[jira] [Commented] (AMBARI-17399) Hive llap principals are shown on Configure Identity even when Hive is not deployed

Thu, 23 Jun 2016 04:13:42 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-17399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15346277#comment-15346277
 ] 

Aleksandr Kovalenko commented on AMBARI-17399:
----------------------------------------------

+1 for the patch

> Hive llap principals are shown on Configure Identity even when Hive is not 
> deployed
> -----------------------------------------------------------------------------------
>
>                 Key: AMBARI-17399
>                 URL: https://issues.apache.org/jira/browse/AMBARI-17399
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-web
>    Affects Versions: 2.4.0
>            Reporter: Antonenko Alexander
>            Assignee: Antonenko Alexander
>            Priority: Critical
>             Fix For: 2.4.0
>
>         Attachments: AMBARI-17399.patch, 
> hive_llap_principal_and_Keytab_present_unconditionally.png
>
>
> 1. Deploy ambari cluster with YARN, HDFS, ZOOKEEPER and HBASE
> 2. enable security (AD)
> Expected: On ConfigureIdentities page hive.llap.zk.sm.principal and 
> hive.llap.zk.sm.keytab.file
>  should not be present if hive is not deployed on cluster.
> Actual: These 2 properties are showing under Ambari Principals panel even 
> when Hive is not deployed on the cluster.
> Attached screenshot for reference.
> *Cause*
> This is caused when identities that have _when_ clauses are not filtered out 
> if the when clause evaluates to {{false}} when the UI queries for the 
> (composite) Kerberos Descriptor. 
> *Solution*
> Use the {{evaluate_when}} and (optionally) the {{additional_services}} 
> _{{GET}} directives_ to have {{when}} Kerberos descriptor identitiy {{when}} 
> clauses evaluated when requesting Kerberos descriptors. 
> {noformat:title=Get composite Kerberos descriptor when enabling Kerberos}
> GET 
> /api/v1/clusters/CLUSTER_NAME/kerberos_descriptors/COMPOSITE?evaluate_when=true
> {noformat}
> {noformat:title=Get composite Kerberos descriptor when adding services (HIVE, 
> PIG, and TEZ)}
> GET 
> /api/v1/clusters/CLUSTER_NAME/kerberos_descriptors/COMPOSITE?evaluate_when=true&additional_services=HIVE,TEZ,PIG
> {noformat}
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to