Return-Path: X-Original-To: apmail-ambari-dev-archive@www.apache.org Delivered-To: apmail-ambari-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id ED7E3102DE for ; Sat, 6 Jun 2015 10:32:00 +0000 (UTC) Received: (qmail 72275 invoked by uid 500); 6 Jun 2015 10:32:00 -0000 Delivered-To: apmail-ambari-dev-archive@ambari.apache.org Received: (qmail 72239 invoked by uid 500); 6 Jun 2015 10:32:00 -0000 Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list dev@ambari.apache.org Received: (qmail 72227 invoked by uid 99); 6 Jun 2015 10:32:00 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 06 Jun 2015 10:32:00 +0000 Date: Sat, 6 Jun 2015 10:32:00 +0000 (UTC) From: "Robert Levas (JIRA)" To: dev@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (AMBARI-11752) Kerberos: adjust ambari headless principals for unique names MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Robert Levas created AMBARI-11752: ------------------------------------- Summary: Kerberos: adjust ambari headless principals for unique names Key: AMBARI-11752 URL: https://issues.apache.org/jira/browse/AMBARI-11752 Project: Ambari Issue Type: Bug Components: ambari-server Affects Versions: 2.1.0 Reporter: Robert Levas Assignee: Robert Levas Priority: Critical Fix For: 2.1.0 1) Rollup all headless principal names up to Ambari Principals tab. Currently looks like Storm and Spark are on second tab, under their section, not under Ambari tab with ambari-qa, hdfs, hbase, etc. Also make sure the UI has user readable labels like the others for consistency (see the screen shot. spark.history.kerberos.principal should be "Spark user principal" for example). 2) By default, all of these to be cluster-name scoped by default. {code}-${cluster_name}{code} It does no harm for those that don't care... And for those that care about headless principal names to be unique, this ends up being done by default (and saves the user from having to remember to set it this way). Ultimately when users want to add variables to their principal names they will be doing it across the board - whatever we can do to make it easier for users to do so, would be better. If we had all principals in one pane they can quickly add all of them and visually validate. *Solution* Update the details for all _user_ ({{identities/type = user}}) Kerberos Identity entries in {{kerberos.json}} files to add the following to the principal name {code} -${cluster_name} {code} For example: {code} ${hadoop-env/hdfs_user}@${realm} {code} to {code} ${hadoop-env/hdfs_user}-${cluster_name}@${realm} {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)