ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 34629: Kerberos FE: during disable, need option skip if unable to access KDC to remove principals
Date Mon, 25 May 2015 22:04:13 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34629/
-----------------------------------------------------------

(Updated May 25, 2015, 6:04 p.m.)


Review request for Ambari, Aleksandr Kovalenko, Andrii Tkach, Jaimin Jetly, and Yusaku Sako.


Changes
-------

Removed `candSkipOnError: true,`


Bugs: AMBARI-11360
    https://issues.apache.org/jira/browse/AMBARI-11360


Repository: ambari


Description
-------

Attempted to disable kerb, fails on step to unkerberize because KDC admin is locked out.

Click retry, can't make it past that.

Need option to skip and finish "disable kerberos" even if Ambari cannot get the principals
cleaned up (i.e. cannot access the KDC) Losing access to the KDC and attempting to disable
where ambari can't clean-up the principals should be a skip'able step. User should still be
able to get to a clean, not-enabled-kerberos-ambari-state w/o accessing the KDC.

*Solution*
Based on user input, execute API call to disable Kerberos with the *manage_kerberos_identities*
_directive_ set to *false*.  Example:
```
PUT /api/v1/clusters/c1?manage_kerberos_identities=false
{
  "Clusters": {
    "security_type" : "NONE"
  }
}
```


Diffs (updated)
-----

  ambari-web/app/controllers/main/admin/kerberos/disable_controller.js 358f922 
  ambari-web/app/mixins/wizard/wizardProgressPageController.js 28e8f41 
  ambari-web/app/utils/ajax/ajax.js 254e2a9 

Diff: https://reviews.apache.org/r/34629/diff/


Testing
-------

Manually tested with downed KDC.


Thanks,

Robert Levas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message