ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bolke de Bruin <bdbr...@gmail.com>
Subject Re: Review Request 44148: Add FreeIPA support to Ambari.
Date Wed, 02 Mar 2016 18:48:38 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/
-----------------------------------------------------------

(Updated mrt 2, 2016, 6:48 p.m.)


Review request for Ambari, Jaimin Jetly, Robert Levas, and Yusaku Sako.


Changes
-------

Comments addressed (also from JIRA).


Bugs: AMBARI-6432
    https://issues.apache.org/jira/browse/AMBARI-6432


Repository: ambari


Description
-------

FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA.
It requires ipa-admintools to be installed on the ambari host. In addition it either requires
wite access to the krbPasswordPassword attribute or a suitable password policy needs to be
in place (ipa pwpolicy).

It has been requested to have this implemented in several tickets.

To test.

* Have a working IPA server available
* Create a group "ambari-managed-principals" (configurable)
* Create a password policy for this group or make the krb5PasswordExpiry attribute writable
(not per se required for testing)
* Enroll all hosts into ipa
* make sure the ipa-admintools are available on the ambari host


Diffs (updated)
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
be6edc9 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java
PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java
5b1372a 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
4cd050e 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java
bfd45b7 
  ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java 947b336

  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
a03dea6 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
PRE-CREATION 
  ambari-web/app/controllers/main/admin/kerberos.js c021c89 
  ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed 
  ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6 
  ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c 
  ambari-web/app/controllers/main/service/info/configs.js a22bb48 
  ambari-web/app/data/HDP2/site_properties.js 5ad24fc 
  ambari-web/app/messages.js a74c5bc 
  ambari-web/app/views/common/controls_view.js d355ffe 

Diff: https://reviews.apache.org/r/44148/diff/


Testing
-------

FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.


Thanks,

Bolke de Bruin


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message