Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

fencing methods with passworded ssh

Solved Go to solution

fencing methods with passworded ssh

New Contributor

iam using hadoop apache 2.7.1

after setting high availability in hadoop cluster

the automatic zookeeper fail over controller zkfc will apply fencing method

to fence(stop) one of the two name nodes if it goes down

and dfs.ha.fencing.methods in hdfs-site property handles this method as sshfence

but my question is what about if we have a passworded ssh

can fencing happens or automatic fail over works only with password less ssh ?

is there any way to make sshfencce include password in ssh in configuration?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: fencing methods with passworded ssh

Super Mentor

@oula.alshiekh@gmail.com alshiekh

There are basically two methods which ship with Hadoop: "shell" and "sshfence".

The sshfence option SSHes to the target node and uses fuser to kill the process listening on the service’s TCP port. In order for this fencing option to work, it must be able to SSH to the target node without providing a passphrase.

You can define username though, one must also configure the dfs.ha.fencing.ssh.private-key-files option, which is a comma-separated list of SSH private key files.

However you can define the username/port/timeout of your choice as mentioned below. "sshfence([[username][:port]])"

<property>
       <name>dfs.ha.fencing.methods</name>
       <value>sshfence([[username][:port]])</value>
</property>

[1] Reference: https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithNFS.ht...

.

1 REPLY 1

Re: fencing methods with passworded ssh

Super Mentor

@oula.alshiekh@gmail.com alshiekh

There are basically two methods which ship with Hadoop: "shell" and "sshfence".

The sshfence option SSHes to the target node and uses fuser to kill the process listening on the service’s TCP port. In order for this fencing option to work, it must be able to SSH to the target node without providing a passphrase.

You can define username though, one must also configure the dfs.ha.fencing.ssh.private-key-files option, which is a comma-separated list of SSH private key files.

However you can define the username/port/timeout of your choice as mentioned below. "sshfence([[username][:port]])"

<property>
       <name>dfs.ha.fencing.methods</name>
       <value>sshfence([[username][:port]])</value>
</property>

[1] Reference: https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithNFS.ht...

.