-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31810/
-----------------------------------------------------------
Review request for Ambari, Emil Anca, Jaimin Jetly, John Speidel, Robert
Nettleton, Sumit Mohanty, and Vitalyi Brodetskyi.
Bugs: AMBARI-9937
https://issues.apache.org/jira/browse/AMBARI-9937
Repository: ambari
Description
-------
It should be possible to deploy Ambari on a host that does not include any
other services.
The primary issue is that Ambari needs to be able to distribute keytabs to
other hosts even if Ambari-Server is not running on a host with services that
would otherwise have forced the Ambari-Server to be included in the keytab
distribution process.
To be clear, the following use case should be supported:
- The Ambari-Server is deployed on a host with no other services
-- Other services are deployed on hosts separate from Ambari-Server
- addHost should be possible
#Solution:
- Added kerberos.keytab.cache.dir to ambari.properties
- Added kerberos.keytab.cache.dir and default value (via erberosKeytabCacheDir
property) to org.apache.ambari.server.configuration.Configuration
- Added "cachable" value to Kerberos keytab descriptor (default = true) to mark
a keytab as being cachable or not
- Updated
org.apache.ambari.server.serveraction.kerberos.CreateKeytabFilesServerAction to
add to or use from the keytab cache as necessary
- Added explicit server specification in kadmin call to help with scenarios
where the krb5.conf file isn't configured on the Ambari server
- Moved kdc_host and admin_server_host configuration properties from krb5-conf
to kerberos-env
- Simplified krb5-conf by removing unnecessary properties that can be set in
the template
Diffs
-----
ambari-server/conf/unix/ambari.properties ec51278
ambari-server/conf/windows/ambari.properties ff69f67
ambari-server/pom.xml 2bbb0ee
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
c5595e6
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
e01d38d
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java
6ea33b0
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
caf8c78
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFile.java
40b3353
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileBuilder.java
8888f82
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
b62f6f9
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
fc1729b
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
0b9227f
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosKeytabDescriptor.java
59e6104
ambari-server/src/main/python/ambari_server/serverConfiguration.py 9dfda01
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
15a39d9
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
02d78b8
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/metainfo.xml
fd7c229
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
3ccbc3e
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
0d915ba
ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kerberos-env.xml
PRE-CREATION
ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/krb5-conf.xml
43050bd
ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/params.py
31e4134
ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/krb5_conf.j2
0d915ba
ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
03d3a91
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
d766d8c
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
2da692e
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileTest.java
25c7be7
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
e1d5fce
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
0b34a77
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
045cfbe
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
6bb59c5
ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py ecf7853
ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade-hdfs-secure.json
b4e3c59
ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade.json
96d31b0
ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json
d23c908
ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json
19ef81f
ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json
f72be07
ambari-web/app/assets/data/wizard/stack/hdp/version2.0.1/KERBEROS.json
b34c7b4
ambari-web/app/data/HDP2/site_properties.js d6bb14b
Diff: https://reviews.apache.org/r/31810/diff/
Testing
-------
Manually tested in test clusters
#Local Test: PENDING
#Jenkins test results: PENDING (issues with system)
Thanks,
Robert Levas
