-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44472/#review122592
-----------------------------------------------------------


Ship it!




Ship It!

- Robert Levas


On March 8, 2016, 2:58 p.m., Jonathan Hurley wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44472/
> -----------------------------------------------------------
> 
> (Updated March 8, 2016, 2:58 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez and Robert Levas.
> 
> 
> Bugs: AMBARI-15324
>     https://issues.apache.org/jira/browse/AMBARI-15324
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> When a cluster has been Kerberized, alerts use the {{curl_krb_request}} 
> module in order to make requests using SPNEGO negotiation.
> 
> Normally this would involve calling {{kinit}} and then invoking the {{curl}} 
> command to use the acquired ticket. However, because alerts run often on 
> fixed intervals, this would mean that the KDC would be flooded with requests 
> every minute.
> 
> To alleviate this problem, {{curl_krb_request}} uses {{klist}} to inspect the 
> {{KRB5CCNAME}} cache. Only if an invalid ticket is found is {{kinit}} 
> invoked. Additionally, {{kinit}} is invoked with a fixed ticket lifetime of 5 
> minutes. Since many alerts run on 5-minute intervals, this causes boundary 
> issues.
> 
> To workaround these problems while continuing to leverage the cache, 
> {{curl_krb_request}} should be changed to:
> - Use the default ticket expiry configured for Kerberos in {{krb5.conf}}
> - Employ in-memory tracking of the last time {{kinit}} was called so that it 
> can be invoked before hitting the boundary of the ticket's expiration time
> 
> 
> Diffs
> -----
> 
>   ambari-agent/conf/unix/ambari-agent.ini 05e898a 
>   ambari-agent/conf/windows/ambari-agent.ini e490f7c 
>   ambari-agent/src/main/python/ambari_agent/AlertSchedulerHandler.py eb9945b 
>   ambari-agent/src/main/python/ambari_agent/Controller.py eb2c363 
>   ambari-agent/src/main/python/ambari_agent/alerts/base_alert.py fd6b03c 
>   ambari-agent/src/main/python/ambari_agent/alerts/metric_alert.py b2f4e33 
>   ambari-agent/src/main/python/ambari_agent/alerts/port_alert.py 92d28ad 
>   ambari-agent/src/main/python/ambari_agent/alerts/recovery_alert.py 760a737 
>   ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py e8d0125 
>   ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py 502526c 
>   ambari-agent/src/test/python/ambari_agent/TestAlertSchedulerHandler.py 
> 9fd426f 
>   ambari-agent/src/test/python/ambari_agent/TestAlerts.py 8344238 
>   ambari-agent/src/test/python/ambari_agent/TestBaseAlert.py e67c894 
>   ambari-agent/src/test/python/ambari_agent/TestMetricAlert.py 23e9f13 
>   ambari-agent/src/test/python/ambari_agent/TestPortAlert.py 195cc63 
>   ambari-agent/src/test/python/ambari_agent/TestScriptAlert.py 46c7651 
>   
> ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
>  1ccc45f 
>   
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_checkpoint_time.py
>  ef389cd 
>   
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_ha_namenode_health.py
>  a174cb4 
>   
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_metrics_deviation.py
>  217f3b8 
>   
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/alerts/alert_upgrade_finalized.py
>  6e8945c 
>   
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
>  b49fd6e 
>   
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/alerts/alert_nodemanager_health.py
>  ef5e6b3 
>   
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/alerts/alert_nodemanagers_summary.py
>  119a1a1 
> 
> Diff: https://reviews.apache.org/r/44472/diff/
> 
> 
> Testing
> -------
> 
> Deployed changes to a cluster with frequent 401's and "Cannot decode JSON" 
> messages. 
> 
> ----------------------------------------------------------------------
> Total run:924
> Total errors:0
> Total failures:0
> OK
> 
> 
> Thanks,
> 
> Jonathan Hurley
> 
>

Reply via email to