-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48489/#review136812
-----------------------------------------------------------


Fix it, then Ship it!




Ship It!


ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/kerberos.json 
(line 9)
<https://reviews.apache.org/r/48489/#comment201899>

    Is this correct?  Should "kafka" be taken from some property value since it 
seems like it may be a username that might be found in `kakfa-env/kafka_user`.



ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/kerberos.json 
(line 15)
<https://reviews.apache.org/r/48489/#comment201901>

    Is this correct?  Should "kafka" be taken from some property value since it 
seems like it may be a username that might be found in `kakfa-env/kafka_user`.


- Robert Levas


On June 9, 2016, 8:37 a.m., Tom Beerbower wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48489/
> -----------------------------------------------------------
> 
> (Updated June 9, 2016, 8:37 a.m.)
> 
> 
> Review request for Ambari, John Speidel and Robert Levas.
> 
> 
> Bugs: AMBARI-17144
>     https://issues.apache.org/jira/browse/AMBARI-17144
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Changes in ATLAS-820 require following configurations to be present in 
> atlas-application.properties:
> 
>     atlas.authentication.method.kerberos=false
>     atlas.authentication.method.file=true
>     atlas.authentication.method.ldap=false
>     atlas.authentication.method.file.filename={{atlas_login_credentials_file}}
>     atlas.authentication.method.ldap.type=ldap|ad
>     atlas.authentication.method.ldap.url=
>  
> When Kerberos is enabled, following configurations need to be set/added:
>     atlas.authentication.method.kerberos=true
>     
> atlas.authentication.method.kerberos.keytab=/etc/security/keytabs/spnego.service.keytab
>     atlas.authentication.method.kerberos.principal=HTTP/_h...@example.com
>     atlas.authentication.method.kerberos.name.rules=
>     atlas.kafka.sasl.kerberos.service.name=kafka
>     atlas.kafka.security.protocol=SASL_PLAINTEXT
>     
> atlas.jaas.KafkaClient.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
>     atlas.jaas.KafkaClient.loginModuleControlFlag=required
>     atlas.jaas.KafkaClient.option.useKeyTab=true
>     atlas.jaas.KafkaClient.option.storeKey=true
>     atlas.jaas.KafkaClient.option.serviceName=kafka
>     atlas.jaas.KafkaClient.option.keyTab={{atlas_keytab_path}}
>     atlas.jaas.KafkaClient.option.principal={{atlas_jaas_principal}}
> 
> Following properties are no more used and need to be removed:
>     atlas.http.authentication.enabled
>     atlas.http.authentication.kerberos.keytab
>     atlas.http.authentication.type
>     atlas.http.authentication.kerberos.principal
>     atlas.http.authentication.kerberos.name.rules
>     atlas.login.method=
>     atlas.login.credentials.file=
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml
>  2c4426b 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/kerberos.json 
> PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/48489/diff/
> 
> 
> Testing
> -------
> 
> manual test 
> install Atlas and verify configuration
> enable kerberos and verify configuration
> 
> 
> Thanks,
> 
> Tom Beerbower
> 
>

Reply via email to