> On Oct. 29, 2014, 4:33 p.m., Jaimin Jetly wrote: > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_server.py, > > line 73 > > <https://reviews.apache.org/r/27206/diff/2/?file=734109#file734109line73> > > > > start command on KDC service component should also call > > self.configure(env) function to support reconfiguration scenario. > > > > Otherwise once kerberos is installed and after that if krb5-conf or > > kdc-conf configurations are changed in the Ambari and kerberos is > > restarted, the config change will never occur on the KDC host in the actual > > files > > Robert Levas wrote: > Is this typical behavior or just special for the Kerberos service? > > Jaimin Jetly wrote: > This is a typical behavior for any service in the stack. All services > support reconfiguration. So when a start task for a service component is > received at the agent, first service's configuration are updated and then > service component is started. If we browse through python script of any > existing service's master/slave component in the stack, it's start function > will be calling configure function.
I updated the service definition to support this and all my tests appeared to work fine. However, changing the configration of the Kerberos infrastrucutre is dangerous since existing keytabs may become invalid. For example if the realm name(s) are changed. As of my lastest patch, I think that I have covered all open issues. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/27206/#review59041 ----------------------------------------------------------- On Oct. 30, 2014, 10:09 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/27206/ > ----------------------------------------------------------- > > (Updated Oct. 30, 2014, 10:09 p.m.) > > > Review request for Ambari, Jaimin Jetly, John Speidel, Nate Cole, and Yusaku > Sako. > > > Bugs: AMBARI-7448 > https://issues.apache.org/jira/browse/AMBARI-7448 > > > Repository: ambari > > > Description > ------- > > Create a service to manage the (optional) Kerberos server (managed KDC) and > client components in the HDP 2.2 stack. > > See [Ambari Cluster Kerberization Technical > Document](https://issues.apache.org/jira/secure/attachment/12671235/AmbariClusterKerberization.pdf) > for more information. > > > Diffs > ----- > > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/configuration/kdc-conf.xml > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/configuration/krb5-conf.xml > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/configuration/realms-conf.xml > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/metainfo.xml > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_client.py > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_common.py > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_server.py > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/params.py > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/utils.py > PRE-CREATION > > ambari-server/src/test/java/org/apache/ambari/server/api/services/KerberosServiceMetaInfoTest.java > PRE-CREATION > ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py > PRE-CREATION > ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_server.py > PRE-CREATION > ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py PRE-CREATION > > Diff: https://reviews.apache.org/r/27206/diff/ > > > Testing > ------- > > Added new unit test - > `org.apache.ambari.server.api.services.KerberosServiceMetaInfoTest` > > > Thanks, > > Robert Levas > >
