----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30805/#review71750 -----------------------------------------------------------
Ship it! Ship It! - John Speidel On Feb. 9, 2015, 8:21 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/30805/ > ----------------------------------------------------------- > > (Updated Feb. 9, 2015, 8:21 p.m.) > > > Review request for Ambari, John Speidel and Robert Nettleton. > > > Bugs: AMBARI-9439 > https://issues.apache.org/jira/browse/AMBARI-9439 > > > Repository: ambari > > > Description > ------- > > Do not validate host health or maintenance state when enabling Kerberos. > > The solution for is requires a set of database tables to maintain which > principals were created and to which host the keytabs have been distributed. > Using the persisted data on principals nad keytabs, only principals and > keytabs that have not been created are created and distributed. This ensures > that existing principals arent updated, requiring the need to genreate new > keytabs and redistribute them to hosts that were already properly configured. > > As a side-effect, this fixes (potential) issues when adding new hosts and > services to a previously Kerberized cluster. > > One part of the solution required and update to the Heartbeat handler to > capture a "responses" from the hosts indicating which keytabs were installed. > The data is then stored in the Ambari database for future reference. > > While implemening this solution at least (not fully discoved) bug was fixed. > This is realated to the Keberos client service check. Also, added a needed > feature to destroy previously created principals. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java > 80ef542 > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java > 3606199 > > ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosPrincipalDAO.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/orm/dao/KerberosPrincipalHostDAO.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosPrincipalEntity.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosPrincipalHostEntity.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/orm/entities/KerberosPrincipalHostEntityPK.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java > 1f6dc7f > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java > 0a9304b > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java > e2cb384 > > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog200.java > a83d26d > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 3e0d39e > ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 2c33b37 > ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ff42074 > ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql > 8f7a6ea > ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 7c72037 > ambari-server/src/main/resources/META-INF/persistence.xml 07bd67d > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py > 8e171c8 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py > 6af6d05 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py > c624dd5 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/status_params.py > PRE-CREATION > > ambari-server/src/test/java/org/apache/ambari/server/agent/HeartBeatHandlerInjectKeytabTest.java > d613669 > > ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java > 3140128 > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > 472178b > > ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog200Test.java > b935c29 > > Diff: https://reviews.apache.org/r/30805/diff/ > > > Testing > ------- > > Manually tested various scenarios in a test cluster: > > * enabling Kerberos while a host was done and then bringing the host back up > * adding a new host > * adding a new service > > #Jenkins test results: _PENDING_ > > > Thanks, > > Robert Levas > >
