ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Review Request 35174: Kerberos: adjust ambari headless principals for unique names
Date Sat, 06 Jun 2015 11:35:02 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35174/
-----------------------------------------------------------

Review request for Ambari, Aleksandr Kovalenko, Andrii Tkach, and Jaimin Jetly.


Bugs: AMBARI-11752
    https://issues.apache.org/jira/browse/AMBARI-11752


Repository: ambari


Description
-------

1) Rollup all headless principal names up to Ambari Principals tab. Currently looks like Storm
and Spark are on second tab, under their section, not under Ambari tab with ambari-qa, hdfs,
hbase, etc. Also make sure the UI has user readable labels like the others for consistency
(see the screen shot. spark.history.kerberos.principal should be "Spark user principal" for
example).

2) By default, all of these to be cluster-name scoped by default. {code}-${cluster_name}{code}
It does no harm for those that don't care... And for those that care about headless principal
names to be unique, this ends up being done by default (and saves the user from having to
remember to set it this way).

Ultimately when users want to add variables to their principal names they will be doing it
across the board - whatever we can do to make it easier for users to do so, would be better.
 If we had all principals in one pane they can quickly add all of them and visually validate.

*Solution*
Update the details for all _user_ ({{identities/type = user}}) Kerberos Identity entries in
{{kerberos.json}} files to add the following to the principal name
```
-${cluster_name}
```

For example:
```
${hadoop-env/hdfs_user}@${realm}
```
to
```
${hadoop-env/hdfs_user}-${cluster_name}@${realm}
```


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
8cd9718 
  ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json 884bc56

  ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json 5da0846

  ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json 9a707dc 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/kerberos.json 027c20b 
  ambari-server/src/main/resources/stacks/HDP/2.3.GlusterFS/services/ACCUMULO/kerberos.json
3a3ecc3 
  ambari-server/src/main/resources/stacks/HDP/2.3/services/ACCUMULO/kerberos.json 8a3381a

  ambari-web/app/controllers/main/admin/kerberos/step4_controller.js 74fc4ac 
  ambari-web/app/data/HDP2/site_properties.js 36c6650 

Diff: https://reviews.apache.org/r/35174/diff/


Testing
-------


Thanks,

Robert Levas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message