[jira] [Commented] (AMBARI-11360) Kerberos FE: during disable, need option skip if unable to access KDC to remove principals

Tue, 26 May 2015 18:47:07 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-11360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14560277#comment-14560277
 ] 

Hudson commented on AMBARI-11360:
---------------------------------

SUCCESS: Integrated in Ambari-trunk-Commit #2718 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/2718/])
AMBARI-11360. Kerberos FE: during disable, need option skip if unable to access 
KDC to remove principals. (rlevas via yusaku) (yusaku: 
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=a285987dde69c28e9fee7a14298150393dd185c9)
* ambari-web/app/mixins/wizard/wizardProgressPageController.js
* ambari-web/app/utils/ajax/ajax.js
* ambari-web/app/controllers/main/admin/kerberos/disable_controller.js


> Kerberos FE: during disable, need option skip if unable to access KDC to 
> remove principals
> ------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-11360
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11360
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-web
>    Affects Versions: 2.0.0, 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos, kerberos-wizard
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-11360_01.patch, AMBARI-11360_02.patch
>
>
> Attempted to disable kerb, fails on step to unkerberize because KDC admin is 
> locked out.
> Click retry, can't make it past that.
> Need option to skip and finish "disable kerberos" even if Ambari cannot get 
> the principals cleaned up (i.e. cannot access the KDC) Losing access to the 
> KDC and attempting to disable where ambari can't clean-up the principals 
> should be a skip'able step. User should still be able to get to a clean, 
> not-enabled-kerberos-ambari-state w/o accessing the KDC.
> *Solution*
> Based on user input, execute API call to disable Kerberos with the 
> *manage_kerberos_identities* _directive_ set to *false*.  Example:
> {code:title=PUT /api/v1/clusters/c1?manage_kerberos_identities=false}
> {
>   "Clusters": {
>     "security_type" : "NONE"
>   }
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to