ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-8542) Provide a way to parse and handle Kerberos descriptors
Date Thu, 04 Dec 2014 16:37:12 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-8542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14234336#comment-14234336
] 

Hadoop QA commented on AMBARI-8542:
-----------------------------------

{color:green}+1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12685117/AMBARI-8542_01.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 7 new or modified
test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in ambari-server.

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/811//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/811//console

This message is automatically generated.

> Provide a way to parse and handle Kerberos descriptors
> ------------------------------------------------------
>
>                 Key: AMBARI-8542
>                 URL: https://issues.apache.org/jira/browse/AMBARI-8542
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server, stacks
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos, kerberos_descriptor, stack
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-8542_01.patch
>
>
> Provide the ability to read in Kerberos descriptor files (kerberos.json) from the stack
at various levels (stack-level, service-level) and to merge them into a single hierarchy.
 The composite Kerberos descriptor data will be used to control the UI (Kerberos Wizard -
see AMBARI-7450).
> An example stack-level Kerberos Descriptor:
> {code}
> {
>   "properties": {
>     "realm": "${cluster-env/kerberos_domain}",
>     "keytab_dir": "/etc/security/keytabs"
>   },
>   "identities": [
>     {
>       "name": "spnego",
>       "principal": {
>         "value": "HTTP/_HOST@${realm}"
>       },
>       "keytab": {
>         "file": "${keytab_dir}/spnego.service.keytab",
>         "owner": {
>           "name": "root",
>           "access": "r"
>         },
>         "group": {
>           "name": "${cluster-env/user_group}",
>           "access": "r"
>         }
>       }
>     }
>   ],
>   "configurations": [
>   ]
> }
> {code}
> An example service-level Kerberos Descriptor - HDFS:
> {code}
> {
>   "configurations": [
>     {
>       "core-site": {
>         "hadoop.security.authentication": "kerberos",
>         "hadoop.rpc.protection": "authentication; integrity; privacy",
>         "hadoop.security.authorization": "true"
>       }
>     }
>   ],
>   "components": [
>     {
>       "name": "NAMENODE",
>       "identities": [
>         {
>           "name" : "namenode_nn",
>           "principal": {
>             "value": "nn/_HOST@${realm}",
>             "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
>           },
>           "keytab": {
>             "file": "${keytab_dir}/nn.service.keytab",
>             "owner": {
>               "name": "${hadoop-env/hdfs_user}",
>               "access": "r"
>             },
>             "group": {
>               "name": "${cluster-env/user_group}",
>               "access": ""
>             },
>             "configuration": "hdfs-site/dfs.namenode.keytab.file"
>           }
>         },
>         {
>           "name" : "namenode_host",
>           "principal": {
>             "value": "host/_HOST@${realm}",
>             "configuration": "hdfs-site/dfs.namenode.kerberos.https.principal"
>           },
>           "keytab": {
>             "file": "${keytab_dir}/host.keytab",
>             "owner": {
>               "name": "${hadoop-env/hdfs_user}",
>               "access": "r"
>             },
>             "group": {
>               "name": "${cluster-env/user_group}",
>               "access": ""
>             },
>             "configuration": "hdfs-site/dfs.namenode.keytab.file"
>           }
>         },
>         {
>           "name" : "/spnego",
>           "principal": {
>             "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
>           },
>           "keytab": {
>             "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
>           }
>         }
>       ]
>     },
>     {
>       "name": "DATANODE",
>       "identities": [
>         {
>           "name" : "datanode_dn",
>           "principal": {
>             "value": "dn/_HOST@${realm}",
>             "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
>           },
>           "keytab": {
>             "file": "${keytab_dir}/dn.service.keytab",
>             "owner": {
>               "name": "${hadoop-env/hdfs_user}",
>               "access": "r"
>             },
>             "group": {
>               "name": "${cluster-env/user_group}",
>               "access": ""
>             },
>             "configuration": "hdfs-site/dfs.namenode.keytab.file"
>           }
>         },
>         {
>           "name" : "datanode_host",
>           "principal": {
>             "value": "host/_HOST@${realm}",
>             "configuration": "hdfs-site/dfs.datanode.kerberos.https.principal"
>           },
>           "keytab": {
>             "file": "${keytab_dir}/host.keytab.file",
>             "owner": {
>               "name": "${hadoop-env/hdfs_user}",
>               "access": "r"
>             },
>             "group": {
>               "name": "${cluster-env/user_group}",
>               "access": ""
>             },
>             "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
>           }
>         }
>       ]
>     },
>     {
>       "name": "SECONDARY_NAMENODE",
>       "identities": [
>         {
>           "name" : "secondary_namenode_nn",
>           "principal": {
>             "value": "nn/_HOST@${realm}",
>             "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.principal"
>           },
>           "keytab": {
>             "file": "${keytab_dir}/snn.service.keytab",
>             "owner": {
>               "name": "${hadoop-env/hdfs_user}",
>               "access": "r"
>             },
>             "group": {
>               "name": "${cluster-env/user_group}",
>               "access": ""
>             },
>             "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
>           }
>         },
>         {
>           "name" : "secondary_namenode_host",
>           "principal": {
>             "value": "host/_HOST@${realm}",
>             "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.https.principal"
>           },
>           "keytab": {
>             "file": "${keytab_dir}/host.keytab.file",
>             "owner": {
>               "name": "${hadoop-env/hdfs_user}",
>               "access": "r"
>             },
>             "group": {
>               "name": "${cluster-env/user_group}",
>               "access": ""
>             },
>             "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
>           }
>         },
>         {
>           "name" : "/spnego",
>           "principal": {
>             "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
>           },
>           "keytab": {
>             "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
>           }
>         }
>       ]
>     }
>   ]
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message