ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yusaku Sako" <yus...@hortonworks.com>
Subject Re: Review Request 27064: Add Knox kerberos setup to the existing Ambari security capabilities
Date Thu, 23 Oct 2014 20:17:36 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27064/#review58084
-----------------------------------------------------------

Ship it!


Ship It!

- Yusaku Sako


On Oct. 23, 2014, 6:03 p.m., Jaimin Jetly wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/27064/
> -----------------------------------------------------------
> 
> (Updated Oct. 23, 2014, 6:03 p.m.)
> 
> 
> Review request for Ambari, Mahadev Konar, Srimanth Gunturi, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-7799
>     https://issues.apache.org/jira/browse/AMBARI-7799
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Documentation for setting up Knox to use kerberos can be found here:
> http://knox.apache.org/books/knox-0-5-0/knox-0-5-0.html#Secure+Clusters
> To summarize some of the things that need to be done besides the keytab creation:
> 1. the krb5 conf files need to be created and templated to work with the cluster setup.
> 2. gateway-site.xml needs to be modified to enable security and point to the krb5 conf
files
> 3. Other services that Knox is configured to work with may also need some configuration
changes. Specifically, core-site.xml, webhcat-site.xml and oozie-site.xml all need to be modified
to setup Knox as a trusted proxy
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/files/validateKnoxStatus.py
PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/knox.py
70f8b53 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/params.py
978b60b 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/service_check.py
1505ff3 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/templates/krb5JAASLogin.conf.j2
PRE-CREATION 
>   ambari-web/app/app.js c92e0ac 
>   ambari-web/app/assets/test/tests.js 8682af3 
>   ambari-web/app/controllers/main/admin/security.js d5dd543 
>   ambari-web/app/controllers/main/admin/security/add/step2.js 531f101 
>   ambari-web/app/controllers/main/admin/security/add/step3.js d967018 
>   ambari-web/app/data/HDP2/secure_configs.js 421ba54 
>   ambari-web/app/data/HDP2/secure_mapping.js 23a89e0 
>   ambari-web/app/data/HDP2/secure_properties.js 9a1dfc6 
>   ambari-web/app/data/secure_mapping.js c4bd6a4 
>   ambari-web/app/messages.js e1c2aee 
>   ambari-web/app/mixins/wizard/addSecurityConfigs.js 1defe9c 
>   ambari-web/test/controllers/main/admin/security/add/addSecurity_controller_test.js
cd4f4a2 
>   ambari-web/test/data/HDP2/secure_mapping_test.js a08d0cb 
>   ambari-web/test/data/secure_mapping_test.js PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/27064/diff/
> 
> 
> Testing
> -------
> 
> tested e2e by securing a cluster.
> After knox service check is executed
> su ambari-qa -c 'klist' shows the smokeuser credentials implying ambari-qa kinits before
executing smoke test.
> 
> 
> Thanks,
> 
> Jaimin Jetly
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message