> On Dec. 1, 2015, 1:16 a.m., Robert Levas wrote: > > ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json, > > line 25 > > <https://reviews.apache.org/r/40682/diff/1/?file=1139397#file1139397line25> > > > > It seems like this may be an issue if the user running the PFX servcie > > needs to be changed. Maybe a `pfx-env` config is in order so it can store a > > `pfx_user` property?
True. We do have a followup story in which we have to parameterize these hardcoded variables by pxf-env as you suggested. However, currently pxf does not support changing the user thus kept it hardcoded to avoid users changing it. > On Dec. 1, 2015, 1:16 a.m., Robert Levas wrote: > > ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json, > > lines 22-23 > > <https://reviews.apache.org/r/40682/diff/1/?file=1139397#file1139397line22> > > > > Omit these rather than set to `null` Sure will do in a followup story as this is committed. > On Dec. 1, 2015, 1:16 a.m., Robert Levas wrote: > > ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json, > > line 9 > > <https://reviews.apache.org/r/40682/diff/1/?file=1139397#file1139397line9> > > > > You should omit this rather than set it to `null`. > > > > Also there appears to be a `pfx-site/pxf.service.kerberos.keytab` > > property in the `pfx-site.xml` file. Wouldn't that be relevant? Will fix this in a followup story created AMBARI-14139 > On Dec. 1, 2015, 1:16 a.m., Robert Levas wrote: > > ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py, > > line 105 > > <https://reviews.apache.org/r/40682/diff/1/?file=1139399#file1139399line105> > > > > It seems like this should be retrieved from > > `pfx-site/pxf.service.kerberos.principal`. This may become a maintainence > > issue when the principal name changes. Will do it as part of the story for exposing pxf user. Followup story created. - bhuvnesh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/40682/#review108431 ----------------------------------------------------------- On Nov. 25, 2015, 1:16 a.m., bhuvnesh chaudhary wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/40682/ > ----------------------------------------------------------- > > (Updated Nov. 25, 2015, 1:16 a.m.) > > > Review request for Ambari, Alejandro Fernandez, jun aoki, and Oleksandr > Diachenko. > > > Bugs: AMBARI-14053 > https://issues.apache.org/jira/browse/AMBARI-14053 > > > Repository: ambari > > > Description > ------- > > PXF should get secured when security is enabled on cluster via kerberos > wizard on ambari. Need to add kerberos.json and the relevant code. > > > Diffs > ----- > > ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json > PRE-CREATION > > ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py > a4986c9 > > ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py > dd0031c > > Diff: https://reviews.apache.org/r/40682/diff/ > > > Testing > ------- > > yes > > > Thanks, > > bhuvnesh chaudhary > >
