----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61251/#review181888 -----------------------------------------------------------
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py Lines 471 (patched) <https://reviews.apache.org/r/61251/#comment257678> If ambari-agent runs as non-root user, will the agent have access to the path of the key tab file to verify it exists? Note access to a keytab file may be restricted to specific users and groups (defined in kerberos.json). - Sebastian Toader On Aug. 1, 2017, 11:58 a.m., Attila Magyar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61251/ > ----------------------------------------------------------- > > (Updated Aug. 1, 2017, 11:58 a.m.) > > > Review request for Ambari, Balázs Bence Sári, Robert Levas, and Sebastian > Toader. > > > Bugs: AMBARI-21613 > https://issues.apache.org/jira/browse/AMBARI-21613 > > > Repository: ambari > > > Description > ------- > > Dynamically determine what keytab files have been distributed to hosts. A > custom command should be available via the KERBEROS_CLIENT to query for the > keytab files installed on the relevant host. The communication between the > Ambari server and the agents should generate data needed to determine what > keytab files exist. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java > 1bc4c36 > > ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java > a08abab > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > e5b7afd > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/metainfo.xml > 6a2dd09 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py > 39fdcf5 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py > fcd57af > > ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/metainfo.xml > 0e42bda > > ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py > b2cdaa6 > > ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py > abf58ee > > ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java > baa9bae > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > 4508527 > ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py > f638845 > > > Diff: https://reviews.apache.org/r/61251/diff/1/ > > > Testing > ------- > > 1. > - created a cluster with kerberos enabled > - deleted a keytab file from a host > - regenerated missing keytabs > - checked that the deleted keytab file was recreated > > 2. > - regenerated missing keytabs when no keytab files were missing > - checked that no keytab file was regenerated > > 3. > - created a 15 nodes cluster on openstack with services: HDFS, YARN, > ZOOKEEPER, SPARK1, SPARK2, HIVE > - measured the time taken to regenerate all keytabs and only missing keytabs: > > regenerate missing keytabs only: 12.84 seconds (?=2.33) > regenerate all keytabs: 39.1 seconds (?=5.37) > > existing tests: pending > > > Thanks, > > Attila Magyar > >
