Re: Review Request 27064: Add Knox kerberos setup to the existing Ambari security capabilities

Thu, 23 Oct 2014 11:04:01 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27064/
-----------------------------------------------------------

(Updated Oct. 23, 2014, 6:03 p.m.)


Review request for Ambari, Mahadev Konar, Srimanth Gunturi, and Yusaku Sako.


Bugs: AMBARI-7799
    https://issues.apache.org/jira/browse/AMBARI-7799


Repository: ambari


Description
-------

Documentation for setting up Knox to use kerberos can be found here:
http://knox.apache.org/books/knox-0-5-0/knox-0-5-0.html#Secure+Clusters
To summarize some of the things that need to be done besides the keytab 
creation:
1. the krb5 conf files need to be created and templated to work with the 
cluster setup.
2. gateway-site.xml needs to be modified to enable security and point to the 
krb5 conf files
3. Other services that Knox is configured to work with may also need some 
configuration changes. Specifically, core-site.xml, webhcat-site.xml and 
oozie-site.xml all need to be modified to setup Knox as a trusted proxy


Diffs (updated)
-----

  
ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/files/validateKnoxStatus.py
 PRE-CREATION 
  
ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/knox.py
 70f8b53 
  
ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/params.py
 978b60b 
  
ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/service_check.py
 1505ff3 
  
ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/templates/krb5JAASLogin.conf.j2
 PRE-CREATION 
  ambari-web/app/app.js c92e0ac 
  ambari-web/app/assets/test/tests.js 8682af3 
  ambari-web/app/controllers/main/admin/security.js d5dd543 
  ambari-web/app/controllers/main/admin/security/add/step2.js 531f101 
  ambari-web/app/controllers/main/admin/security/add/step3.js d967018 
  ambari-web/app/data/HDP2/secure_configs.js 421ba54 
  ambari-web/app/data/HDP2/secure_mapping.js 23a89e0 
  ambari-web/app/data/HDP2/secure_properties.js 9a1dfc6 
  ambari-web/app/data/secure_mapping.js c4bd6a4 
  ambari-web/app/messages.js e1c2aee 
  ambari-web/app/mixins/wizard/addSecurityConfigs.js 1defe9c 
  
ambari-web/test/controllers/main/admin/security/add/addSecurity_controller_test.js
 cd4f4a2 
  ambari-web/test/data/HDP2/secure_mapping_test.js a08d0cb 
  ambari-web/test/data/secure_mapping_test.js PRE-CREATION 

Diff: https://reviews.apache.org/r/27064/diff/


Testing
-------

tested e2e by securing a cluster.
After knox service check is executed
su ambari-qa -c 'klist' shows the smokeuser credentials implying ambari-qa 
kinits before executing smoke test.


Thanks,

Jaimin Jetly

Reply via email to