-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44472/
-----------------------------------------------------------
(Updated March 8, 2016, 2:58 p.m.)
Review request for Ambari, Alejandro Fernandez and Robert Levas.
Changes
-------
Addressed concerns about too many kinit requests with a hard-coded 4 hour
invalidation. Now this is configurable via the agent properties
Bugs: AMBARI-15324
https://issues.apache.org/jira/browse/AMBARI-15324
Repository: ambari
Description
-------
When a cluster has been Kerberized, alerts use the {{curl_krb_request}} module
in order to make requests using SPNEGO negotiation.
Normally this would involve calling {{kinit}} and then invoking the {{curl}}
command to use the acquired ticket. However, because alerts run often on fixed
intervals, this would mean that the KDC would be flooded with requests every
minute.
To alleviate this problem, {{curl_krb_request}} uses {{klist}} to inspect the
{{KRB5CCNAME}} cache. Only if an invalid ticket is found is {{kinit}} invoked.
Additionally, {{kinit}} is invoked with a fixed ticket lifetime of 5 minutes.
Since many alerts run on 5-minute intervals, this causes boundary issues.
To workaround these problems while continuing to leverage the cache,
{{curl_krb_request}} should be changed to:
- Use the default ticket expiry configured for Kerberos in {{krb5.conf}}
- Employ in-memory tracking of the last time {{kinit}} was called so that it
can be invoked before hitting the boundary of the ticket's expiration time
Diffs (updated)
-----
ambari-agent/conf/unix/ambari-agent.ini 05e898a
ambari-agent/conf/windows/ambari-agent.ini e490f7c
ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py eb9945b
ambari-agent/src/main/python/ambari_agent/Controller.py eb2c363
ambari-agent/src/main/python/ambari_agent/alerts/base_alert.py fd6b03c
ambari-agent/src/main/python/ambari_agent/alerts/metric_alert.py b2f4e33
ambari-agent/src/main/python/ambari_agent/alerts/port_alert.py 92d28ad
ambari-agent/src/main/python/ambari_agent/alerts/recovery_alert.py 760a737
ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py e8d0125
ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py 502526c
ambari-agent/src/test/python/ambari_agent/TestAlertSchedulerHandler.py
9fd426f
ambari-agent/src/test/python/ambari_agent/TestAlerts.py 8344238
ambari-agent/src/test/python/ambari_agent/TestBaseAlert.py e67c894
ambari-agent/src/test/python/ambari_agent/TestMetricAlert.py 23e9f13
ambari-agent/src/test/python/ambari_agent/TestPortAlert.py 195cc63
ambari-agent/src/test/python/ambari_agent/TestScriptAlert.py 46c7651
ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
1ccc45f
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_checkpoint_time.py
ef389cd
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_ha_namenode_health.py
a174cb4
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_metrics_deviation.py
217f3b8
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_upgrade_finalized.py
6e8945c
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
b49fd6e
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/alerts/alert_nodemanager_health.py
ef5e6b3
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/alerts/alert_nodemanagers_summary.py
119a1a1
Diff: https://reviews.apache.org/r/44472/diff/
Testing
-------
Deployed changes to a cluster with frequent 401's and "Cannot decode JSON"
messages.
----------------------------------------------------------------------
Total run:924
Total errors:0
Total failures:0
OK
Thanks,
Jonathan Hurley
