----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44148/#review122989 -----------------------------------------------------------
Ship it! Can add the #experimental flag in a follow up patch - Alejandro Fernandez On March 10, 2016, 8:52 p.m., Bolke de Bruin wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44148/ > ----------------------------------------------------------- > > (Updated March 10, 2016, 8:52 p.m.) > > > Review request for Ambari, Jaimin Jetly, Robert Levas, and Yusaku Sako. > > > Bugs: AMBARI-6432 > https://issues.apache.org/jira/browse/AMBARI-6432 > > > Repository: ambari > > > Description > ------- > > FreeIPA is the active directory equivalent for Linux. This patch adds support > for FreeIPA. It requires ipa-admintools to be installed on the ambari host. > In addition it either requires wite access to the krbPasswordPassword > attribute or a suitable password policy needs to be in place (ipa pwpolicy). > > It has been requested to have this implemented in several tickets. > > To test. > > * Have a working IPA server available > * Create a group "ambari-managed-principals" (configurable) > * Create a password policy for this group or make the krb5PasswordExpiry > attribute writable (not per se required for testing) > * Enroll all hosts into ipa > * make sure the ipa-admintools are available on the ambari host > > > Diffs > ----- > > > ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json > c285234 > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > be6edc9 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java > cadfe28 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java > 5b1372a > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java > 4cd050e > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java > bfd45b7 > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java > 42eea14 > > ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java > 947b336 > > ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json > e76f809 > > ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json > dc5ef2e > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json > c9c738e > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > a03dea6 > > ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json > 5354f69 > > ambari-server/src/main/resources/common-services/SPARK/1.4.1.2.3/kerberos.json > 90d9090 > > ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/kerberos.json > 5c2133c > ambari-server/src/main/resources/stacks/HDP/2.0.6/kerberos.json 52e7ee0 > > ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/ECS/kerberos.json > 213c964 > > ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/HBASE/kerberos.json > 1db82a3 > > ambari-server/src/main/resources/stacks/HDP/2.3.GlusterFS/services/ACCUMULO/kerberos.json > d621e05 > > ambari-server/src/main/resources/stacks/HDP/2.3/services/ACCUMULO/kerberos.json > 61fe31e > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java > PRE-CREATION > > ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelperTest.java > cbfa4a3 > > ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_1_3.json > 09d1d0c > > ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_no_hdfs.json > 8f1d075 > > ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_simple.json > 292ad25 > > ambari-server/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json > c285234 > ambari-web/app/controllers/main/admin/kerberos.js c021c89 > ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed > ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6 > ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c > ambari-web/app/controllers/main/service/info/configs.js a22bb48 > ambari-web/app/data/HDP2/site_properties.js 5ad24fc > ambari-web/app/messages.js 8e69dd0 > ambari-web/app/views/common/controls_view.js d355ffe > ambari-web/test/utils/object_utils_test.js 0f9723b > > Diff: https://reviews.apache.org/r/44148/diff/ > > > Testing > ------- > > FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization. > > > Thanks, > > Bolke de Bruin > >
