[
https://issues.apache.org/jira/browse/AMBARI-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15184160#comment-15184160
]
Yusaku Sako commented on AMBARI-6432:
-------------------------------------
Hi [~bolke]
Feature Flags could be used to get new features committed to the code base so
that developers and users can try out such features but not expose them as
generally available, stable features yet. There's a page for toggling on
experimental features that have been coded to utilize feature flags that the
end user can go to on a live Ambari Server. Also, it is possible to toggle the
flags on/off at build time in the generated app.js (deployed under
/usr/lib/ambari-server/javascripts/app.js.gz|app.js).
Here's a (new) wiki describing feature flags:
https://cwiki.apache.org/confluence/display/AMBARI/Feature+Flags
FreeIPA support is a great addition. It would be good if we can wrap this
under a feature flag, so that we can give the end users access to this feature
if they want to try it out. Also vendors can turn this feature on/off based on
whether they want to officially support this or not.
> FreeIPA Support in Ambari
> -------------------------
>
> Key: AMBARI-6432
> URL: https://issues.apache.org/jira/browse/AMBARI-6432
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server
> Affects Versions: trunk
> Reporter: jay vyas
> Assignee: Bolke de Bruin
> Fix For: 2.4.0
>
> Attachments: AMBARI-6432-FreeIPA.patch, AMBARI-6432.patch,
> AMBARI-6432.trunk.v1.patch, AMBARI-6432.trunk.v2.patch,
> AMBARI-6432.trunk.v3.patch, AMBARI-6432.trunk.v4.patch,
> AMBARI-6432.trunk.v5.patch, AMBARI-6432.trunk.v5.patch, ipa-patch-v0.5.patch
>
>
> FreeIPA Is a powerful tool for unifying identity, kerberos credentials,
> across a cluster.
> A great value add for ambari would be to provide support for using FreeIPA to
> kerberize services. This would allow for
> 1) better HCFS interoperability, because first class GID/UID is critical for
> certain file systems (GlusterFS, Lustre, and any other file system which uses
> kernel / FUSE apis for determining identity)
> 2) better enterprise interoperability. Because of the fact that FreeIPA
> makes it easy to interop with different identity solutions (like active
> directory), it would make ambari easier to adopt for various enterprises.
> 3) broadens ambaris scope. Now ambari could also allow people to setup the
> users of their clusters, and at least some of the security features of their
> clusters, all from one interface (no more manual handling of TGTs and such -
> it could all be done quite easily via the ambari UI which could make calls to
> underlying FreeIPA clients).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
