Return-Path: 
 <dev-return-60398-apmail-ambari-dev-archive=ambari.apache.org@ambari.apache.org>
X-Original-To: apmail-ambari-dev-archive@www.apache.org
Delivered-To: apmail-ambari-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C5C0E10D7F
	for <apmail-ambari-dev-archive@www.apache.org>;
 Mon, 23 Feb 2015 18:00:12 +0000 (UTC)
Received: (qmail 77954 invoked by uid 500); 23 Feb 2015 18:00:12 -0000
Delivered-To: apmail-ambari-dev-archive@ambari.apache.org
Received: (qmail 77922 invoked by uid 500); 23 Feb 2015 18:00:12 -0000
Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@ambari.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@ambari.apache.org>
List-Post: <mailto:dev@ambari.apache.org>
List-Id: <dev.ambari.apache.org>
Reply-To: dev@ambari.apache.org
Delivered-To: mailing list dev@ambari.apache.org
Received: (qmail 77903 invoked by uid 99); 23 Feb 2015 18:00:12 -0000
Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Feb 2015 18:00:12 +0000
Received: from reviews.apache.org (localhost [127.0.0.1])
	by reviews.apache.org (Postfix) with ESMTP id 3A7AB1D2E88;
	Mon, 23 Feb 2015 18:00:10 +0000 (UTC)
Content-Type: multipart/alternative;
 boundary="===============0453481224737674151=="
MIME-Version: 1.0
Subject: Re: Review Request 31282: Kerberos: regenerate keytabs not handled
 for all hosts
From: "John Speidel" <jspeidel@hortonworks.com>
To: "Emil Anca" <eanca@hortonworks.com>,
 "John Speidel" <jspeidel@hortonworks.com>,
 "Vitalyi Brodetskyi" <vbrodetskyi@hortonworks.com>,
 "Robert Nettleton" <rnettleton@hortonworks.com>
Cc: "Robert Levas" <rlevas@hortonworks.com>, "Ambari" <dev@ambari.apache.org>
Date: Mon, 23 Feb 2015 18:00:10 -0000
Message-ID: <20150223180010.4174.30211@reviews.apache.org>
X-ReviewBoard-URL: https://reviews.apache.org/
Auto-Submitted: auto-generated
Sender: "John Speidel" <noreply@reviews.apache.org>
X-ReviewGroup: Ambari
X-ReviewRequest-URL: https://reviews.apache.org/r/31282/
X-Sender: "John Speidel" <noreply@reviews.apache.org>
References: <20150222213402.4175.45756@reviews.apache.org>
In-Reply-To: <20150222213402.4175.45756@reviews.apache.org>
Reply-To: "John Speidel" <jspeidel@hortonworks.com>
X-ReviewRequest-Repository: ambari

--===============0453481224737674151==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31282/#review73598
-----------------------------------------------------------

Ship it!


Ship It!

- John Speidel


On Feb. 22, 2015, 9:34 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31282/
> -----------------------------------------------------------
> 
> (Updated Feb. 22, 2015, 9:34 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, John Speidel, Robert Nettleton, and Vitalyi Brodetskyi.
> 
> 
> Bugs: AMBARI-9739
>     https://issues.apache.org/jira/browse/AMBARI-9739
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> 1. Installed cluster on three hosts c6401, c6402, c6403
> 2. using oracle jdk 1.7, put JCE in place on all hosts
> 3. ambari-agent stop on c6403 (which just has DN, ZK and NM)
> 4. Enable kerberos, which means c6403 does not get keytabs
> 5. ambari-agent start on c6403
> 6. go to regen keytabs. Clicked to only do missing. c6403 does not get keytabs.
> 7. go to regen keytabs. just left the default which should do all. No hosts get the keytabs.
> 
> What I found is since the Kerberos client didn't get installed on c6403, the "Set keytab kerberos client" command is "Host Role in invalid state". I went to that host, and did install clients from the UI to get the kerberos client installed. Once that happened, I could then regen keytabs.
> 
> The main issue: Regen only works if all hosts can regen. Once c6403 did not have a client, and Host Role in invalid state, it didn't do keytabs for any other hosts.
> 
> This occurs because the Kerberos Client is in the INIT state on one or more hosts.  Filtering out hosts where the Kerberos Client is not in the INSTALLED state, solves this issue.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 7a0a374 
>   ambari-server/src/main/java/org/apache/ambari/server/state/Service.java d05f209 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 7db2653 
> 
> Diff: https://reviews.apache.org/r/31282/diff/
> 
> 
> Testing
> -------
> 
> Manually tested in cluster
> 
> 
> #Jenkins test results:
> 
> Running org.apache.ambari.server.controller.KerberosHelperTest
> Tests run: 19, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.605 sec
> 
> Ambari server test suite
> Tests run: 2725, Failures: 0, Errors: 0, Skipped: 15
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:05 h
> [INFO] Finished at: 2015-02-22T20:17:25+00:00
> [INFO] Final Memory: 44M/555M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


--===============0453481224737674151==--