[
https://issues.apache.org/jira/browse/AMBARI-8166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14234857#comment-14234857
]
Rishi Pidva commented on AMBARI-8166:
-------------------------------------
There are 2 checks mentioned here.
- One from Ambari Server where you will do connectivity check (and potentially
credential check).
- Second from Cluster hosts (in Ambari agent) where you will do connectivity
check.
My understanding is Ambari server validates that Server can reach out to KDC
and do any administrative actions it needs to perform on KDC/AD with the
provided credentials. The agent checks are to ensure that there are no
connection issues between cluster host and KDC server as it has to reach out to
KDC server for cluster operation.
Are we saying check in agent is not necessary and we will assume (pretty safe,
in my opinion) that if Ambari Server can reach KDC (IP/hostname + port), then
so can all the cluster nodes?
> Implement custom command for checking connectivity to KDC, via REST API
> -----------------------------------------------------------------------
>
> Key: AMBARI-8166
> URL: https://issues.apache.org/jira/browse/AMBARI-8166
> Project: Ambari
> Issue Type: New Feature
> Components: ambari-agent, ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Rishi Pidva
> Labels: connectivity_, kdc, kerberos
> Attachments: Screen Shot 2014-11-04 at 11.16.41 PM.png
>
>
> There needs to be a way, given the details about a KDC to verify that Ambari
> and (optionally) the nodes in the existing cluster can connect to it.
> From the cluster hosts, this test should test that the address and port
> combinations are reachable.
> From the Ambari server, this test should make sure the administrator
> credentials allow at least read access to the KDC.
> As an example of a similar action, see how Oozie does this for DB check pre
> install.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
