ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <>
Subject [jira] [Created] (AMBARI-8481) Flume service components should indicate security state
Date Sat, 29 Nov 2014 10:52:12 GMT
Robert Levas created AMBARI-8481:

             Summary: Flume service components should indicate security state
                 Key: AMBARI-8481
             Project: Ambari
          Issue Type: Improvement
          Components: ambari-server, stacks
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.0.0

The Flume service components should indicate security state when queried by Ambari Agent via
STATUS_COMMAND.  Each component should determine it's state as follows:

h4. Indicators
* Command JSON
** config\['configurations']\['cluster-env']\['security_enabled'] 
*** = “true”
* Configuration File: /etc/flume/conf/*/flume.conf
** agent.sinks.sink-*.hdfs.kerberosKeytab
*** not empty
*** path exists and is readable
*** required
** agent.sinks.sink-1.hdfs.kerberosPrincipal
*** not empty
*** required

h4. Pseudocode
if indicators imply security is on and validate
    if kinit(flume principal) succeeds
        state = SECURED_KERBEROS
        state = ERROR 
    state = UNSECURED

_*Note*_: Due to the _cost_ of calling {{kinit}} results should be cached for a period of
time before retrying.  This may be an issue depending on the frequency of the heartbeat timeout.

_*Note*_: It is possible that multiple sinks may spread out into different _command target_
flume.conf files (in  /etc/flume/conf/<command target dir>/flume.conf)

This message was sent by Atlassian JIRA

View raw message