Return-Path: X-Original-To: apmail-ambari-dev-archive@www.apache.org Delivered-To: apmail-ambari-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id ACEA618350 for ; Mon, 29 Feb 2016 18:57:58 +0000 (UTC) Received: (qmail 91196 invoked by uid 500); 29 Feb 2016 18:57:36 -0000 Delivered-To: apmail-ambari-dev-archive@ambari.apache.org Received: (qmail 91162 invoked by uid 500); 29 Feb 2016 18:57:36 -0000 Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list dev@ambari.apache.org Received: (qmail 91149 invoked by uid 99); 29 Feb 2016 18:57:36 -0000 Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Feb 2016 18:57:36 +0000 Received: from reviews.apache.org (localhost [127.0.0.1]) by reviews.apache.org (Postfix) with ESMTP id 1C7562E6DAA; Mon, 29 Feb 2016 18:57:34 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============6962591706357443346==" MIME-Version: 1.0 Subject: Re: Review Request 44148: Add FreeIPA support to Ambari. From: Alejandro Fernandez To: Ambari , Alejandro Fernandez , Bolke de Bruin Date: Mon, 29 Feb 2016 18:57:34 -0000 Message-ID: <20160229185734.6191.19093@reviews.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: Alejandro Fernandez X-ReviewGroup: Ambari X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/44148/ X-Sender: Alejandro Fernandez References: <20160229100908.26940.50021@reviews.apache.org> In-Reply-To: <20160229100908.26940.50021@reviews.apache.org> X-ReviewBoard-Diff-For: ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java X-ReviewBoard-Diff-For: ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java Reply-To: Alejandro Fernandez X-ReviewRequest-Repository: ambari --===============6962591706357443346== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44148/#review121288 ----------------------------------------------------------- Please ensure Robert Levas has taken a look at the code review. Thank you for adding IPA. - Alejandro Fernandez On Feb. 29, 2016, 10:09 a.m., Bolke de Bruin wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44148/ > ----------------------------------------------------------- > > (Updated Feb. 29, 2016, 10:09 a.m.) > > > Review request for Ambari. > > > Bugs: AMBARI-6432 > https://issues.apache.org/jira/browse/AMBARI-6432 > > > Repository: ambari > > > Description > ------- > > FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy). > > It has been requested to have this implemented in several tickets. > > To test. > > * Have a working IPA server available > * Create a group "ambari-managed-principals" (configurable) > * Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing) > * Enroll all hosts into ipa > * make sure the ipa-admintools are available on the ambari host > > > Diffs > ----- > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9 > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7 > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6 > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION > ambari-web/app/controllers/main/admin/kerberos.js c021c89 > ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed > ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6 > ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c > ambari-web/app/controllers/main/service/info/configs.js a22bb48 > ambari-web/app/data/HDP2/site_properties.js 3ea6c68 > ambari-web/app/messages.js 1cefce2 > ambari-web/app/views/common/controls_view.js d355ffe > > Diff: https://reviews.apache.org/r/44148/diff/ > > > Testing > ------- > > FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization. > > > Thanks, > > Bolke de Bruin > > --===============6962591706357443346==--