ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 37690: Adding host via blueprint fails on secure cluster
Date Sat, 29 Aug 2015 11:07:37 GMT


> On Aug. 24, 2015, 9:22 a.m., Jonathan Hurley wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java,
line 225
> > <https://reviews.apache.org/r/37690/diff/1/?file=1047803#file1047803line225>
> >
> >     Should this be injected?

It could be, but this is really only temporary.  Eventually, we will be allowing a user to
select whether the KDC administrative credentials are stored in a temporary store like this
or perminately in Ambari's file-based credentials store.


> On Aug. 24, 2015, 9:22 a.m., Jonathan Hurley wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java,
lines 958-974
> > <https://reviews.apache.org/r/37690/diff/1/?file=1047803#file1047803line958>
> >
> >     Instead of using a separate timer and single-threaded executor, could you use
a Guice Cache that auto expires after the set amount of time? This would also let you vary
the amount of time each entry lives in the store.

I like that idea... I am looking into implementing this now. Thanks!


> On Aug. 24, 2015, 9:22 a.m., Jonathan Hurley wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java,
line 41
> > <https://reviews.apache.org/r/37690/diff/1/?file=1047807#file1047807line41>
> >
> >     Should this be configurable, exposed by Configuration?

This is leftover from the original implementation. I was trying to change as little as possible
but allow for more flexability.


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/#review96142
-----------------------------------------------------------


On Aug. 21, 2015, 4:07 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37690/
> -----------------------------------------------------------
> 
> (Updated Aug. 21, 2015, 4:07 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.
> 
> 
> Bugs: AMBARI-12772
>     https://issues.apache.org/jira/browse/AMBARI-12772
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> #STR
> Install cluster via blueprints
> Enable Kerberos security
> Add host via blueprints
> 
> #Result
> Adding hosts freeze forever
> In ambari-server.log:
> ```
> The KDC administrator credentials must be set in session by updating the relevant Cluster
resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry
point with the following payload:
> {
>   "session_attributes" : {
>     "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
>   }
> ```
> #Cause
> This is caused because the KDC administrative credentials are not available when needed
during the add host process.  If set in the HTTP session, the credentials are not accessible
since the Kerberos logic is executed outside the scope of that HTTP session.  
> 
> #Solution
> Store the KDC credentials to a _more secure_ global credential store that is accessible
no matter what the context is.  This storage facility is in-memory and has a retention period
of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService
classes to allow for file-based and in-memory implementations. It also paves the way for future
changes to allow for the KDC administrative credentials to be persisted indefinitely.
> 
> *Note:* This patch is rather large due to refactoring the CredentialStoreService and
releated classes in an effort to make way for future features related to storing sensitive
data.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
ef6fc58 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
cb9e6ca 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
708d267 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java
8351a99 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java
8ea7ca2 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
d93faec 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java
PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
219c14b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java
19997e7 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
425aa06 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
389f1b8 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
d3e3fa4 
>   ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
2a1ac3c 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
5d84fbc 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
51f2220 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java
0652a52 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java
993601b 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
9ad3da6 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java
305b122 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
44a68ae 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
8fc5325 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
8c096b0 
> 
> Diff: https://reviews.apache.org/r/37690/diff/
> 
> 
> Testing
> -------
> 
> Manually tested the following on trunk and branch-2.1:  
> - backwards compatibailiy with storing and retrieving the master key and key store data
> - adding a host on a non-kerberized cluster
> - adding a host on a kerberized cluster
> - credential retention timeout
> 
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 49:19.549s
> [INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
> [INFO] Final Memory: 66M/1436M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message