> On March 14, 2017, 7:01 a.m., Robert Levas wrote: > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > > Line 135 (original), 135 (patched) > > <https://reviews.apache.org/r/57563/diff/1/?file=1662766#file1662766line135> > > > > We cannot force `kerberos-env/kdc-hosts` to require input. This value > > is only required when when the `kerberos-env/kdc-type` is "mit-kdc", "ipa", > > or "active-directory". If `kerberos-env/kdc-type` is "none", which > > indicates that the user will manually set up the Kerbeos infrastructure, > > then `kerberos-env/kdc-hosts` is not needed. > > > > Also, no mater what the value of `kerberos-env/kdc-type` is, if the > > user opts to manaully manage the krb5.conf file > > (`krb5-conf/manage_krb5_conf` is set to "false"), then > > `kerberos-env/kdc-hosts` is not required. > > Amruta Borkar wrote: > Hello Robert, > Thank you for the information. In case of blueprint deployment, the > property krb5-conf/manage_krb5_conf gets exported as true (default value). > Therefore, if the same blueprint is used to deploy cluster then Ambari > overrides the /etc/krb5.conf file with black values, as 'kdc_hosts' is not > present in the blueprint. > I modified the patch to export krb5-conf/manage_krb5_conf as false, so > that using same blueprint would not run into error condition. Could you > provide your input? > Thanks.
I think this is an incorrect approach. We cannot force the `krb5-env/manage_krb5_conf` property to be `false`. I think a better approach would be to validate the BP by testing `krb5-env/manage_krb5_conf`, and then failing validation if `krb5-env/manage_krb5_conf` is `true` AND `kerberos-env/kdc_hosts` is empty. If `krb5-env/manage_krb5_conf` is `false`; then, `kerberos-env/kdc_hosts` can be emppty. Is this check possible in BP validation? I am not all that familair with the architecture. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57563/#review168881 ----------------------------------------------------------- On April 3, 2017, 12:42 p.m., Amruta Borkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/57563/ > ----------------------------------------------------------- > > (Updated April 3, 2017, 12:42 p.m.) > > > Review request for Ambari, Di Li and Robert Levas. > > > Bugs: AMBARI-20386 > https://issues.apache.org/jira/browse/AMBARI-20386 > > > Repository: ambari > > > Description > ------- > > Blueprint validation does not prompt if kdc_hosts is not specified in the > blueprint. After service installation, deployment fails during Create > Principal stage. As /etc/krb5.conf is overwritten with blank values. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java > db1aa074d4 > > ambari-server/src/test/java/org/apache/ambari/server/api/query/render/ClusterBlueprintRendererTest.java > 13db5f8b56 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java > dba40437ae > > > Diff: https://reviews.apache.org/r/57563/diff/2/ > > > Testing > ------- > > Manual testing done, if no kdc_hosts is mentioned then validation exception > will be thrown during blueprint registration. > > > Thanks, > > Amruta Borkar > >
