----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63698/#review190583 -----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java Lines 142 (patched) <https://reviews.apache.org/r/63698/#comment268062> Will this prevent keytab files for headless principals from being regenerated when a regenerate all keytab files operation is being performed? ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json Line 26 (original), 26 (patched) <https://reviews.apache.org/r/63698/#comment268063> This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop". Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue. ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json Line 26 (original), 26 (patched) <https://reviews.apache.org/r/63698/#comment268064> This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop". Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue. ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json Line 107 (original), 107 (patched) <https://reviews.apache.org/r/63698/#comment268068> This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop". Assuming most of the the time {{livy-env/livy_user}} and {{livy2-env/livy_user}} are the same this should not be an issue. ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json Line 26 (original), 26 (patched) <https://reviews.apache.org/r/63698/#comment268065> This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop". Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue. ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json Line 26 (original), 26 (patched) <https://reviews.apache.org/r/63698/#comment268066> This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop". Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue. ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json Line 26 (original), 26 (patched) <https://reviews.apache.org/r/63698/#comment268067> This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop". Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue. ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json Line 106 (original), 106 (patched) <https://reviews.apache.org/r/63698/#comment268069> This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop". Assuming most of the the time {{livy-env/livy_user}} and {{livy2-env/livy_user}} are the same this should not be an issue. ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json Line 26 (original), 26 (patched) <https://reviews.apache.org/r/63698/#comment268071> This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop". Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue. ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json Line 106 (original), 106 (patched) <https://reviews.apache.org/r/63698/#comment268070> This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop". Assuming most of the the time {{livy-env/livy_user}} and {{livy2-env/livy_user}} are the same this should not be an issue. - Robert Levas On Nov. 9, 2017, 7:53 a.m., Eugene Chekanskiy wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63698/ > ----------------------------------------------------------- > > (Updated Nov. 9, 2017, 7:53 a.m.) > > > Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert > Levas. > > > Bugs: AMBARI-22390 > https://issues.apache.org/jira/browse/AMBARI-22390 > > > Repository: ambari > > > Description > ------- > > Now it is possible to put mulitple different principals to same keytab: > > * copy keytap entry from existant identity: > 1. define principal with new unique name(identity1) and reference to > principal that you want to update(identity0) > 2. redefine principal record of identity > 3. Good luck, now principals from identity1 and identity0 will be located > in keytab file from identity0 > * just define new keytab entry in identity with same keytab file. If owners > are different for same keytab in different identities warning will be > printed, if owners and goups are different, or group does not have "r" > permission for file, error will be printed, so make sure that users that need > this keytab are in group that can access it > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > f91383117f > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java > 1dc8ca8ec7 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java > 59d532753d > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java > 3491f18931 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java > f66d273665 > ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json > 166adbd7d0 > ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json > f2dd9e7e3d > ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json > bf763de6d9 > ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json > 95d735b972 > > ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json > b4e93ddc77 > > ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json > 575b9fa42f > > ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json > 89f19d4927 > > > Diff: https://reviews.apache.org/r/63698/diff/1/ > > > Testing > ------- > > mvn clean test, cluster deploy > > > Thanks, > > Eugene Chekanskiy > >
