subject:"Review Request 47428\: Changes to Phoenix QueryServer Kerberos configuration"

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-06-01 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/#review135794
---


Ship it!




Ship It!

- Robert Levas


On May 27, 2016, 6:48 p.m., Josh Elser wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47428/
> ---
> 
> (Updated May 27, 2016, 6:48 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Nate Cole, Robert Levas, and 
> Srimanth Gunturi.
> 
> 
> Bugs: AMBARI-16171
> https://issues.apache.org/jira/browse/AMBARI-16171
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> The up-coming version of Phoenix will contain some new functionality to 
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query 
> Server (PQS).
> 
> Presently, Ambari will configure PQS to use the hbase service keytab which 
> will result in the SPNEGO authentication failing as the RFC requires that the 
> "primary" component of the Kerberos principal for the server is "HTTP". Thus, 
> we need to ensure that we switch PQS over to use the spnego.service.keytab as 
> the keytab and "HTTP/_HOST@REALM" as the principal.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
>  2e857ed 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  0deba5d 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
>  c9536f8 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py 
> 6e506a0 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
> 8c5351f 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  4dedc98 
>   ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py 
> 0066e1d 
> 
> Diff: https://reviews.apache.org/r/47428/diff/
> 
> 
> Testing
> ---
> 
> Unit testing, verified installation with trunk and proper kerberization.
> 
> 
> Thanks,
> 
> Josh Elser
> 
>

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-06-01 Thread Nate Cole


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/#review135792
---


Ship it!




Ship It!

- Nate Cole


On May 27, 2016, 6:48 p.m., Josh Elser wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47428/
> ---
> 
> (Updated May 27, 2016, 6:48 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Nate Cole, Robert Levas, and 
> Srimanth Gunturi.
> 
> 
> Bugs: AMBARI-16171
> https://issues.apache.org/jira/browse/AMBARI-16171
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> The up-coming version of Phoenix will contain some new functionality to 
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query 
> Server (PQS).
> 
> Presently, Ambari will configure PQS to use the hbase service keytab which 
> will result in the SPNEGO authentication failing as the RFC requires that the 
> "primary" component of the Kerberos principal for the server is "HTTP". Thus, 
> we need to ensure that we switch PQS over to use the spnego.service.keytab as 
> the keytab and "HTTP/_HOST@REALM" as the principal.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
>  2e857ed 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  0deba5d 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
>  c9536f8 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py 
> 6e506a0 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
> 8c5351f 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  4dedc98 
>   ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py 
> 0066e1d 
> 
> Diff: https://reviews.apache.org/r/47428/diff/
> 
> 
> Testing
> ---
> 
> Unit testing, verified installation with trunk and proper kerberization.
> 
> 
> Thanks,
> 
> Josh Elser
> 
>

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-27 Thread Josh Elser


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/
---

(Updated May 27, 2016, 10:48 p.m.)


Review request for Ambari, Jonathan Hurley, Nate Cole, Robert Levas, and 
Srimanth Gunturi.


Changes
---

Just realized that I had one of the UpgradeCatalog240Test cases broken.


Bugs: AMBARI-16171
https://issues.apache.org/jira/browse/AMBARI-16171


Repository: ambari


Description
---

The up-coming version of Phoenix will contain some new functionality to support 
Kerberos authentication of clients via SPNEGO with the Phoenix Query Server 
(PQS).

Presently, Ambari will configure PQS to use the hbase service keytab which will 
result in the SPNEGO authentication failing as the RFC requires that the 
"primary" component of the Kerberos principal for the server is "HTTP". Thus, 
we need to ensure that we switch PQS over to use the spnego.service.keytab as 
the keytab and "HTTP/_HOST@REALM" as the principal.


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
 2e857ed 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 0deba5d 
  
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json 
c9536f8 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py 
6e506a0 
  ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
8c5351f 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
 4dedc98 
  ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py 0066e1d 

Diff: https://reviews.apache.org/r/47428/diff/


Testing
---

Unit testing, verified installation with trunk and proper kerberization.


