> On March 16, 2017, 9:12 a.m., Sandor Magyari wrote: > > The question is here whether is useful or not to export auth_to_local > > properties, since they are generated at deploy time anyway. May be would be > > better to exclude from export. > > Could you please also add Robert Levas as a reviewer?
I think in general, the auth-to-local rules should not be exported as part of the blueprint, since as Sandor mentions that they are dynamically created anyways. The content of the rules are cluster specific. So if the realm changes, the rules must change as well. Same with the cluster name - if the cluster name is used as the value to help create unique principal names. That said, +1 for Sandor's comment of removing auth-to-local rules from the exported BP. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57610/#review169142 ----------------------------------------------------------- On March 14, 2017, 1:21 p.m., Amruta Borkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/57610/ > ----------------------------------------------------------- > > (Updated March 14, 2017, 1:21 p.m.) > > > Review request for Ambari, Di Li, Robert Nettleton, and Sandor Magyari. > > > Bugs: AMBARI-20366 > https://issues.apache.org/jira/browse/AMBARI-20366 > > > Repository: ambari > > > Description > ------- > > If blueprint is exported from a kerberos enabled cluster Kerberos rules > export principal names which contain cluster name and Realm, this exports > existing cluster name and realm name as tokens and replaces those tokens with > new values of cluster name and realm during successive cluster deployments. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/api/query/render/ClusterBlueprintRenderer.java > 5e19a6c > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java > 5732a1c > > ambari-server/src/main/java/org/apache/ambari/server/topology/ClusterConfigurationRequest.java > e29417b > > ambari-server/src/test/java/org/apache/ambari/server/api/query/render/ClusterBlueprintRendererTest.java > 75ffd31 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java > d160050 > > ambari-server/src/test/java/org/apache/ambari/server/topology/ClusterConfigurationRequestTest.java > c97c568 > > > Diff: https://reviews.apache.org/r/57610/diff/1/ > > > Testing > ------- > > Tested manually. > Modified test cases. > > > Thanks, > > Amruta Borkar > >
