Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Jonathan Hurley Mon, 24 Aug 2015 06:23:08 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/#review96142
-----------------------------------------------------------




ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 (line 223)
<https://reviews.apache.org/r/37690/#comment151412>

    Should this be injected?



ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 (lines 952 - 968)
<https://reviews.apache.org/r/37690/#comment151413>

    Instead of using a separate timer and single-threaded executor, could you 
use a Guice Cache that auto expires after the set amount of time? This would 
also let you vary the amount of time each entry lives in the store.



ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java
 (line 41)
<https://reviews.apache.org/r/37690/#comment151414>

    Should this be configurable, exposed by Configuration?



ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java
 (lines 115 - 120)
<https://reviews.apache.org/r/37690/#comment151415>

    IOUtils.closeQuietly(inputstream)



ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java
 (lines 145 - 150)
<https://reviews.apache.org/r/37690/#comment151416>

    IOUtils.closeQuietly(inputstream)


- Jonathan Hurley


On Aug. 21, 2015, 4:07 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37690/
> -----------------------------------------------------------
> 
> (Updated Aug. 21, 2015, 4:07 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, 
> and Sid Wagle.
> 
> 
> Bugs: AMBARI-12772
>     https://issues.apache.org/jira/browse/AMBARI-12772
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> #STR
> Install cluster via blueprints
> Enable Kerberos security
> Add host via blueprints
> 
> #Result
> Adding hosts freeze forever
> In ambari-server.log:
> ```
> The KDC administrator credentials must be set in session by updating the 
> relevant Cluster resource.This may be done by issuing a PUT to the 
> api/v1/clusters/(cluster name) API entry point with the following payload:
> {
>   "session_attributes" : {
>     "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : 
> "(PASSWORD)"}
>   }
> ```
> #Cause
> This is caused because the KDC administrative credentials are not available 
> when needed during the add host process.  If set in the HTTP session, the 
> credentials are not accessible since the Kerberos logic is executed outside 
> the scope of that HTTP session.  
> 
> #Solution
> Store the KDC credentials to a _more secure_ global credential store that is 
> accessible no matter what the context is.  This storage facility is in-memory 
> and has a retention period of 90 minutes.  This solution refactors the 
> current CredentialStoreService and MasterKeyService classes to allow for 
> file-based and in-memory implementations. It also paves the way for future 
> changes to allow for the KDC administrative credentials to be persisted 
> indefinitely.
> 
> *Note:* This patch is rather large due to refactoring the 
> CredentialStoreService and releated classes in an effort to make way for 
> future features related to storing sensitive data.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  ef6fc58 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
>  cb9e6ca 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  708d267 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java
>  8351a99 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java
>  8ea7ca2 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
>  d93faec 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
>  219c14b 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java
>  19997e7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
>  425aa06 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
>  389f1b8 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
>  d3e3fa4 
>   
> ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
>  2a1ac3c 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  5d84fbc 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
>  51f2220 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java
>  0652a52 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java
>  993601b 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
>  9ad3da6 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java
>  305b122 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
>  44a68ae 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
>  8fc5325 
>   
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
>  8c096b0 
> 
> Diff: https://reviews.apache.org/r/37690/diff/
> 
> 
> Testing
> -------
> 
> Manually tested the following on trunk and branch-2.1:  
> - backwards compatibailiy with storing and retrieving the master key and key 
> store data
> - adding a host on a non-kerberized cluster
> - adding a host on a kerberized cluster
> - credential retention timeout
> 
> #Local test results:
> [INFO] 
> ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] 
> ------------------------------------------------------------------------
> [INFO] Total time: 49:19.549s
> [INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
> [INFO] Final Memory: 66M/1436M
> [INFO] 
> ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Reply via email to