----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44472/#review122592 -----------------------------------------------------------
Ship it! Ship It! - Robert Levas On March 8, 2016, 2:58 p.m., Jonathan Hurley wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44472/ > ----------------------------------------------------------- > > (Updated March 8, 2016, 2:58 p.m.) > > > Review request for Ambari, Alejandro Fernandez and Robert Levas. > > > Bugs: AMBARI-15324 > https://issues.apache.org/jira/browse/AMBARI-15324 > > > Repository: ambari > > > Description > ------- > > When a cluster has been Kerberized, alerts use the {{curl_krb_request}} > module in order to make requests using SPNEGO negotiation. > > Normally this would involve calling {{kinit}} and then invoking the {{curl}} > command to use the acquired ticket. However, because alerts run often on > fixed intervals, this would mean that the KDC would be flooded with requests > every minute. > > To alleviate this problem, {{curl_krb_request}} uses {{klist}} to inspect the > {{KRB5CCNAME}} cache. Only if an invalid ticket is found is {{kinit}} > invoked. Additionally, {{kinit}} is invoked with a fixed ticket lifetime of 5 > minutes. Since many alerts run on 5-minute intervals, this causes boundary > issues. > > To workaround these problems while continuing to leverage the cache, > {{curl_krb_request}} should be changed to: > - Use the default ticket expiry configured for Kerberos in {{krb5.conf}} > - Employ in-memory tracking of the last time {{kinit}} was called so that it > can be invoked before hitting the boundary of the ticket's expiration time > > > Diffs > ----- > > ambari-agent/conf/unix/ambari-agent.ini 05e898a > ambari-agent/conf/windows/ambari-agent.ini e490f7c > ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py eb9945b > ambari-agent/src/main/python/ambari_agent/Controller.py eb2c363 > ambari-agent/src/main/python/ambari_agent/alerts/base_alert.py fd6b03c > ambari-agent/src/main/python/ambari_agent/alerts/metric_alert.py b2f4e33 > ambari-agent/src/main/python/ambari_agent/alerts/port_alert.py 92d28ad > ambari-agent/src/main/python/ambari_agent/alerts/recovery_alert.py 760a737 > ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py e8d0125 > ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py 502526c > ambari-agent/src/test/python/ambari_agent/TestAlertSchedulerHandler.py > 9fd426f > ambari-agent/src/test/python/ambari_agent/TestAlerts.py 8344238 > ambari-agent/src/test/python/ambari_agent/TestBaseAlert.py e67c894 > ambari-agent/src/test/python/ambari_agent/TestMetricAlert.py 23e9f13 > ambari-agent/src/test/python/ambari_agent/TestPortAlert.py 195cc63 > ambari-agent/src/test/python/ambari_agent/TestScriptAlert.py 46c7651 > > ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py > 1ccc45f > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_checkpoint_time.py > ef389cd > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_ha_namenode_health.py > a174cb4 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_metrics_deviation.py > 217f3b8 > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_upgrade_finalized.py > 6e8945c > > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py > b49fd6e > > ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/alerts/alert_nodemanager_health.py > ef5e6b3 > > ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/alerts/alert_nodemanagers_summary.py > 119a1a1 > > Diff: https://reviews.apache.org/r/44472/diff/ > > > Testing > ------- > > Deployed changes to a cluster with frequent 401's and "Cannot decode JSON" > messages. > > ---------------------------------------------------------------------- > Total run:924 > Total errors:0 > Total failures:0 > OK > > > Thanks, > > Jonathan Hurley > >
