ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 32815: Kerberos: during disable, need option skip if unable to access KDC to remove principals
Date Fri, 03 Apr 2015 15:57:51 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32815/
-----------------------------------------------------------

(Updated April 3, 2015, 11:57 a.m.)


Review request for Ambari, Jaimin Jetly, John Speidel, Robert Nettleton, Tom Beerbower, and
Yusaku Sako.


Bugs: AMBARI-10305
    https://issues.apache.org/jira/browse/AMBARI-10305


Repository: ambari


Description
-------

Attempted to disable kerb, fails on step to unkerberize because KDC admin is locked out.

Click retry, can't make it past that.

Need option to skip and finish "disable kerberos" even if Ambari cannot get the principals
cleaned up (i.e. cannot access the KDC) Losing access to the KDC and attempting to disable
where ambari can't clean-up the principals should be a skip'able step. User should still be
able to get to a clean, not-enabled-kerberos-ambari-state w/o accessing the KDC.

**Solution**
Add a flag to the kerberos-env configuration to specify whether Kerberos identities should
be managed by Ambari (true, default) or not (false).  The behavior declared by this value
is to be overridden using the _directive_ {{manage_kerberos_identities=false}} when disabling
Kerberos, which will skip over any KDC administrative processes.


Diffs (updated)
-----

  ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
94f2711 
  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
a3ede22 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java e8a6c0a

  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
9c12b34 
  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
f7144b8 
  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
524c511 
  ambari-web/app/data/HDP2/site_properties.js 205aead 

Diff: https://reviews.apache.org/r/32815/diff/


Testing
-------

Manually tested in cluster

**Local test results**

Running org.apache.ambari.server.controller.KerberosHelperTest
Tests run: 28, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.117 sec

Running org.apache.ambari.server.controller.AmbariManagementControllerImplTest
Tests run: 34, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 4.729 sec

Tests run: 2818, Failures: 0, Errors: 0, Skipped: 16

**Jenkins test results: PENDING**


Thanks,

Robert Levas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message