----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62828/#review187359 -----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java Lines 271-274 (original), 274-277 (patched) <https://reviews.apache.org/r/62828/#comment264341> We need to force all host here if we are not regenerating for a specific set of hosts in the event we regenerate a headless keytab file that needs to be redistributed to hosts not explicitly related to the job. For example if the Kerberos identities for HDFS is being regenerated, the HDFS identity will be regenerated and thus may need to be distributed to hosts that are do not have HDFS components on them. ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java Line 329 (original), 332 (patched) <https://reviews.apache.org/r/62828/#comment264342> `null` is not allowed to be set as a value in this Map implementation. Plus we can now use the following as a directive to incidate all components on a service: ``` regenerate_components=HDFS:* ``` - Robert Levas On Oct. 8, 2017, 7:36 a.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62828/ > ----------------------------------------------------------- > > (Updated Oct. 8, 2017, 7:36 a.m.) > > > Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene > Chekanskiy, Jonathan Hurley, Laszlo Puskas, Nate Cole, and Sebastian Toader. > > > Bugs: AMBARI-22138 > https://issues.apache.org/jira/browse/AMBARI-22138 > > > Repository: ambari > > > Description > ------- > > When regenerating keytab files for a service, non-service-specific principals > are affected. For example, when regenerating the keytab files for HDFS using > the following ReST API call: > > ``` > PUT /api/v1/clusters/c1?regenerate_keytabs=all®enerate_components=HDFS > { > "Clusters": { > "security_type": "KERBEROS" > } > } > ``` > > The following principals are affected: > - HTTP/[email protected] > - [email protected] > - nn/[email protected] > - [email protected] > - HTTP/[email protected] > - dn/[email protected] > - HTTP/[email protected] > - nn/[email protected] > - [email protected] > > However only the following principals *should be* affected: > - nn/[email protected] > - [email protected] > - dn/[email protected] > - nn/[email protected] > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java > 20c5708467 > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > b691968919 > > ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java > 66bf7b3cd3 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java > 4396a2ba7e > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java > 069c821f0e > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java > c86ffa36b1 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java > f56e9464e5 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java > 3ec84fa681 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java > 49828cb462 > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java > b4969420d6 > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java > 9ddb9417db > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java > ef45343dbc > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > 60d7fd9677 > > ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java > 663934fd3a > > ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java > d6bef022cd > > > Diff: https://reviews.apache.org/r/62828/diff/1/ > > > Testing > ------- > > manual tesing > > # Local test results: > ``` > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 28:02 min > [INFO] Finished at: 2017-10-07T12:09:47-04:00 > [INFO] Final Memory: 108M/1995M > [INFO] > ------------------------------------------------------------------------ > ``` > > > Thanks, > > Robert Levas > >
