----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55513/#review161720 -----------------------------------------------------------
Ship it! Ship It! - Laszlo Puskas On Jan. 13, 2017, 6:14 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/55513/ > ----------------------------------------------------------- > > (Updated Jan. 13, 2017, 6:14 p.m.) > > > Review request for Ambari, Alejandro Fernandez, Attila Magyar, Eugene > Chekanskiy, Laszlo Puskas, and Sebastian Toader. > > > Bugs: AMBARI-19430 > https://issues.apache.org/jira/browse/AMBARI-19430 > > > Repository: ambari > > > Description > ------- > > Use common property for principal name prefix to help with customization of > unique principal names. > > All _headless_ Kerberos identities have a non-unique principal name (across > clusters). To help this issue, the cluster name is appended to these > principal names by adding "-${cluster-name|toLower()}" after the principal > name component. If the user wants to change this convention, they will need > to find all _headless_ principals and make the change. On top of that, when > adding new components, they will need to remember to make the change to new > _headless_ principal names. > > A better solution is to provide a _global_ property named "principal_suffix" > and use that in each _headless_ principal name. By default the value for this > property will be > > ``` > principal_suffix="-${cluster_name|toLower()}" > ``` > > If the user would like not use a prefix (in the event there is only a single > cluster connecting to the KDC), the value can be changed to > > ``` > principal_suffix="" > ``` > > Finally if the user would like to use some other randomizer, they can set the > value to something else. For example > > ``` > principal_suffix="_12345" > ``` > > The property is set in the Kerberos descriptor's "properties" block. For > example: > > ``` > { > "properties": { > "realm": "${kerberos-env/realm}", > ..., > "principal_suffix": "-${cluster_name|toLower()}" > }, > "identities": [ > ..., > { > "name": "smokeuser", > "principal": { > "value": "${cluster-env/smokeuser}${principal_suffix}@${realm}", > "type": "user", > "configuration": "cluster-env/smokeuser_principal_name", > "local_username": "${cluster-env/smokeuser}" > }, > ... > } > ], > "services": [ > { > ``` > > > Diffs > ----- > > > ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json > d53205d > > ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json > caef123 > > ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json > 636d36e > > ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json > f30c9e4 > > ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json > 1dd801b > ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json > fa6af33 > ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json > e7f78cd > ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json > 20e1dc0 > ambari-server/src/main/resources/common-services/STORM/0.9.1/kerberos.json > fcfe524 > ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json > 3068226 > > ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/kerberos.json > 7c4c04c > ambari-server/src/main/resources/stacks/HDP/2.0.6/kerberos.json 9579d0f > > ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/ECS/kerberos.json > 9668354 > > ambari-server/src/main/resources/stacks/HDP/2.3.ECS/services/HBASE/kerberos.json > 20b10f7 > > ambari-server/src/main/resources/stacks/HDP/2.3.GlusterFS/services/ACCUMULO/kerberos.json > 678a2b5 > > ambari-server/src/main/resources/stacks/HDP/2.3/services/ACCUMULO/kerberos.json > 0fec0ab > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json > 9ed40ef > ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json > 9000e95 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json > bd6c6c1 > > ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json > ae0d631 > > ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json > a16e2e1 > ambari-server/src/main/resources/stacks/HDP/3.0/kerberos.json 9579d0f > ambari-server/src/main/resources/stacks/PERF/1.0/kerberos.json a2a667b > > ambari-server/src/main/resources/stacks/PERF/1.0/services/GRUMPY/kerberos.json > 3bf5fbd > > ambari-server/src/main/resources/stacks/PERF/1.0/services/HAPPY/kerberos.json > ae84eaf > > ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/kerberos.json > 9ed40ef > > ambari-server/src/main/resources/stacks/PERF/1.0/services/HDFS/kerberos.json > 974a69c > > ambari-server/src/main/resources/stacks/PERF/1.0/services/SLEEPY/kerberos.json > 45e33f5 > > ambari-server/src/main/resources/stacks/PERF/1.0/services/SNOW/kerberos.json > 47a979a8 > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > 91cd608 > > ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorUpdateHelperTest.java > 5c2e74e > > ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_1_3.json > a9e0bcd > > ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_no_hdfs.json > dcf5bbc > > ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_simple.json > fb884b7 > > ambari-server/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json > d53205d > ambari-web/test/utils/config_test.js bb3a308 > ambari-web/test/utils/object_utils_test.js f70259c > > contrib/management-packs/hdf-ambari-mpack/src/main/resources/stacks/HDF/2.0/kerberos.json > c5ebe20 > > Diff: https://reviews.apache.org/r/55513/diff/ > > > Testing > ------- > > Manually tested new cluster, Ambari upgrade, and stack upgrade scenarios. > > > Thanks, > > Robert Levas > >