-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30805/
-----------------------------------------------------------
Review request for Ambari, John Speidel and Robert Nettleton.
Bugs: AMBARI-9439
https://issues.apache.org/jira/browse/AMBARI-9439
Repository: ambari
Description
-------
Do not validate host health or maintenance state when enabling Kerberos.
The solution for is requires a set of database tables to maintain which
principals were created and to which host the keytabs have been distributed.
Using the persisted data on principals nad keytabs, only principals and keytabs
that have not been created are created and distributed. This ensures that
existing principals arent updated, requiring the need to genreate new keytabs
and redistribute them to hosts that were already properly configured.
As a side-effect, this fixes (potential) issues when adding new hosts and
services to a previously Kerberized cluster.
One part of the solution required and update to the Heartbeat handler to
capture a "responses" from the hosts indicating which keytabs were installed.
The data is then stored in the Ambari database for future reference.
While implemening this solution at least (not fully discoved) bug was fixed.
This is realated to the Keberos client service check. Also, added a needed
feature to destroy previously created principals.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java
80ef542
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
3606199
ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosPrincipalDAO.java
PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosPrincipalHostDAO.java
PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosPrincipalEntity.java
PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosPrincipalHostEntity.java
PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosPrincipalHostEntityPK.java
PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
1f6dc7f
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
0a9304b
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
e2cb384
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog200.java
a83d26d
ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 3e0d39e
ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 2c33b37
ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ff42074
ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
8f7a6ea
ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 7c72037
ambari-server/src/main/resources/META-INF/persistence.xml 07bd67d
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
8e171c8
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
6af6d05
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
c624dd5
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/status_params.py
PRE-CREATION
ambari-server/src/test/java/org/apache/ambari/server/agent/HeartBeatHandlerInjectKeytabTest.java
d613669
ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
3140128
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
472178b
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog200Test.java
b935c29
Diff: https://reviews.apache.org/r/30805/diff/
Testing
-------
Manually tested various scenarios in a test cluster:
* enabling Kerberos while a host was done and then bringing the host back up
* adding a new host
* adding a new service
#Jenkins test results: _PENDING_
Thanks,
Robert Levas
