ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vitalyi Brodetskyi" <vbrodets...@hortonworks.com>
Subject Re: Review Request 40190: Ambari doesn't let user specify Active Directory LDAP configs when using HS2
Date Thu, 12 Nov 2015 15:53:23 GMT


> On Лис. 12, 2015, 3:31 після полудня, Sumit Mohanty wrote:
> > ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml,
line 1748
> > <https://reviews.apache.org/r/40190/diff/2/?file=1124253#file1124253line1748>
> >
> >     Is the DONT_ADD_ON_UPGRADE a directive for Stack upgrade or Ambari upgrade?

This property affects ambari upgrade 100%, i've tested that. About RU, i dont know. I decided
to create related jira(for current changes) for RU side, because i don't know how it works
there.


> On Лис. 12, 2015, 3:31 після полудня, Sumit Mohanty wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java,
line 1599
> > <https://reviews.apache.org/r/40190/diff/2/?file=1124252#file1124252line1599>
> >
> >     I am not sure if this change is needed. For example, remove is actually correct.
In fact we might as well remove the other ldap related property. As far as adding properties
are concerned, what happens if the property is already there with some value. Do we overwrite
it?

I will describe you how my changes will work and what cases i've tested:
1) I've removed adding/removing baseDN property from UpgradeCatalog210.java. So, during upgrade
it will not be added/removed. If user had this property, then it will stay as it was. If user
didn't have this property it will not be added even if hiveserver2 authentication property
value = LDAP. One more, during ambari upgrade we are calling method addNewConfigurationsFromXml()
which is adding all new properties, but in our case baseDN property will not be added because
of "DONT_ADD_ON_UPGRADE". I've tested this case.
2) I've removed adding/removing baseDN property from stack advisor 2.2. After this changes
baseDN will not be added/removed automatically, only user can add/remove it. Tested this too.


- Vitalyi


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40190/#review106252
-----------------------------------------------------------


On Лис. 12, 2015, 2:51 після полудня, Vitalyi Brodetskyi wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40190/
> -----------------------------------------------------------
> 
> (Updated Лис. 12, 2015, 2:51 після полудня)
> 
> 
> Review request for Ambari, Dmytro Sen and Sumit Mohanty.
> 
> 
> Bugs: AMBARI-13837
>     https://issues.apache.org/jira/browse/AMBARI-13837
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> HS2 supports LDAP authentication. LDAP could be either Active Directory (AD) or others.
For non-AD LDAP, HS2 needs hive.server2.authentication.ldap.url and hive.server2.authentication.ldap.baseDN
to be set. For AD LDAP, HS2 needs hive.server2.authentication.ldap.url and hive.server2.authentication.ldap.Domain
to be set. However, when using Ambari, when we set hive.server2.authentication to LDAP, it
always requires hive.server2.authentication.ldap.baseDN to be set. This prevents users from
specifying the AD LDAP configs.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java
ac5df7c 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml
f986800 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py 5ea3115 
>   ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py c7e8ebd 
>   ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py 6b9dcd5 
>   ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py a1114fc 
> 
> Diff: https://reviews.apache.org/r/40190/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Vitalyi Brodetskyi
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message