Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@ambari.apache.org
Date: Tue, 21 Jul 2015 16:09:05 +0000 (UTC)
From: "Hudson (JIRA)" <jira@apache.org>
To: dev@ambari.apache.org
Message-ID: <JIRA.12845909.1437147229000.244853.1437494945735@Atlassian.JIRA>
In-Reply-To: <JIRA.12845909.1437147229000@Atlassian.JIRA>
References: <JIRA.12845909.1437147229000@Atlassian.JIRA>
 <JIRA.12845909.1437147229295@arcas>
Subject: [jira] [Commented] (AMBARI-12450) Kerberos: ServiceResourceProvider
 queries for KDC connectivity when not needed
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/AMBARI-12450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14635309#comment-14635309 ] 

Hudson commented on AMBARI-12450:
---------------------------------

SUCCESS: Integrated in Ambari-trunk-Commit #3140 (See [https://builds.apache.org/job/Ambari-trunk-Commit/3140/])
AMBARI-12450. Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed (rlevas) (rlevas: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=78286e21aa35e13e05ecc3a552579c42842cc800)
* ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BaseProvider.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java


> Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-12450
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12450
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0, 2.0.1, 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos, rest_api
>             Fix For: 2.1.1
>
>         Attachments: AMBARI-12450_01.patch
>
>
> When querying for information about services installed in a Kerberized cluster via the REST API, the ServiceResourceProvider always attempts to contact the KDC (or Active Directory) if the KERBEROS service is selected within the query. 
> This can be seen about every 15 seconds,  when the UI queries for the state of the services in a Kerberized cluster using the following query:
> {noformat}
> GET  /api/v1/clusters/{cluster_name}/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state&minimal_response=true
> {noformat}
> The result from this query does not contain the KDC connectivity attributes (which is expected), yet the detail are obtained.  
> This issue causes excess overhead in Ambari as well as on the relevant KDC or Active Directory. Also the kdamin.log fills up with messages like:
> {noformat:title=/var/log/kadmind.log}
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128
> Jun 29 14:31:42 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128
> Jun 29 14:32:49 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128
> Jun 29 14:34:35 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_init, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_get_principal, admin/admin@EXAMPLE.COM, success, client=admin/admin@EXAMPLE.COM, service=kadmin/some-host-1.c.pramod-thangali.internal@EXAMPLE.COM, addr=10.240.70.128
> Jun 29 14:35:28 some-host-1 kadmind[2383](info): closing down fd 29
> {noformat}
> *Solution*
> Only query for the KDC attributes when explicitly or implicitly queried. This can be done by conditionally setting the relevant properties near {{org/apache/ambari/server/controller/internal/ServiceResourceProvider.java:1394}} by inspecting the request for relevant identifiers using something like the following:
> {code}
> requestedIds.contains(propertyId) || isPropertyCategoryRequested(propertyId, requestedIds);
> {code}


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)