
       <name>dfs.ha.fencing.methods</name>
       <value>sshfence([[username][:port]])</value>
</property>

[1] Reference: https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithNFS.ht...

.