ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Review Request 31172: Kerberos: Adding a service to a Kerberized cluster requires Kerberos-related tasks occur before INSTALL stage
Date Thu, 19 Feb 2015 00:24:13 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31172/
-----------------------------------------------------------

Review request for Ambari, Emil Anca, John Speidel, and Robert Nettleton.


Bugs: AMBARI-9666
    https://issues.apache.org/jira/browse/AMBARI-9666


Repository: ambari


Description
-------

When adding a service to a _Kerberized_ cluster, the {{INSTALL}} stage for that service tends
to fail due to missing Kerberos properties, principals and keytabs. 

To solve this issue, when a new service is added to a _Kerberized_ cluster the following needs
to occur before that service can attempt to transition into it's `INSTALLED` state:
1. Kerberos-specific properties need to be created or set
2. Principals need to be created
3. Keytab files need to be generated
4. Keytab files need to be distributed 

The solution fixes adding hosts with client compoents only as well as handled removing principal
data from the database when hosts are removed.
The soltuon also ensures the auth_to_local properties are updated when services are added.


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java eacd025

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
7e811e2 
  ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java
a22c759 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java db19611

  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostComponentResourceProvider.java
196ae21 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosPrincipalHostDAO.java
9086e93 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
98cc4e2 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerAction.java
728865f 
  ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java fdc307b 
  ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 01148a8

  ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
c6389cb 
  ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorType.java
94c5046 
  ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json c327efb 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
703be52 
  ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json a2a3706 
  ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java abee322

  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
2833f2c 
  ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java
8b98ea0 
  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
215161c 
  ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostComponentResourceProviderTest.java
e697b99 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
8215120 
  ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptorTest.java
e657f38 
  ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
7944cd6 
  ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java
040d481 
  ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos.json 1902319 

Diff: https://reviews.apache.org/r/31172/diff/


Testing
-------

Manually tested in clusters to produce different add host and add service secenarios.

#Jenkins Test Results: PENDING


Thanks,

Robert Levas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message