ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alejandro Fernandez <afernan...@hortonworks.com>
Subject Re: Review Request 44148: Add FreeIPA support to Ambari.
Date Mon, 07 Mar 2016 21:00:26 GMT


> On March 7, 2016, 6:22 p.m., Alejandro Fernandez wrote:
> > ambari-web/app/controllers/main/admin/kerberos.js, line 35
> > <https://reviews.apache.org/r/44148/diff/8/?file=1282155#file1282155line35>
> >
> >     Do you plan on adding an #experimental flag that can be used to enable FreeIPA?
> >     
> >     This will have to undergo testing so I want to make sure it's visible after
it has been fully vetted.
> >     
> >     Thank you
> 
> Bolke de Bruin wrote:
>     Understood. However, here my understanding of ambari's internals limits me and I
could use some help. Is the #experimental flag a css identifier or something else? I.e. what
do I need to do?

Yusaku Sako, Jaimin Jetly, or Richard Zang can chime in here on how to add an experimental
flag.
I'm ok with adding it as a follow-up patch.


- Alejandro


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review122324
-----------------------------------------------------------


On March 6, 2016, 11:35 a.m., Bolke de Bruin wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
> 
> (Updated March 6, 2016, 11:35 a.m.)
> 
> 
> Review request for Ambari, Jaimin Jetly, Robert Levas, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-6432
>     https://issues.apache.org/jira/browse/AMBARI-6432
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA.
It requires ipa-admintools to be installed on the ambari host. In addition it either requires
wite access to the krbPasswordPassword attribute or a suitable password policy needs to be
in place (ipa pwpolicy).
> 
> It has been requested to have this implemented in several tickets.
> 
> To test.
> 
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable
(not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
be6edc9 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java
PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java
5b1372a 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
4cd050e 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java
bfd45b7 
>   ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java 947b336

>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
a03dea6 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
PRE-CREATION 
>   ambari-web/app/controllers/main/admin/kerberos.js c021c89 
>   ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed 
>   ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6 
>   ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c 
>   ambari-web/app/controllers/main/service/info/configs.js a22bb48 
>   ambari-web/app/data/HDP2/site_properties.js 5ad24fc 
>   ambari-web/app/messages.js a74c5bc 
>   ambari-web/app/views/common/controls_view.js d355ffe 
> 
> Diff: https://reviews.apache.org/r/44148/diff/
> 
> 
> Testing
> -------
> 
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
> 
> 
> Thanks,
> 
> Bolke de Bruin
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message