Return-Path: X-Original-To: apmail-ambari-dev-archive@www.apache.org Delivered-To: apmail-ambari-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E10B117689 for ; Fri, 31 Oct 2014 20:09:41 +0000 (UTC) Received: (qmail 51237 invoked by uid 500); 31 Oct 2014 20:09:41 -0000 Delivered-To: apmail-ambari-dev-archive@ambari.apache.org Received: (qmail 51208 invoked by uid 500); 31 Oct 2014 20:09:41 -0000 Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list dev@ambari.apache.org Received: (qmail 51192 invoked by uid 99); 31 Oct 2014 20:09:41 -0000 Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Oct 2014 20:09:41 +0000 Received: from reviews.apache.org (localhost [127.0.0.1]) by reviews.apache.org (Postfix) with ESMTP id 590A51DF9EC; Fri, 31 Oct 2014 20:09:45 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============6338996226744528466==" MIME-Version: 1.0 Subject: Re: Review Request 27206: Create Kerberos Service From: "Robert Levas" To: "John Speidel" , "Nate Cole" , "Jaimin Jetly" , "Yusaku Sako" Cc: "Robert Levas" , "Ambari" Date: Fri, 31 Oct 2014 20:09:45 -0000 Message-ID: <20141031200945.7138.36479@reviews.apache.org> X-ReviewBoard-URL: https://reviews.apache.org Auto-Submitted: auto-generated Sender: "Robert Levas" X-ReviewGroup: Ambari X-ReviewRequest-URL: https://reviews.apache.org/r/27206/ X-Sender: "Robert Levas" References: <20141029203306.7137.1705@reviews.apache.org> In-Reply-To: <20141029203306.7137.1705@reviews.apache.org> Reply-To: "Robert Levas" X-ReviewRequest-Repository: ambari --===============6338996226744528466== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit > On Oct. 29, 2014, 4:33 p.m., Jaimin Jetly wrote: > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_server.py, line 73 > > > > > > start command on KDC service component should also call self.configure(env) function to support reconfiguration scenario. > > > > Otherwise once kerberos is installed and after that if krb5-conf or kdc-conf configurations are changed in the Ambari and kerberos is restarted, the config change will never occur on the KDC host in the actual files > > Robert Levas wrote: > Is this typical behavior or just special for the Kerberos service? > > Jaimin Jetly wrote: > This is a typical behavior for any service in the stack. All services support reconfiguration. So when a start task for a service component is received at the agent, first service's configuration are updated and then service component is started. If we browse through python script of any existing service's master/slave component in the stack, it's start function will be calling configure function. I updated the service definition to support this and all my tests appeared to work fine. However, changing the configration of the Kerberos infrastrucutre is dangerous since existing keytabs may become invalid. For example if the realm name(s) are changed. As of my lastest patch, I think that I have covered all open issues. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/27206/#review59041 ----------------------------------------------------------- On Oct. 30, 2014, 10:09 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/27206/ > ----------------------------------------------------------- > > (Updated Oct. 30, 2014, 10:09 p.m.) > > > Review request for Ambari, Jaimin Jetly, John Speidel, Nate Cole, and Yusaku Sako. > > > Bugs: AMBARI-7448 > https://issues.apache.org/jira/browse/AMBARI-7448 > > > Repository: ambari > > > Description > ------- > > Create a service to manage the (optional) Kerberos server (managed KDC) and client components in the HDP 2.2 stack. > > See [Ambari Cluster Kerberization Technical Document](https://issues.apache.org/jira/secure/attachment/12671235/AmbariClusterKerberization.pdf) for more information. > > > Diffs > ----- > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/configuration/kdc-conf.xml PRE-CREATION > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/configuration/krb5-conf.xml PRE-CREATION > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/configuration/realms-conf.xml PRE-CREATION > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/metainfo.xml PRE-CREATION > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_client.py PRE-CREATION > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_common.py PRE-CREATION > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_server.py PRE-CREATION > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/params.py PRE-CREATION > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/utils.py PRE-CREATION > ambari-server/src/test/java/org/apache/ambari/server/api/services/KerberosServiceMetaInfoTest.java PRE-CREATION > ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py PRE-CREATION > ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_server.py PRE-CREATION > ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py PRE-CREATION > > Diff: https://reviews.apache.org/r/27206/diff/ > > > Testing > ------- > > Added new unit test - `org.apache.ambari.server.api.services.KerberosServiceMetaInfoTest` > > > Thanks, > > Robert Levas > > --===============6338996226744528466==--