ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-19187) Disable security hook
Date Fri, 23 Dec 2016 15:58:58 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-19187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15773163#comment-15773163
] 

Hudson commented on AMBARI-19187:
---------------------------------

FAILURE: Integrated in Jenkins build Ambari-branch-2.5 #582 (See [https://builds.apache.org/job/Ambari-branch-2.5/582/])
AMBARI-19187. Disable security hook. (Attila Magyar via stoader) (stoader: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=a12f05487993e2fcd9be1211af3df579cd9b1fab])
* (add) ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkAcl.java
* (edit) ambari-web/app/messages.js
* (add) ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkConnection.java
* (add) ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/metadata/ActionMetadata.java
* (edit) ambari-agent/pom.xml
* (edit) ambari-server/pom.xml
* (edit) ambari-common/src/main/python/resource_management/libraries/script/script.py
* (add) ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
* (edit) ambari-web/app/controllers/main/admin/kerberos/disable_controller.js
* (add) ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py


> Disable security hook
> ---------------------
>
>                 Key: AMBARI-19187
>                 URL: https://issues.apache.org/jira/browse/AMBARI-19187
>             Project: Ambari
>          Issue Type: New Feature
>          Components: ambari-agent, ambari-server
>    Affects Versions: 2.5.0
>            Reporter: Attila Magyar
>            Assignee: Attila Magyar
>             Fix For: 2.5.0
>
>         Attachments: AMBARI-19187_branch-2.5.patch, AMBARI-19187_trunk.patch
>
>
> Hadoop components need to establish a secure connection with ZooKeeper when Kerberos
is enabled. This involves the setup of the correct authentication (JAAS config file) and authorization
(per-component Kerberos-backed ACLs on the znodes) between the service and ZooKeeper. Most
services are able to set these ACLs based on their config when the user enable kerberos.
> When we disable kerberos again, the sasl ACL should be removed otherwise the services
won't be able to access their znodes.
> This issue is about introducing a new command (DISABLE_SECURITY) that will be sent by
the ambari server to the services upon the dekerberiztion process. When a service receives
this command it will be able to do the zookeeper secure to unsecure migration process (e.g.
removing sasl ACLs).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message