ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Beerbower" <tbeerbo...@hortonworks.com>
Subject Re: Review Request 32815: Kerberos: during disable, need option skip if unable to access KDC to remove principals
Date Wed, 08 Apr 2015 16:00:16 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/32815/#review79363
-----------------------------------------------------------

Ship it!


Ship It!

- Tom Beerbower


On April 3, 2015, 3:57 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/32815/
> -----------------------------------------------------------
> 
> (Updated April 3, 2015, 3:57 p.m.)
> 
> 
> Review request for Ambari, Jaimin Jetly, John Speidel, Robert Nettleton, Tom Beerbower,
and Yusaku Sako.
> 
> 
> Bugs: AMBARI-10305
>     https://issues.apache.org/jira/browse/AMBARI-10305
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Attempted to disable kerb, fails on step to unkerberize because KDC admin is locked out.
> 
> Click retry, can't make it past that.
> 
> Need option to skip and finish "disable kerberos" even if Ambari cannot get the principals
cleaned up (i.e. cannot access the KDC) Losing access to the KDC and attempting to disable
where ambari can't clean-up the principals should be a skip'able step. User should still be
able to get to a clean, not-enabled-kerberos-ambari-state w/o accessing the KDC.
> 
> **Solution**
> Add a flag to the kerberos-env configuration to specify whether Kerberos identities should
be managed by Ambari (true, default) or not (false).  The behavior declared by this value
is to be overridden using the _directive_ {{manage_kerberos_identities=false}} when disabling
Kerberos, which will skip over any KDC administrative processes.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
94f2711 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
a3ede22 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
e8a6c0a 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
9c12b34 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
f7144b8 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
524c511 
>   ambari-web/app/data/HDP2/site_properties.js 205aead 
> 
> Diff: https://reviews.apache.org/r/32815/diff/
> 
> 
> Testing
> -------
> 
> Manually tested in cluster
> 
> **Local test results**
> 
> Running org.apache.ambari.server.controller.KerberosHelperTest
> Tests run: 28, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.117 sec
> 
> Running org.apache.ambari.server.controller.AmbariManagementControllerImplTest
> Tests run: 34, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 4.729 sec
> 
> Tests run: 2818, Failures: 0, Errors: 0, Skipped: 16
> 
> **Jenkins test results: PENDING**
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message