ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emil Anca" <ea...@hortonworks.com>
Subject Re: Review Request 33192: Add the ability to enable Kerberos and not manage identities
Date Thu, 16 Apr 2015 09:24:25 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33192/#review80313
-----------------------------------------------------------

Ship it!


Ship It!

- Emil Anca


On April 15, 2015, 1:20 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33192/
> -----------------------------------------------------------
> 
> (Updated April 15, 2015, 1:20 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-10479
>     https://issues.apache.org/jira/browse/AMBARI-10479
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Add the ability to enable Kerberos and not manage identities.  This should be done by
allowing a user to specify whether all relevant Kerberos identities _should_ or _should not_
be managed by Ambari.  
> 
> A *kerberos-env* property named *manage_identities* is to be added where its value may
be either _true_ or _false_.  By default the value is _true_ (or rather _not false_).  
> 
> If _not false_, Ambari will access the registered KDC to create, update, and delete Kerberos
identities as needed.  Ambari will also create, distribute, and delete keytab files as needed.
Because of this, the KDC administrator credentials are required. This is the current behavior
of Ambari 2.0.0.
> 
> If _false_, Ambari will *not* access the registered KDC to create, update, or delete
Kerberos identities.  It will also *not* create, distribute, or delete keytab files. Not KDC
administrator credentials will be needed.
> 
> Note: a lot of this work has been done for AMBARI-10305.  A current known problem with
the solution for AMBARI-10305 is that the Kerberos service check fails when kerberos-env/manage_identities
is false due to missing data since the special smoke user was not created.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
5cd75bb 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
5482f6c 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py
b8cb384 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
ee11ee7 
> 
> Diff: https://reviews.apache.org/r/33192/diff/
> 
> 
> Testing
> -------
> 
> Manually tested
> 
> **Local test results:**
> Running org.apache.ambari.server.controller.KerberosHelperTest
> Tests run: 32, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.228 sec
> 
> Tests run: 2860, Failures: 0, Errors: 0, Skipped: 16
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 39:49.326s
> [INFO] Finished at: Tue Apr 14 16:59:54 EDT 2015
> [INFO] Final Memory: 86M/1028M
> [INFO] ------------------------------------------------------------------------
> 
> 
> **Jenkins test results: PENDING**
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message