Robert Levas created AMBARI-8481:
------------------------------------
Summary: Flume service components should indicate security state
Key: AMBARI-8481
URL: https://issues.apache.org/jira/browse/AMBARI-8481
Project: Ambari
Issue Type: Improvement
Components: ambari-server, stacks
Affects Versions: 2.0.0
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.0.0
The Flume service components should indicate security state when queried by
Ambari Agent via STATUS_COMMAND. Each component should determine it's state as
follows:
h3. FLUME_HANDLER
h4. Indicators
* Command JSON
** config\['configurations']\['cluster-env']\['security_enabled']
*** = “true”
* Configuration File: /etc/flume/conf/*/flume.conf
** agent.sinks.sink-*.hdfs.kerberosKeytab
*** not empty
*** path exists and is readable
*** required
** agent.sinks.sink-1.hdfs.kerberosPrincipal
*** not empty
*** required
h4. Pseudocode
{code}
if indicators imply security is on and validate
if kinit(flume principal) succeeds
state = SECURED_KERBEROS
else
state = ERROR
else
state = UNSECURED
{code}
_*Note*_: Due to the _cost_ of calling {{kinit}} results should be cached for a
period of time before retrying. This may be an issue depending on the
frequency of the heartbeat timeout.
_*Note*_: It is possible that multiple sinks may spread out into different
_command target_ flume.conf files (in /etc/flume/conf/<command target
dir>/flume.conf)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