Thanks,

Josh Elser

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-27 Thread Srimanth Gunturi


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/#review135341
---


Ship it!




Ship It!

- Srimanth Gunturi


On May 27, 2016, 10:42 p.m., Josh Elser wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47428/
> ---
> 
> (Updated May 27, 2016, 10:42 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Nate Cole, Robert Levas, and 
> Srimanth Gunturi.
> 
> 
> Bugs: AMBARI-16171
> https://issues.apache.org/jira/browse/AMBARI-16171
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> The up-coming version of Phoenix will contain some new functionality to 
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query 
> Server (PQS).
> 
> Presently, Ambari will configure PQS to use the hbase service keytab which 
> will result in the SPNEGO authentication failing as the RFC requires that the 
> "primary" component of the Kerberos principal for the server is "HTTP". Thus, 
> we need to ensure that we switch PQS over to use the spnego.service.keytab as 
> the keytab and "HTTP/_HOST@REALM" as the principal.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
>  2e857ed 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  0deba5d 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
>  c9536f8 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py 
> 6e506a0 
>   ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
> 8c5351f 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  4dedc98 
>   ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py 
> 0066e1d 
> 
> Diff: https://reviews.apache.org/r/47428/diff/
> 
> 
> Testing
> ---
> 
> Unit testing, verified installation with trunk and proper kerberization.
> 
> 
> Thanks,
> 
> Josh Elser
> 
>

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-27 Thread Josh Elser


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/
---

(Updated May 27, 2016, 9:30 p.m.)


Review request for Ambari, Jonathan Hurley, Nate Cole, Robert Levas, and 
Srimanth Gunturi.


Changes
---

Srimanth helped me out with some direction on how to update the stackadvisor to 
do the "append" logic instead of an overwrite. I have unit tests added for the 
relevant python changes.

I'm still trying to figure out how to test this on a real installation. It is 
not going well, but I don't want to sit on this patch for any longer.


Bugs: AMBARI-16171
https://issues.apache.org/jira/browse/AMBARI-16171


Repository: ambari


Description
---

The up-coming version of Phoenix will contain some new functionality to support 
Kerberos authentication of clients via SPNEGO with the Phoenix Query Server 
(PQS).

Presently, Ambari will configure PQS to use the hbase service keytab which will 
result in the SPNEGO authentication failing as the RFC requires that the 
"primary" component of the Kerberos principal for the server is "HTTP". Thus, 
we need to ensure that we switch PQS over to use the spnego.service.keytab as 
the keytab and "HTTP/_HOST@REALM" as the principal.


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
 2e857ed 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 0deba5d 
  
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json 
c9536f8 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py 
6e506a0 
  ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py 
8c5351f 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
 4dedc98 
  ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py 0066e1d 

Diff: https://reviews.apache.org/r/47428/diff/


Testing
---

Unit testing, verified upgrade from 2.2.2


Thanks,

Josh Elser

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-20 Thread Josh Elser


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/
---

(Updated May 20, 2016, 6:18 p.m.)


Review request for Ambari, Jonathan Hurley, Nate Cole, and Robert Levas.


Changes
---

Used StackId#compareTo(...) per Jonathan's recommendation.


Bugs: AMBARI-16171
https://issues.apache.org/jira/browse/AMBARI-16171


Repository: ambari


Description
---

The up-coming version of Phoenix will contain some new functionality to support 
Kerberos authentication of clients via SPNEGO with the Phoenix Query Server 
(PQS).

Presently, Ambari will configure PQS to use the hbase service keytab which will 
result in the SPNEGO authentication failing as the RFC requires that the 
"primary" component of the Kerberos principal for the server is "HTTP". Thus, 
we need to ensure that we switch PQS over to use the spnego.service.keytab as 
the keytab and "HTTP/_HOST@REALM" as the principal.


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
 2e857ed 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 41f538e 
  
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json 
c9536f8 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
 20fa50f 

Diff: https://reviews.apache.org/r/47428/diff/


Testing
---

Unit testing, verified upgrade from 2.2.2


Thanks,

Josh Elser

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-20 Thread Jonathan Hurley


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/#review134165
---


Fix it, then Ship it!





ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 (lines 2095 - 2101)


Could use StackId.compareTo() for this.


- Jonathan Hurley


On May 19, 2016, 10:06 p.m., Josh Elser wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47428/
> ---
> 
> (Updated May 19, 2016, 10:06 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Nate Cole, and Robert Levas.
> 
> 
> Bugs: AMBARI-16171
> https://issues.apache.org/jira/browse/AMBARI-16171
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> The up-coming version of Phoenix will contain some new functionality to 
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query 
> Server (PQS).
> 
> Presently, Ambari will configure PQS to use the hbase service keytab which 
> will result in the SPNEGO authentication failing as the RFC requires that the 
> "primary" component of the Kerberos principal for the server is "HTTP". Thus, 
> we need to ensure that we switch PQS over to use the spnego.service.keytab as 
> the keytab and "HTTP/_HOST@REALM" as the principal.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
>  2e857ed 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  41f538e 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
>  c9536f8 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  20fa50f 
> 
> Diff: https://reviews.apache.org/r/47428/diff/
> 
> 
> Testing
> ---
> 
> Unit testing, verified upgrade from 2.2.2
> 
> 
> Thanks,
> 
> Josh Elser
> 
>

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-20 Thread Josh Elser



> On May 20, 2016, 12:10 p.m., Nate Cole wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java,
> >  lines 1924-1938
> > 
> >
> > This is a bit rough on the eyes.  There's nothing wrong with 
> > shortcutting-when-null and really helps readability and indenting
> 
> Robert Levas wrote:
> I happen to like the explict checking for null.  What do you mean by 
> "shortcutting-when-null"?
> 
> Like this?
> 
> ```
> KerberosDescriptor kerberosDescriptor = new 
> KerberosDescriptorFactory().createInstance(data);
> KerberosServiceDescriptor serviceDescriptor = (kerberosDescriptor==null) 
> ? null : kerberosDescriptor.getService("HBASE");
> KerberosComponentDescriptor componentDescriptor = 
> (serviceDescriptor==null) ? null : 
> serviceDescriptor.getComponent("PHOENIX_QUERY_SERVER");
> ...
> ```

I was mostly following existing code-style in general that I've seen with 
UpgradeCatalog implementations. I'm happy to change it however you would prefer.


- Josh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/#review134136
---


On May 20, 2016, 2:06 a.m., Josh Elser wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47428/
> ---
> 
> (Updated May 20, 2016, 2:06 a.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Nate Cole, and Robert Levas.
> 
> 
> Bugs: AMBARI-16171
> https://issues.apache.org/jira/browse/AMBARI-16171
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> The up-coming version of Phoenix will contain some new functionality to 
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query 
> Server (PQS).
> 
> Presently, Ambari will configure PQS to use the hbase service keytab which 
> will result in the SPNEGO authentication failing as the RFC requires that the 
> "primary" component of the Kerberos principal for the server is "HTTP". Thus, 
> we need to ensure that we switch PQS over to use the spnego.service.keytab as 
> the keytab and "HTTP/_HOST@REALM" as the principal.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
>  2e857ed 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  41f538e 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
>  c9536f8 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  20fa50f 
> 
> Diff: https://reviews.apache.org/r/47428/diff/
> 
> 
> Testing
> ---
> 
> Unit testing, verified upgrade from 2.2.2
> 
> 
> Thanks,
> 
> Josh Elser
> 
>

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-20 Thread Robert Levas



> On May 20, 2016, 8:10 a.m., Nate Cole wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java,
> >  line 1967
> > 
> >
> > Is "/spnego" always correct?  Should/can this be from  
> > origIdentityDescriptor?

This is correct since we are building a reference entry to the identitiy named 
"/spnego".


> On May 20, 2016, 8:10 a.m., Nate Cole wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java,
> >  lines 1924-1938
> > 
> >
> > This is a bit rough on the eyes.  There's nothing wrong with 
> > shortcutting-when-null and really helps readability and indenting

I happen to like the explict checking for null.  What do you mean by 
"shortcutting-when-null"?

