ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-10305) Kerberos: during disable, need option skip if unable to access KDC to remove principals
Date Fri, 10 Apr 2015 19:15:15 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-10305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14490173#comment-14490173
] 

Hudson commented on AMBARI-10305:
---------------------------------

FAILURE: Integrated in Ambari-trunk-Commit #2258 (See [https://builds.apache.org/job/Ambari-trunk-Commit/2258/])
AMBARI-10305. Kerberos: during disable, need option skip if unable to access KDC to remove
principals (rlevas) (rlevas: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=3133b1db4e6d5a01b60f8c73acca98409c1bd44c)
* ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
* ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
* ambari-web/app/data/HDP2/site_properties.js
* ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java


> Kerberos: during disable, need option skip if unable to access KDC to remove principals
> ---------------------------------------------------------------------------------------
>
>                 Key: AMBARI-10305
>                 URL: https://issues.apache.org/jira/browse/AMBARI-10305
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-10305_01.patch
>
>
> Attempted to disable kerb, fails on step to unkerberize because KDC admin is locked out.
> Click retry, can't make it past that.
> Need option to skip and finish "disable kerberos" even if Ambari cannot get the principals
cleaned up (i.e. cannot access the KDC) Losing access to the KDC and attempting to disable
where ambari can't clean-up the principals should be a skip'able step. User should still be
able to get to a clean, not-enabled-kerberos-ambari-state w/o accessing the KDC.
> *Solution*
> Add a flag to the kerberos-env configuration to specify whether Kerberos identities should
be managed by Ambari (true, default) or not (false).  This flag is to be overridable via a
_directive_ like {{manage_identities=false}} when disabling Kerberos, which will skip over
any KDC administrative processes. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message