[
https://issues.apache.org/jira/browse/AMBARI-9385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-9385:
---------------------------------
Attachment: AMBARI-9385_01.patch
* Added the ability to handle directives related to updating a cluster
resources with the security_type of KERBEROS.
* Handles directive {{regenerate_keytabs}} to regenerate keytabs on an
previously Kerberized cluster
Patch File [^AMBARI-9385_01.patch]
> Implement Keytab regeneration
> -----------------------------
>
> Key: AMBARI-9385
> URL: https://issues.apache.org/jira/browse/AMBARI-9385
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: kerberos, keytabs
> Fix For: 2.0.0
>
> Attachments: AMBARI-9385_01.patch
>
>
> Create API entry point to initiate Kerberos keytab regeneration for the
> cluster:
> {code}
> PUT /api/v1/clusters/{clustername}?kerberos_regenerate_keytabs="true"
> {code}
> The entry point should invoke code to determine which principals need to be
> updated and then generate the following stages:
> # Update Principal Passwords
> # Generate Keytabs
> # Distribute Keytab
> This could be done in a method within
> {{org.apache.ambari.server.controller.KerberosHelper}} named
> {{regenerateKeytabs}} and flow similarly to
> {{org.apache.ambari.server.controller.KerberosHelper#toggleKerberos}}
> A Server-side action implementation already exists for generating keytabs -
> see
> {{org.apache.ambari.server.serveraction.kerberos.CreateKeytabFilesServerAction}}.
> A process is already in place to distribute keytabs -
> {{org/apache/ambari/server/controller/KerberosHelper.java:1192}}
> A new Server-side action _may_ need to be created to update relavant
> principal passwords, however
> {{org.apache.ambari.server.serveraction.kerberos.CreatePrincipalsServerAction}}
> may work for this, unaltered.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
