----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/27064/#review58084 -----------------------------------------------------------
Ship it! Ship It! - Yusaku Sako On Oct. 23, 2014, 6:03 p.m., Jaimin Jetly wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/27064/ > ----------------------------------------------------------- > > (Updated Oct. 23, 2014, 6:03 p.m.) > > > Review request for Ambari, Mahadev Konar, Srimanth Gunturi, and Yusaku Sako. > > > Bugs: AMBARI-7799 > https://issues.apache.org/jira/browse/AMBARI-7799 > > > Repository: ambari > > > Description > ------- > > Documentation for setting up Knox to use kerberos can be found here: > http://knox.apache.org/books/knox-0-5-0/knox-0-5-0.html#Secure+Clusters > To summarize some of the things that need to be done besides the keytab > creation: > 1. the krb5 conf files need to be created and templated to work with the > cluster setup. > 2. gateway-site.xml needs to be modified to enable security and point to the > krb5 conf files > 3. Other services that Knox is configured to work with may also need some > configuration changes. Specifically, core-site.xml, webhcat-site.xml and > oozie-site.xml all need to be modified to setup Knox as a trusted proxy > > > Diffs > ----- > > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/files/validateKnoxStatus.py > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/knox.py > 70f8b53 > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/params.py > 978b60b > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/service_check.py > 1505ff3 > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/templates/krb5JAASLogin.conf.j2 > PRE-CREATION > ambari-web/app/app.js c92e0ac > ambari-web/app/assets/test/tests.js 8682af3 > ambari-web/app/controllers/main/admin/security.js d5dd543 > ambari-web/app/controllers/main/admin/security/add/step2.js 531f101 > ambari-web/app/controllers/main/admin/security/add/step3.js d967018 > ambari-web/app/data/HDP2/secure_configs.js 421ba54 > ambari-web/app/data/HDP2/secure_mapping.js 23a89e0 > ambari-web/app/data/HDP2/secure_properties.js 9a1dfc6 > ambari-web/app/data/secure_mapping.js c4bd6a4 > ambari-web/app/messages.js e1c2aee > ambari-web/app/mixins/wizard/addSecurityConfigs.js 1defe9c > > ambari-web/test/controllers/main/admin/security/add/addSecurity_controller_test.js > cd4f4a2 > ambari-web/test/data/HDP2/secure_mapping_test.js a08d0cb > ambari-web/test/data/secure_mapping_test.js PRE-CREATION > > Diff: https://reviews.apache.org/r/27064/diff/ > > > Testing > ------- > > tested e2e by securing a cluster. > After knox service check is executed > su ambari-qa -c 'klist' shows the smokeuser credentials implying ambari-qa > kinits before executing smoke test. > > > Thanks, > > Jaimin Jetly > >
