ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Speidel" <jspei...@hortonworks.com>
Subject Re: Review Request 31282: Kerberos: regenerate keytabs not handled for all hosts
Date Mon, 23 Feb 2015 18:00:10 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31282/#review73598
-----------------------------------------------------------

Ship it!


Ship It!

- John Speidel


On Feb. 22, 2015, 9:34 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31282/
> -----------------------------------------------------------
> 
> (Updated Feb. 22, 2015, 9:34 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, John Speidel, Robert Nettleton, and Vitalyi Brodetskyi.
> 
> 
> Bugs: AMBARI-9739
>     https://issues.apache.org/jira/browse/AMBARI-9739
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> 1. Installed cluster on three hosts c6401, c6402, c6403
> 2. using oracle jdk 1.7, put JCE in place on all hosts
> 3. ambari-agent stop on c6403 (which just has DN, ZK and NM)
> 4. Enable kerberos, which means c6403 does not get keytabs
> 5. ambari-agent start on c6403
> 6. go to regen keytabs. Clicked to only do missing. c6403 does not get keytabs.
> 7. go to regen keytabs. just left the default which should do all. No hosts get the keytabs.
> 
> What I found is since the Kerberos client didn't get installed on c6403, the "Set keytab
kerberos client" command is "Host Role in invalid state". I went to that host, and did install
clients from the UI to get the kerberos client installed. Once that happened, I could then
regen keytabs.
> 
> The main issue: Regen only works if all hosts can regen. Once c6403 did not have a client,
and Host Role in invalid state, it didn't do keytabs for any other hosts.
> 
> This occurs because the Kerberos Client is in the INIT state on one or more hosts.  Filtering
out hosts where the Kerberos Client is not in the INSTALLED state, solves this issue.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
7a0a374 
>   ambari-server/src/main/java/org/apache/ambari/server/state/Service.java d05f209 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
7db2653 
> 
> Diff: https://reviews.apache.org/r/31282/diff/
> 
> 
> Testing
> -------
> 
> Manually tested in cluster
> 
> 
> #Jenkins test results:
> 
> Running org.apache.ambari.server.controller.KerberosHelperTest
> Tests run: 19, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.605 sec
> 
> Ambari server test suite
> Tests run: 2725, Failures: 0, Errors: 0, Skipped: 15
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:05 h
> [INFO] Finished at: 2015-02-22T20:17:25+00:00
> [INFO] Final Memory: 44M/555M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message