ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 36581: Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed
Date Mon, 20 Jul 2015 13:21:25 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/36581/
-----------------------------------------------------------

(Updated July 20, 2015, 9:21 a.m.)


Review request for Ambari, John Speidel, Robert Nettleton, and Tom Beerbower.


Bugs: AMBARI-12450
    https://issues.apache.org/jira/browse/AMBARI-12450


Repository: ambari


Description
-------

When querying for information about services installed in a Kerberized cluster via the REST
API, the ServiceResourceProvider always attempts to contact the KDC (or Active Directory)
if the KERBEROS service is selected within the query. 

This can be seen about every 15 seconds,  when the UI queries for the state of the services
in a Kerberized cluster using the following query:
```
GET  /api/v1/clusters/{cluster_name}/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state&minimal_response=true
```

The result from this query does not contain the KDC connectivity attributes (which is expected),
yet the detail are obtained.  

This issue causes excess overhead in Ambari as well as on the relevant KDC or Active Directory.
Also the kdamin.log fills up with messages like:

```
Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
Jun 29 14:31:42 some-host-1 kadmind[2383](info): closing down fd 29
Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
Jun 29 14:32:49 some-host-1 kadmind[2383](info): closing down fd 29
Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
Jun 29 14:34:35 some-host-1 kadmind[2383](info): closing down fd 29
Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
Jun 29 14:35:28 some-host-1 kadmind[2383](info): closing down fd 29
```

#Solution
Only query for the KDC attributes when explicitly or implicitly queried. This can be done
by conditionally setting the relevant properties near `org/apache/ambari/server/controller/internal/ServiceResourceProvider.java:1394`
by inspecting the request for relevant identifiers using something like the following:

```
requestedIds.contains(propertyId) || isPropertyCategoryRequested(propertyId, requestedIds)
|| isPropertyEntryRequested(propertyId, requestedIds)
```


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BaseProvider.java
ca5e70e 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java
a13bbd3 
  ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java
9ec1610 

Diff: https://reviews.apache.org/r/36581/diff/


Testing (updated)
-------

Manually tested using various query strings.

#Local test results:

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 46:16.723s
[INFO] Finished at: Fri Jul 17 15:51:36 EDT 2015
[INFO] Final Memory: 47M/724M
[INFO] ------------------------------------------------------------------------

#Jenkins test results:

Tests run: 3121, Failures: 0, Errors: 0, Skipped: 28

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:28 h
[INFO] Finished at: 2015-07-17T23:29:02+00:00
[INFO] Final Memory: 46M/516M
[INFO] ------------------------------------------------------------------------


Thanks,

Robert Levas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message