ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <>
Subject Re: Review Request 30181: Ensure enable/disable Kerberos logic should invoke only when state of security flag is changed
Date Fri, 23 Jan 2015 00:36:54 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated Jan. 22, 2015, 7:36 p.m.)

Review request for Ambari, John Speidel, Robert Nettleton, and Tom Beerbower.


Fixed issue causing exception to be thrown

Bugs: AMBARI-9261

Repository: ambari


The logic to enable or disable Kerberos is typically invoked when the Cluster resource is
updated. This occurs for several reasons, not all of them indicate the state of Kerberos should
be altered.  

By processing all updated to the Cluster resource, the enable/disable Kerberos may get invoked
when not necessary causing _noise_ on the task list and potentially generating an error condition
if the KDC administrator credentials are not available.  Certain states of the system will
trigger the enable/disable Kerberos logic to perform tasks requiring the KDC administrator
credentials. If not explicitly handing the security state change, this behavior is not desired.

To solve the issue, test the request on the update Cluster resource to see if the security
state property (`cluster-env/security_enabled`) has been altered, if so invoke enable/disable
Kerberos logic; else do not invoke enable/disable Kerberos logic. 

Diffs (updated)




Manually tested various cases on a test cluster
Added new unit tests

**Waiting for Jenkins tests to complete**


Robert Levas

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message