ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Nettleton" <rnettle...@hortonworks.com>
Subject Re: Review Request 36581: Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed
Date Mon, 20 Jul 2015 15:48:35 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/36581/#review92268
-----------------------------------------------------------

Ship it!


Ship It!

- Robert Nettleton


On July 20, 2015, 1:21 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/36581/
> -----------------------------------------------------------
> 
> (Updated July 20, 2015, 1:21 p.m.)
> 
> 
> Review request for Ambari, John Speidel, Robert Nettleton, and Tom Beerbower.
> 
> 
> Bugs: AMBARI-12450
>     https://issues.apache.org/jira/browse/AMBARI-12450
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> When querying for information about services installed in a Kerberized cluster via the
REST API, the ServiceResourceProvider always attempts to contact the KDC (or Active Directory)
if the KERBEROS service is selected within the query. 
> 
> This can be seen about every 15 seconds,  when the UI queries for the state of the services
in a Kerberized cluster using the following query:
> ```
> GET  /api/v1/clusters/{cluster_name}/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state&minimal_response=true
> ```
> 
> The result from this query does not contain the KDC connectivity attributes (which is
expected), yet the detail are obtained.  
> 
> This issue causes excess overhead in Ambari as well as on the relevant KDC or Active
Directory. Also the kdamin.log fills up with messages like:
> 
> ```
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:31:42 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:32:49 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:34:35 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:35:28 some-host-1 kadmind[2383](info): closing down fd 29
> ```
> 
> #Solution
> Only query for the KDC attributes when explicitly or implicitly queried. This can be
done by conditionally setting the relevant properties near `org/apache/ambari/server/controller/internal/ServiceResourceProvider.java:1394`
by inspecting the request for relevant identifiers using something like the following:
> 
> ```
> requestedIds.contains(propertyId) || isPropertyCategoryRequested(propertyId, requestedIds)
|| isPropertyEntryRequested(propertyId, requestedIds)
> ```
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BaseProvider.java
ca5e70e 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java
a13bbd3 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java
9ec1610 
> 
> Diff: https://reviews.apache.org/r/36581/diff/
> 
> 
> Testing
> -------
> 
> Manually tested using various query strings.
> 
> #Local test results:
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 46:16.723s
> [INFO] Finished at: Fri Jul 17 15:51:36 EDT 2015
> [INFO] Final Memory: 47M/724M
> [INFO] ------------------------------------------------------------------------
> 
> #Jenkins test results:
> 
> Tests run: 3121, Failures: 0, Errors: 0, Skipped: 28
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:28 h
> [INFO] Finished at: 2015-07-17T23:29:02+00:00
> [INFO] Final Memory: 46M/516M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message