Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@ambari.apache.org
Content-Type: multipart/alternative;
 boundary="===============8079832676151388569=="
MIME-Version: 1.0
Subject: Re: Review Request 22730: Secure cluster: JCE policy files not
 distributed
 on non-client hosts.
From: "Andrew Onischuk" <aonishuk@hortonworks.com>
To: "Nate Cole" <ncole@hortonworks.com>, "Dmytro Sen" <dsen@hortonworks.com>
Cc: "Andrew Onischuk" <aonishuk@hortonworks.com>,
 "Ambari" <dev@ambari.apache.org>
Date: Wed, 25 Jun 2014 16:45:53 -0000
Message-ID: <20140625164553.22603.26437@reviews.apache.org>
Auto-Submitted: auto-generated
Sender: "Andrew Onischuk" <noreply@reviews.apache.org>
References: <20140625163952.22595.51059@reviews.apache.org>
In-Reply-To: <20140625163952.22595.51059@reviews.apache.org>
Reply-To: "Andrew Onischuk" <aonishuk@hortonworks.com>

--===============8079832676151388569==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit


> On June 25, 2014, 4:39 p.m., Nate Cole wrote:
> > ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py, lines 53-58
> > <https://reviews.apache.org/r/22730/diff/4/?file=616603#file616603line53>
> >
> >     This assertion is still required.  You need tests to reflect that JCE requirements are satisfied with before-INSTALL and before-START

it will fail the test, since this thing is done in other hook which is mocked here, and will never be called, so the best would be to create separate test for BEFORE-ANY


- Andrew


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/22730/#review46643
-----------------------------------------------------------


On June 25, 2014, 4:32 p.m., Andrew Onischuk wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/22730/
> -----------------------------------------------------------
> 
> (Updated June 25, 2014, 4:32 p.m.)
> 
> 
> Review request for Ambari, Dmytro Sen and Nate Cole.
> 
> 
> Bugs: AMBARI-6185
>     https://issues.apache.org/jira/browse/AMBARI-6185
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Looks like code to distribute JCE policy is in before-install hooks
> [code](https://git-wip-
> us.apache.org/repos/asf/ambari/repo?p=ambari.git;a=blob;f=ambari-
> server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared
> _initialization.py;h=a1196a8d2c997be37d65760aa3cd5de13e2cc747;hb=HEAD#l210).
> So if no INSTALL task has executed on a host in secure cluster (for agent
> hadoop.security.authentication=kerberos is security enabled) then JCE policy
> will not be distributed and unzipped on that host
> 
> Cluster can easily fall in a situation where a host has no client component.
> Following are example scenarios
> 
>   1. While installing partial set of services with default selection for serviceComponent allocation to hosts in installer wizard
>   2. Adding a new host with slave components but no client components.
> 
> This leads to failure of starting serviceComponent that has no client
> installed with them on a host in secure cluster.
> 
> I discovered this bug while securing a cluster with just HDFS+ZK+STORM
> installed. Security wizard start all services failed with ZK quorum check
> failure. Once I installed HDFS_CLIENT on all hosts and restarted all services
> then all services came up in secure cluster.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-ANY/scripts/hook.py PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-ANY/scripts/params.py PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-ANY/scripts/shared_initialization.py PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-INSTALL/scripts/hook.py 626b199 
>   ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-INSTALL/scripts/shared_initialization.py 3a0bf93 
>   ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-RESTART/scripts/hook.py 05977c3 
>   ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/scripts/hook.py 8ad8c70 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/hook.py PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/params.py PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/hook.py 6904e9d 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-INSTALL/scripts/shared_initialization.py a1196a8 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-RESTART/scripts/hook.py 05977c3 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/scripts/hook.py 703889e 
>   ambari-server/src/test/python/stacks/1.3.2/hooks/before-INSTALL/test_before_install.py 58084d0 
>   ambari-server/src/test/python/stacks/1.3.2/hooks/before-START/test_before_start.py fc906b1 
>   ambari-server/src/test/python/stacks/2.0.6/hooks/before-INSTALL/test_before_install.py 92eed49 
>   ambari-server/src/test/python/stacks/2.0.6/hooks/before-START/test_before_start.py 9274fd5 
> 
> Diff: https://reviews.apache.org/r/22730/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>


--===============8079832676151388569==--