ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-12450) Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed
Date Fri, 17 Jul 2015 23:29:05 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-12450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14632099#comment-14632099
] 

Hadoop QA commented on AMBARI-12450:
------------------------------------

{color:green}+1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12745877/AMBARI-12450_01.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 1 new or modified
test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in ambari-server.

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/3418//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/3418//console

This message is automatically generated.

> Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-12450
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12450
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0, 2.0.1, 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos, rest_api
>             Fix For: 2.1.1
>
>         Attachments: AMBARI-12450_01.patch
>
>
> When querying for information about services installed in a Kerberized cluster via the
REST API, the ServiceResourceProvider always attempts to contact the KDC (or Active Directory)
if the KERBEROS service is selected within the query. 
> This can be seen about every 15 seconds,  when the UI queries for the state of the services
in a Kerberized cluster using the following query:
> {noformat}
> GET  /api/v1/clusters/{cluster_name}/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state&minimal_response=true
> {noformat}
> The result from this query does not contain the KDC connectivity attributes (which is
expected), yet the detail are obtained.  
> This issue causes excess overhead in Ambari as well as on the relevant KDC or Active
Directory. Also the kdamin.log fills up with messages like:
> {noformat:title=/var/log/kadmind.log}
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:31:42 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:32:49 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:34:35 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:35:28 some-host-1 kadmind[2383](info): closing down fd 29
> {noformat}
> *Solution*
> Only query for the KDC attributes when explicitly or implicitly queried. This can be
done by conditionally setting the relevant properties near {{org/apache/ambari/server/controller/internal/ServiceResourceProvider.java:1394}}
by inspecting the request for relevant identifiers using something like the following:
> {code}
> requestedIds.contains(propertyId) || isPropertyCategoryRequested(propertyId, requestedIds);
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message