ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bolke de Bruin <bdbr...@gmail.com>
Subject Re: Review Request 44148: Add FreeIPA support to Ambari.
Date Mon, 29 Feb 2016 21:50:07 GMT


> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java,
line 438
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273817#file1273817line438>
> >
> >     Should this timeout be configurable?

Fixed in new version


> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java,
line 198
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273817#file1273817line198>
> >
> >     Provide the name of the script to indicate that this is IPA

Fixed in new version


> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java,
line 543
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273817#file1273817line543>
> >
> >     FYI, indentation on this file is 2 spaces.

Fixed in new version


> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java,
line 764
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273817#file1273817line764>
> >
> >     May want to log this.

In new version.


> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-web/app/controllers/main/admin/kerberos/step2_controller.js, line 257
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273825#file1273825line257>
> >
> >     Can we convert to lower
> 
> Bolke de Bruin wrote:
>     We can, but that is inconsistent with other options?

Ah you caught a bug actually it seems. Fixed that.


- Bolke


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review121285
-----------------------------------------------------------


On feb 29, 2016, 9:49 p.m., Bolke de Bruin wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
> 
> (Updated feb 29, 2016, 9:49 p.m.)
> 
> 
> Review request for Ambari and Robert Levas.
> 
> 
> Bugs: AMBARI-6432
>     https://issues.apache.org/jira/browse/AMBARI-6432
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA.
It requires ipa-admintools to be installed on the ambari host. In addition it either requires
wite access to the krbPasswordPassword attribute or a suitable password policy needs to be
in place (ipa pwpolicy).
> 
> It has been requested to have this implemented in several tickets.
> 
> To test.
> 
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable
(not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
be6edc9 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java
PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java
5b1372a 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
4cd050e 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java
bfd45b7 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
a03dea6 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
PRE-CREATION 
>   ambari-web/app/controllers/main/admin/kerberos.js c021c89 
>   ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed 
>   ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6 
>   ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c 
>   ambari-web/app/controllers/main/service/info/configs.js a22bb48 
>   ambari-web/app/data/HDP2/site_properties.js 3ea6c68 
>   ambari-web/app/messages.js 1cefce2 
>   ambari-web/app/views/common/controls_view.js d355ffe 
> 
> Diff: https://reviews.apache.org/r/44148/diff/
> 
> 
> Testing
> -------
> 
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
> 
> 
> Thanks,
> 
> Bolke de Bruin
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message