ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 37690: Adding host via blueprint fails on secure cluster
Date Wed, 02 Sep 2015 00:28:02 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/
-----------------------------------------------------------

(Updated Sept. 1, 2015, 8:27 p.m.)


Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.


Bugs: AMBARI-12772
    https://issues.apache.org/jira/browse/AMBARI-12772


Repository: ambari


Description
-------

#STR
Install cluster via blueprints
Enable Kerberos security
Add host via blueprints

#Result
Adding hosts freeze forever
In ambari-server.log:
```
The KDC administrator credentials must be set in session by updating the relevant Cluster
resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry
point with the following payload:
{
  "session_attributes" : {
    "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
  }
```
#Cause
This is caused because the KDC administrative credentials are not available when needed during
the add host process.  If set in the HTTP session, the credentials are not accessible since
the Kerberos logic is executed outside the scope of that HTTP session.  

#Solution
Store the KDC credentials to a _more secure_ global credential store that is accessible no
matter what the context is.  This storage facility is in-memory and has a retention period
of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService
classes to allow for file-based and in-memory implementations. It also paves the way for future
changes to allow for the KDC administrative credentials to be persisted indefinitely.

*Note:* This patch is rather large due to refactoring the CredentialStoreService and releated
classes in an effort to make way for future features related to storing sensitive data.


Diffs (updated)
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
6d98c01 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca

  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
708d267 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java
8351a99 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java
8ea7ca2 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
d93faec 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java
PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
219c14b 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java
19997e7 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
425aa06 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
389f1b8 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
d3e3fa4 
  ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
2a1ac3c 
  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
5d84fbc 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
51f2220 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java
0652a52 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java
993601b 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
9ad3da6 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java
305b122 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
44a68ae 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
8fc5325 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
8c096b0 

Diff: https://reviews.apache.org/r/37690/diff/


Testing
-------

Manually tested the following on trunk and branch-2.1:  
- backwards compatibailiy with storing and retrieving the master key and key store data
- adding a host on a non-kerberized cluster
- adding a host on a kerberized cluster
- credential retention timeout

#Local test results:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 49:19.549s
[INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
[INFO] Final Memory: 66M/1436M
[INFO] ------------------------------------------------------------------------


Thanks,

Robert Levas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message