----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57350/#review168100 -----------------------------------------------------------
Ship it! Ship It! - Sebastian Toader On March 7, 2017, 1:13 a.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/57350/ > ----------------------------------------------------------- > > (Updated March 7, 2017, 1:13 a.m.) > > > Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene > Chekanskiy, Laszlo Puskas, Mugdha Varadkar, and Sebastian Toader. > > > Bugs: AMBARI-20335 > https://issues.apache.org/jira/browse/AMBARI-20335 > > > Repository: ambari > > > Description > ------- > > From stack 2.5 onwards > `xasecure.audit.jaas.Client.option.principal/ranger-hbase-audit` needs to > have principal value available under > `hbase.master.kerberos.principal/hbase-site` > > To achieve that added below block of code under hbase > [kerberos.json|https://github.com/apache/ambari/blob/branch-2.5/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json] > ``` > { > "name": "/HBASE/HBASE_MASTER/hbase_master_hbase", > "principal": { > "configuration": > "ranger-hbase-audit/xasecure.audit.jaas.Client.option.principal" > }, > "keytab": { > "configuration": > "ranger-hbase-audit/xasecure.audit.jaas.Client.option.keyTab" > } > } > ``` > > But on test cluster, > `xasecure.audit.jaas.Client.option.principal/ranger-hbase-audit` property is > not showing the expected value. It is showing the principal/keytab values of > `ams_hbase_master_hbase` identity. > > Because of wrong reference of principal audit to solr is not working in > kerberos environment, as security.json have below entry instead of > `hb...@example.com` > ``` > "amshb...@example.com":[ > "ranger_audit_user", > "dev"] > ``` > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java > 141e9cd > > ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json > f510770 > > ambari-server/src/main/resources/stacks/PERF/1.0/services/FAKEHBASE/kerberos.json > b053779 > > ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java > 2a59ccc > > ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_5_infra_solr.json > 0c2723e > > > Diff: https://reviews.apache.org/r/57350/diff/1/ > > > Testing > ------- > > Manually tested in Ambari 2.5.0 cluster and upgrade from Ambari 2.4.2. > > # Local test results: > > ``` > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 23:53.766s > [INFO] Finished at: Mon Mar 06 16:55:35 EST 2017 > [INFO] Final Memory: 71M/772M > [INFO] > ------------------------------------------------------------------------ > ``` > > # Jenkins test results: PENDING > > > Thanks, > > Robert Levas > >