> On Oct. 31, 2016, 12:27 p.m., Robert Levas wrote: > > This seems dangerous. > > > > I think it would be a better option to make this explicit by using a > > configuration attribute. For example: > > > > ''' > > <value-attributes> > > ... > > <type>kerberos_principal</type> > > ... > > </value-attributes> > > ''' > > > > However I am not sure if this data is available at the time you would need > > it. > > Amruta Borkar wrote: > Hello Robert, > Would it be ok if a new property type is defined to identify kerberos > principal EX: <property-type>kerberos-principal<property-type> rather than > defining it in <value-attribute> ? As we currently use > <property-type>password<property-type> to identify and filter out password > references while blueprint export.
I think that will work too but we might need some more expertice on this. After making the change, can you add Jayush Luniya and Jaimin Jetly to the review? Also, make sure you update `configuration-schema.xsd` and `org.apache.ambari.server.state.PropertyInfo.PropertyType` - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53213/#review154274 ----------------------------------------------------------- On Oct. 28, 2016, 1:50 p.m., Amruta Borkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/53213/ > ----------------------------------------------------------- > > (Updated Oct. 28, 2016, 1:50 p.m.) > > > Review request for Ambari, Di Li, Robert Levas, and Robert Nettleton. > > > Bugs: AMBARI-18692 > https://issues.apache.org/jira/browse/AMBARI-18692 > > > Repository: ambari > > > Description > ------- > > Exporting blueprint from kerberos enabled cluster, exports hardcoded values > cluster name and realm in principal_name property. > When the same blueprint is used to create another cluster with different > name, service start fail with following error: > "resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt > /etc/security/keytabs/hdfs.headless.keytab [keytab_name_in_blueprint] eturned > 1. kinit: Keytab contains no suitable keys for [keytab_name_in_blueprint] > while getting initial credentials" > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java > f890326 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java > 5bedb9d > > Diff: https://reviews.apache.org/r/53213/diff/ > > > Testing > ------- > > Tested manually. Suitable keytabs are generated automatically when not > mentioned in blueprint. Service starts succeeded with a blueprint exported > with the code change. > Modified existing unit test cases. > > > Thanks, > > Amruta Borkar > >
