ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 31810: Ambari must support deployment on separate host
Date Mon, 09 Mar 2015 17:38:57 GMT


> On March 9, 2015, 11:47 a.m., John Speidel wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java,
line 670
> > <https://reviews.apache.org/r/31810/diff/1/?file=887673#file887673line670>
> >
> >     Completely unrelated to this transaction but I am curious about why this method
is marked with the @Transactional annotation.

I was under the impression that this method needed to be marked as `@Transactional` since
I was calling the following methods:
* org.apache.ambari.server.state.ServiceComponentHost#setSecurityState
* org.apache.ambari.server.state.Service#setSecurityState

Both of these methods lead to updating the database, ideally rolling back if there is an issue.


> On March 9, 2015, 11:47 a.m., John Speidel wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java,
line 339
> > <https://reviews.apache.org/r/31810/diff/1/?file=887674#file887674line339>
> >
> >     in what cases is exception thrown?

Error cases... ;)

I will update the doc.


> On March 9, 2015, 11:47 a.m., John Speidel wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java,
line 386
> > <https://reviews.apache.org/r/31810/diff/1/?file=887674#file887674line386>
> >
> >     is it valid to pass in a null file?

Origianlly this was going to be a utility method that didn't really care about much other
than protecting itself.  So whether the file will null, didn't make a differnce.  I can remove
that since I know there is no _current_ case where file will be null.


> On March 9, 2015, 11:47 a.m., John Speidel wrote:
> > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml,
line 64
> > <https://reviews.apache.org/r/31810/diff/1/?file=887683#file887683line64>
> >
> >     I know that this was simply moved from krb5.conf but I didn't notice this before.
 We shouldn't have a property marked as require-input where the value is a concrete hostname
or ip address.
> >     
> >     Consider the blueprint use case.  In 2.1 it will be possible to specify host
counts instead of actual host names when creating a cluster and the request may be submitted
prior to any hosts having registered with the server.  There are many configuration properties
which point to specific hosts and either the UI updates these as a result of a user mapping
components to concrete hosts or the BP processor updates these at a later time when all necessary
host mappings are resolved.
> >     
> >     We can discuss in more detail if you would like.

The `kdc_host` is not a value to be set based on the cluster topology. It is the FQDN or IP
address of some server external to the cluster.  If the KDC happens to be on one of the nodes
of the cluster, than is it probably a developement or test enviroment.  This value is reqired
for Kerberos since without it the whole facility will fail.  

This is the same for `admin_server_host`, however the logic will happily use the `kdc_host`
if the `admin_server_host` is not set since typically they are the same host and use default
ports.


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31810/#review75703
-----------------------------------------------------------


On March 6, 2015, 4:49 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31810/
> -----------------------------------------------------------
> 
> (Updated March 6, 2015, 4:49 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, John Speidel, Mahadev Konar, Robert
Nettleton, Sumit Mohanty, and Vitalyi Brodetskyi.
> 
> 
> Bugs: AMBARI-9937
>     https://issues.apache.org/jira/browse/AMBARI-9937
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> It should be possible to deploy Ambari on a host that does not include any other services.
> 
> The primary issue is that Ambari needs to be able to distribute keytabs to other hosts
even if Ambari-Server is not running on a host with services that would otherwise have forced
the Ambari-Server to be included in the keytab distribution process.
> 
> To be clear, the following use case should be supported:
> 
> - The Ambari-Server is deployed on a host with no other services 
>   -- Other services are deployed on hosts separate from Ambari-Server
> - addHost should be possible
> 
> #Solution:
> - Added kerberos.keytab.cache.dir to ambari.properties
> - Added kerberos.keytab.cache.dir and default value (via erberosKeytabCacheDir property)
to org.apache.ambari.server.configuration.Configuration
> - Added "cachable" value to Kerberos keytab descriptor (default = true) to mark a keytab
as being cachable or not
> - Updated org.apache.ambari.server.serveraction.kerberos.CreateKeytabFilesServerAction
to add to or use from the keytab cache as necessary
> - Added explicit server specification in kadmin call to help with scenarios where the
krb5.conf file isn't configured on the Ambari server
> - Moved kdc_host and admin_server_host configuration properties from krb5-conf to kerberos-env
> - Simplified krb5-conf by removing unnecessary properties that can be set in the template
> 
> 
> Diffs
> -----
> 
>   ambari-server/conf/unix/ambari.properties ec51278 
>   ambari-server/conf/windows/ambari.properties ff69f67 
>   ambari-server/pom.xml 2bbb0ee 
>   ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
c5595e6 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
e01d38d 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
6ea33b0 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
caf8c78 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFile.java
40b3353 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileBuilder.java
8888f82 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
b62f6f9 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
fc1729b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
0b9227f 
>   ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosKeytabDescriptor.java
59e6104 
>   ambari-server/src/main/python/ambari_server/serverConfiguration.py 9dfda01 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
15a39d9 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
02d78b8 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/metainfo.xml fd7c229

>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
3ccbc3e 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
0d915ba 
>   ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kerberos-env.xml
PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/krb5-conf.xml
43050bd 
>   ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/params.py
31e4134 
>   ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/krb5_conf.j2
0d915ba 
>   ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
03d3a91 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
d766d8c 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
2da692e 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileTest.java
25c7be7 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
e1d5fce 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
0b34a77 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
045cfbe 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
6bb59c5 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py ecf7853 
>   ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade-hdfs-secure.json
b4e3c59 
>   ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade.json 96d31b0 
>   ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json d23c908

>   ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json 19ef81f

>   ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json f72be07

>   ambari-web/app/assets/data/wizard/stack/hdp/version2.0.1/KERBEROS.json b34c7b4 
>   ambari-web/app/data/HDP2/site_properties.js d6bb14b 
> 
> Diff: https://reviews.apache.org/r/31810/diff/
> 
> 
> Testing
> -------
> 
> Manually tested in test clusters
> 
> #Local Test
> 
> **Ambari Server Tests**
> 
> Tests run: 2770, Failures: 0, Errors: 0, Skipped: 15
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 35:43.593s
> [INFO] Finished at: Fri Mar 06 16:30:22 EST 2015
> [INFO] Final Memory: 46M/621M
> [INFO] ------------------------------------------------------------------------
> 
> **Ambari Web Tests**  
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 42.895s
> [INFO] Finished at: Fri Mar 06 16:48:23 EST 2015
> [INFO] Final Memory: 11M/310M
> [INFO] ------------------------------------------------------------------------
> 
> 
> #Jenkins test results: PENDING (issues with system)
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message