> On March 9, 2015, 11:47 a.m., John Speidel wrote: > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java, > > line 670 > > <https://reviews.apache.org/r/31810/diff/1/?file=887673#file887673line670> > > > > Completely unrelated to this transaction but I am curious about why > > this method is marked with the @Transactional annotation.
I was under the impression that this method needed to be marked as `@Transactional` since I was calling the following methods: * org.apache.ambari.server.state.ServiceComponentHost#setSecurityState * org.apache.ambari.server.state.Service#setSecurityState Both of these methods lead to updating the database, ideally rolling back if there is an issue. > On March 9, 2015, 11:47 a.m., John Speidel wrote: > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java, > > line 339 > > <https://reviews.apache.org/r/31810/diff/1/?file=887674#file887674line339> > > > > in what cases is exception thrown? Error cases... ;) I will update the doc. > On March 9, 2015, 11:47 a.m., John Speidel wrote: > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java, > > line 386 > > <https://reviews.apache.org/r/31810/diff/1/?file=887674#file887674line386> > > > > is it valid to pass in a null file? Origianlly this was going to be a utility method that didn't really care about much other than protecting itself. So whether the file will null, didn't make a differnce. I can remove that since I know there is no _current_ case where file will be null. > On March 9, 2015, 11:47 a.m., John Speidel wrote: > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml, > > line 64 > > <https://reviews.apache.org/r/31810/diff/1/?file=887683#file887683line64> > > > > I know that this was simply moved from krb5.conf but I didn't notice > > this before. We shouldn't have a property marked as require-input where > > the value is a concrete hostname or ip address. > > > > Consider the blueprint use case. In 2.1 it will be possible to specify > > host counts instead of actual host names when creating a cluster and the > > request may be submitted prior to any hosts having registered with the > > server. There are many configuration properties which point to specific > > hosts and either the UI updates these as a result of a user mapping > > components to concrete hosts or the BP processor updates these at a later > > time when all necessary host mappings are resolved. > > > > We can discuss in more detail if you would like. The `kdc_host` is not a value to be set based on the cluster topology. It is the FQDN or IP address of some server external to the cluster. If the KDC happens to be on one of the nodes of the cluster, than is it probably a developement or test enviroment. This value is reqired for Kerberos since without it the whole facility will fail. This is the same for `admin_server_host`, however the logic will happily use the `kdc_host` if the `admin_server_host` is not set since typically they are the same host and use default ports. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31810/#review75703 ----------------------------------------------------------- On March 6, 2015, 4:49 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/31810/ > ----------------------------------------------------------- > > (Updated March 6, 2015, 4:49 p.m.) > > > Review request for Ambari, Emil Anca, Jaimin Jetly, John Speidel, Mahadev > Konar, Robert Nettleton, Sumit Mohanty, and Vitalyi Brodetskyi. > > > Bugs: AMBARI-9937 > https://issues.apache.org/jira/browse/AMBARI-9937 > > > Repository: ambari > > > Description > ------- > > It should be possible to deploy Ambari on a host that does not include any > other services. > > The primary issue is that Ambari needs to be able to distribute keytabs to > other hosts even if Ambari-Server is not running on a host with services that > would otherwise have forced the Ambari-Server to be included in the keytab > distribution process. > > To be clear, the following use case should be supported: > > - The Ambari-Server is deployed on a host with no other services > -- Other services are deployed on hosts separate from Ambari-Server > - addHost should be possible > > #Solution: > - Added kerberos.keytab.cache.dir to ambari.properties > - Added kerberos.keytab.cache.dir and default value (via > erberosKeytabCacheDir property) to > org.apache.ambari.server.configuration.Configuration > - Added "cachable" value to Kerberos keytab descriptor (default = true) to > mark a keytab as being cachable or not > - Updated > org.apache.ambari.server.serveraction.kerberos.CreateKeytabFilesServerAction > to add to or use from the keytab cache as necessary > - Added explicit server specification in kadmin call to help with scenarios > where the krb5.conf file isn't configured on the Ambari server > - Moved kdc_host and admin_server_host configuration properties from > krb5-conf to kerberos-env > - Simplified krb5-conf by removing unnecessary properties that can be set in > the template > > > Diffs > ----- > > ambari-server/conf/unix/ambari.properties ec51278 > ambari-server/conf/windows/ambari.properties ff69f67 > ambari-server/pom.xml 2bbb0ee > > ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java > c5595e6 > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java > e01d38d > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java > 6ea33b0 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java > caf8c78 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFile.java > 40b3353 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileBuilder.java > 8888f82 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java > b62f6f9 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java > fc1729b > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java > 0b9227f > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosKeytabDescriptor.java > 59e6104 > ambari-server/src/main/python/ambari_server/serverConfiguration.py 9dfda01 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 15a39d9 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml > 02d78b8 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/metainfo.xml > fd7c229 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py > 3ccbc3e > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2 > 0d915ba > > ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kerberos-env.xml > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/krb5-conf.xml > 43050bd > > ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/params.py > 31e4134 > > ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/krb5_conf.j2 > 0d915ba > > ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java > 03d3a91 > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > d766d8c > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java > 2da692e > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileTest.java > 25c7be7 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java > e1d5fce > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java > 0b34a77 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java > 045cfbe > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java > 6bb59c5 > ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py ecf7853 > > ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade-hdfs-secure.json > b4e3c59 > ambari-server/src/test/python/stacks/2.2/configs/journalnode-upgrade.json > 96d31b0 > > ambari-server/src/test/python/stacks/2.2/configs/pig-service-check-secure.json > d23c908 > ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json > 19ef81f > > ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json > f72be07 > ambari-web/app/assets/data/wizard/stack/hdp/version2.0.1/KERBEROS.json > b34c7b4 > ambari-web/app/data/HDP2/site_properties.js d6bb14b > > Diff: https://reviews.apache.org/r/31810/diff/ > > > Testing > ------- > > Manually tested in test clusters > > #Local Test > > **Ambari Server Tests** > > Tests run: 2770, Failures: 0, Errors: 0, Skipped: 15 > > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 35:43.593s > [INFO] Finished at: Fri Mar 06 16:30:22 EST 2015 > [INFO] Final Memory: 46M/621M > [INFO] > ------------------------------------------------------------------------ > > **Ambari Web Tests** > > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 42.895s > [INFO] Finished at: Fri Mar 06 16:48:23 EST 2015 > [INFO] Final Memory: 11M/310M > [INFO] > ------------------------------------------------------------------------ > > > #Jenkins test results: PENDING (issues with system) > > > Thanks, > > Robert Levas > >
