-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44472/
-----------------------------------------------------------

(Updated March 8, 2016, 2:58 p.m.)


Review request for Ambari, Alejandro Fernandez and Robert Levas.


Changes
-------

Addressed concerns about too many kinit requests with a hard-coded 4 hour 
invalidation. Now this is configurable via the agent properties


Bugs: AMBARI-15324
    https://issues.apache.org/jira/browse/AMBARI-15324


Repository: ambari


Description
-------

When a cluster has been Kerberized, alerts use the {{curl_krb_request}} module 
in order to make requests using SPNEGO negotiation.

Normally this would involve calling {{kinit}} and then invoking the {{curl}} 
command to use the acquired ticket. However, because alerts run often on fixed 
intervals, this would mean that the KDC would be flooded with requests every 
minute.

To alleviate this problem, {{curl_krb_request}} uses {{klist}} to inspect the 
{{KRB5CCNAME}} cache. Only if an invalid ticket is found is {{kinit}} invoked. 
Additionally, {{kinit}} is invoked with a fixed ticket lifetime of 5 minutes. 
Since many alerts run on 5-minute intervals, this causes boundary issues.

To workaround these problems while continuing to leverage the cache, 
{{curl_krb_request}} should be changed to:
- Use the default ticket expiry configured for Kerberos in {{krb5.conf}}
- Employ in-memory tracking of the last time {{kinit}} was called so that it 
can be invoked before hitting the boundary of the ticket's expiration time


Diffs (updated)
-----

  ambari-agent/conf/unix/ambari-agent.ini 05e898a 
  ambari-agent/conf/windows/ambari-agent.ini e490f7c 
  ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py eb9945b 
  ambari-agent/src/main/python/ambari_agent/Controller.py eb2c363 
  ambari-agent/src/main/python/ambari_agent/alerts/base_alert.py fd6b03c 
  ambari-agent/src/main/python/ambari_agent/alerts/metric_alert.py b2f4e33 
  ambari-agent/src/main/python/ambari_agent/alerts/port_alert.py 92d28ad 
  ambari-agent/src/main/python/ambari_agent/alerts/recovery_alert.py 760a737 
  ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py e8d0125 
  ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py 502526c 
  ambari-agent/src/test/python/ambari_agent/TestAlertSchedulerHandler.py 
9fd426f 
  ambari-agent/src/test/python/ambari_agent/TestAlerts.py 8344238 
  ambari-agent/src/test/python/ambari_agent/TestBaseAlert.py e67c894 
  ambari-agent/src/test/python/ambari_agent/TestMetricAlert.py 23e9f13 
  ambari-agent/src/test/python/ambari_agent/TestPortAlert.py 195cc63 
  ambari-agent/src/test/python/ambari_agent/TestScriptAlert.py 46c7651 
  
ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
 1ccc45f 
  
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_checkpoint_time.py
 ef389cd 
  
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_ha_namenode_health.py
 a174cb4 
  
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_metrics_deviation.py
 217f3b8 
  
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_upgrade_finalized.py
 6e8945c 
  
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
 b49fd6e 
  
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/alerts/alert_nodemanager_health.py
 ef5e6b3 
  
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/alerts/alert_nodemanagers_summary.py
 119a1a1 

Diff: https://reviews.apache.org/r/44472/diff/


Testing
-------

Deployed changes to a cluster with frequent 401's and "Cannot decode JSON" 
messages. 

----------------------------------------------------------------------
Total run:924
Total errors:0
Total failures:0
OK


Thanks,

Jonathan Hurley

Reply via email to