ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-12450) Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed
Date Tue, 21 Jul 2015 16:09:05 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-12450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14635309#comment-14635309
] 

Hudson commented on AMBARI-12450:
---------------------------------

SUCCESS: Integrated in Ambari-trunk-Commit #3140 (See [https://builds.apache.org/job/Ambari-trunk-Commit/3140/])
AMBARI-12450. Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed
(rlevas) (rlevas: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=78286e21aa35e13e05ecc3a552579c42842cc800)
* ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BaseProvider.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java


> Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-12450
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12450
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0, 2.0.1, 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos, rest_api
>             Fix For: 2.1.1
>
>         Attachments: AMBARI-12450_01.patch
>
>
> When querying for information about services installed in a Kerberized cluster via the
REST API, the ServiceResourceProvider always attempts to contact the KDC (or Active Directory)
if the KERBEROS service is selected within the query. 
> This can be seen about every 15 seconds,  when the UI queries for the state of the services
in a Kerberized cluster using the following query:
> {noformat}
> GET  /api/v1/clusters/{cluster_name}/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state&minimal_response=true
> {noformat}
> The result from this query does not contain the KDC connectivity attributes (which is
expected), yet the detail are obtained.  
> This issue causes excess overhead in Ambari as well as on the relevant KDC or Active
Directory. Also the kdamin.log fills up with messages like:
> {noformat:title=/var/log/kadmind.log}
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:31:42 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:32:49 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:34:35 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM,
success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM,
addr=10.240.70.128
> Jun 29 14:35:28 some-host-1 kadmind[2383](info): closing down fd 29
> {noformat}
> *Solution*
> Only query for the KDC attributes when explicitly or implicitly queried. This can be
done by conditionally setting the relevant properties near {{org/apache/ambari/server/controller/internal/ServiceResourceProvider.java:1394}}
by inspecting the request for relevant identifiers using something like the following:
> {code}
> requestedIds.contains(propertyId) || isPropertyCategoryRequested(propertyId, requestedIds);
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message