Review Request 49508: AMBARI-17522 Handle Ranger Kms upgrade in kerberos env

Fri, 01 Jul 2016 06:35:16 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49508/
-----------------------------------------------------------

Review request for Ambari, Alejandro Fernandez, Gautam Borad, Robert Levas, 
Srimanth Gunturi, and Velmurugan Periasamy.


Bugs: AMBARI-17522
    https://issues.apache.org/jira/browse/AMBARI-17522


Repository: ambari


Description
-------

Problem:
Upgrade from 2.4 to 2.5 will not have rangerkms principal/keytab identity (as 
it is added in stack 2.5) to create/get repository from Ranger Service.
Ranger KMS service had spnego principal/keytab identity in 2.4.
Ranger KMS service is a dependent on Ranger Service. For previous stack all 
calls were using urllib2 authentication to create/get repository in Ranger 
Service in kerberos env. Ranger Service participate in kerberos from 2.5 
onwards so all call to create/get repository will be using curl --negotiate.

Solution:
If rangerkms principal/keytab is not available during upgrade, using spnego 
principal/keytab.


Diffs
-----

  
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
 133760b 
  
ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
 dce6576 

Diff: https://reviews.apache.org/r/49508/diff/


Testing
-------

Running tests for stack:2.5 service:RANGER_KMS
test_configure_default (test_kms_server.TestRangerKMS) ... 2016-07-01 
18:00:57,586 - Using hadoop conf dir: /usr/hdp/current/hadoop-client/conf
ok
test_configure_secured (test_kms_server.TestRangerKMS) ... 2016-07-01 
18:00:57,607 - Using hadoop conf dir: /usr/hdp/current/hadoop-client/conf
ok
test_start_default (test_kms_server.TestRangerKMS) ... 2016-07-01 18:00:57,630 
- Using hadoop conf dir: /usr/hdp/current/hadoop-client/conf
2016-07-01 18:00:57,634 - Rangeradmin: Skip ranger admin if it's down !
ok
test_start_secured (test_kms_server.TestRangerKMS) ... 2016-07-01 18:00:57,661 
- Using hadoop conf dir: /usr/hdp/current/hadoop-client/conf
2016-07-01 18:00:57,667 - RangeradminV2: Skip ranger admin if it's down !
2016-07-01 18:00:57,667 - KMS repository c1_kms exist
ok
test_stop_default (test_kms_server.TestRangerKMS) ... 2016-07-01 18:00:57,685 - 
Using hadoop conf dir: /usr/hdp/current/hadoop-client/conf
ok

----------------------------------------------------------------------
Ran 5 tests in 0.135s

OK


Thanks,

Mugdha Varadkar

Reply via email to