----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31738/#review75225 -----------------------------------------------------------
Ship it! Ship It! - Robert Nettleton On March 4, 2015, 7:26 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/31738/ > ----------------------------------------------------------- > > (Updated March 4, 2015, 7:26 p.m.) > > > Review request for Ambari, Emil Anca, Eugene Chekanskiy, John Speidel, and > Robert Nettleton. > > > Bugs: AMBARI-9917 > https://issues.apache.org/jira/browse/AMBARI-9917 > > > Repository: ambari > > > Description > ------- > > 1) using build 440 > 2) three node cluster, hdfs, yarn, mr, tez, hive, zk, pig, ams > 3) setup nnha, rmha > 4) enabled kerb > 5) all is good > 6) added second hive metastore > 7) added second hiveserver2 > 8) all is good > 9) added host with DN and clients > 10) keytabs are not created on the new host. i was not prompted for kdc > creds. basically, i did 1-9 all in one shot, never logging out. > > As a workaround 1: > - Attempted to regen keytabs, with "missing only" checkbox checked. it looks > like it remade all principals and keytabs for the cluster but didn't > distribute the keytabs. That is concerning that this might be an additional > issue for another JIRA maybe. Anycase: didn't result in getting keytabs on my > new host. > > As a workaround 2: > - Attempted regen keytabs all. Made all princs and keytabs and distributed > for cluster hosts except my new host. So no lock here either. > > # Solution > Force the Kerberos logic to not prune out hosts that _will_ have the Kerberos > Client installed and in the approperiate state to receive requests. This > scenarion only occurs when a new host is being added and the components > (including the KERBEROS_CLIENT) are being mass installed and initialized. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java > ac91377 > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java > c4a5f4f > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > 8e1c0e8 > > Diff: https://reviews.apache.org/r/31738/diff/ > > > Testing > ------- > > Manually tested in test cluster verifying the following scenarios all work: > - adding hosts, adding services (in varioius orders) > - bringing a host up after being down before enabling Kerberos > -- regenerating keytabs before _fixing_ the Kerberos client > -- regenerating missing keytabs before _fixing_ the Kerberos client > -- regenerating keytabs after _fixing_ the Kerberos client > -- regenerating missing keytabs after _fixing_ the Kerberos client > > > # Local unit tests: PASSED > > #Jenkins test results: PENDING (issues with Jenkins build) > > > Thanks, > > Robert Levas > >
