Re: Review Request 56997: Use storm user principal instead of nimbus user principal for ranger audit

Oliver Szabo Fri, 24 Feb 2017 11:28:36 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56997/
-----------------------------------------------------------


(Updated Feb. 24, 2017, 7:28 p.m.)


Review request for Ambari, Miklos Gergely, Mugdha Varadkar, Robert Levas, and 
Robert Nettleton.


Changes
-------

added when conditions for infra-solr service identity references


Bugs: AMBARI-20152
    https://issues.apache.org/jira/browse/AMBARI-20152


Repository: ambari


Description
-------

Use storm principal and keytab for ranger plugin instead of nimbus ones.
In storm code, storm user will be used globally anyway, ranger plugin will use 
that. In Ambari 2.4 that not caused any issues, but from Ambari 2.5, Solr 
authorization is supported, that can cause if storm is authenticated with the 
worng user, it wont be able to access the ranger audit collection.


Diffs (updated)
-----

  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 bfab0fe 
  
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json 
0c25c95 
  
ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json 
d024146 
  
ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json 
60c8afb 
  ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json 
c5b3201 
  ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json 
fecef7c 

Diff: https://reviews.apache.org/r/56997/diff/


Testing
-------

done.


Thanks,

Oliver Szabo

Re: Review Request 56997: Use storm user principal instead of nimbus user principal for ranger audit

Reply via email to