ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 27206: Create Kerberos Service
Date Fri, 31 Oct 2014 20:09:45 GMT


> On Oct. 29, 2014, 4:33 p.m., Jaimin Jetly wrote:
> > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_server.py,
line 73
> > <https://reviews.apache.org/r/27206/diff/2/?file=734109#file734109line73>
> >
> >     start command on KDC service component should also call self.configure(env)
function to support reconfiguration scenario. 
> >     
> >     Otherwise once kerberos is installed and after that if krb5-conf or kdc-conf
configurations are changed in the Ambari and kerberos is restarted, the config change will
never occur on the KDC host in the actual files
> 
> Robert Levas wrote:
>     Is this typical behavior or just special for the Kerberos service?
> 
> Jaimin Jetly wrote:
>     This is a typical behavior for any service in the stack. All services support reconfiguration.
So when a start task for a service component is received at the agent, first service's configuration
are updated and then service component is started. If we browse through python script of any
existing service's master/slave component  in the stack, it's start function will be calling
configure function.

I updated the service definition to support this and all my tests appeared to work fine. 
However, changing the configration of the Kerberos infrastrucutre is dangerous since existing
keytabs may become invalid. For example if the realm name(s) are changed.

As of my lastest patch, I think that I have covered all open issues.


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27206/#review59041
-----------------------------------------------------------


On Oct. 30, 2014, 10:09 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/27206/
> -----------------------------------------------------------
> 
> (Updated Oct. 30, 2014, 10:09 p.m.)
> 
> 
> Review request for Ambari, Jaimin Jetly, John Speidel, Nate Cole, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-7448
>     https://issues.apache.org/jira/browse/AMBARI-7448
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Create a service to manage the (optional) Kerberos server (managed KDC) and client components
in the HDP 2.2 stack.
> 
> See [Ambari Cluster Kerberization Technical Document](https://issues.apache.org/jira/secure/attachment/12671235/AmbariClusterKerberization.pdf)
for more information.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/configuration/kdc-conf.xml
PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/configuration/krb5-conf.xml
PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/configuration/realms-conf.xml
PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/metainfo.xml PRE-CREATION

>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_client.py
PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_common.py
PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_server.py
PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/params.py
PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/utils.py
PRE-CREATION 
>   ambari-server/src/test/java/org/apache/ambari/server/api/services/KerberosServiceMetaInfoTest.java
PRE-CREATION 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py PRE-CREATION

>   ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_server.py PRE-CREATION

>   ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/27206/diff/
> 
> 
> Testing
> -------
> 
> Added new unit test - `org.apache.ambari.server.api.services.KerberosServiceMetaInfoTest`

> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message