Like this?

```
KerberosDescriptor kerberosDescriptor = new 
KerberosDescriptorFactory().createInstance(data);
KerberosServiceDescriptor serviceDescriptor = (kerberosDescriptor==null) ? null 
: kerberosDescriptor.getService("HBASE");
KerberosComponentDescriptor componentDescriptor = (serviceDescriptor==null) ? 
null : serviceDescriptor.getComponent("PHOENIX_QUERY_SERVER");
...
```


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/#review134136
---


On May 19, 2016, 10:06 p.m., Josh Elser wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47428/
> ---
> 
> (Updated May 19, 2016, 10:06 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Nate Cole, and Robert Levas.
> 
> 
> Bugs: AMBARI-16171
> https://issues.apache.org/jira/browse/AMBARI-16171
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> The up-coming version of Phoenix will contain some new functionality to 
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query 
> Server (PQS).
> 
> Presently, Ambari will configure PQS to use the hbase service keytab which 
> will result in the SPNEGO authentication failing as the RFC requires that the 
> "primary" component of the Kerberos principal for the server is "HTTP". Thus, 
> we need to ensure that we switch PQS over to use the spnego.service.keytab as 
> the keytab and "HTTP/_HOST@REALM" as the principal.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
>  2e857ed 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  41f538e 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
>  c9536f8 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  20fa50f 
> 
> Diff: https://reviews.apache.org/r/47428/diff/
> 
> 
> Testing
> ---
> 
> Unit testing, verified upgrade from 2.2.2
> 
> 
> Thanks,
> 
> Josh Elser
> 
>

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-20 Thread Nate Cole


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/#review134136
---


Fix it, then Ship it!





ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 (lines 1924 - 1938)


This is a bit rough on the eyes.  There's nothing wrong with 
shortcutting-when-null and really helps readability and indenting



ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 (line 1967)


Is "/spnego" always correct?  Should/can this be from  
origIdentityDescriptor?



ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 (lines 2112 - 2117)


Shortcutting for ease-of-reading


- Nate Cole


On May 19, 2016, 10:06 p.m., Josh Elser wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47428/
> ---
> 
> (Updated May 19, 2016, 10:06 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Nate Cole, and Robert Levas.
> 
> 
> Bugs: AMBARI-16171
> https://issues.apache.org/jira/browse/AMBARI-16171
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> The up-coming version of Phoenix will contain some new functionality to 
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query 
> Server (PQS).
> 
> Presently, Ambari will configure PQS to use the hbase service keytab which 
> will result in the SPNEGO authentication failing as the RFC requires that the 
> "primary" component of the Kerberos principal for the server is "HTTP". Thus, 
> we need to ensure that we switch PQS over to use the spnego.service.keytab as 
> the keytab and "HTTP/_HOST@REALM" as the principal.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
>  2e857ed 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  41f538e 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
>  c9536f8 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  20fa50f 
> 
> Diff: https://reviews.apache.org/r/47428/diff/
> 
> 
> Testing
> ---
> 
> Unit testing, verified upgrade from 2.2.2
> 
> 
> Thanks,
> 
> Josh Elser
> 
>

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-19 Thread Josh Elser


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/
---

(Updated May 20, 2016, 2:06 a.m.)


Review request for Ambari, Jonathan Hurley, Nate Cole, and Robert Levas.


Bugs: AMBARI-16171
https://issues.apache.org/jira/browse/AMBARI-16171


Repository: ambari


Description
---

The up-coming version of Phoenix will contain some new functionality to support 
Kerberos authentication of clients via SPNEGO with the Phoenix Query Server 
(PQS).

Presently, Ambari will configure PQS to use the hbase service keytab which will 
result in the SPNEGO authentication failing as the RFC requires that the 
"primary" component of the Kerberos principal for the server is "HTTP". Thus, 
we need to ensure that we switch PQS over to use the spnego.service.keytab as 
the keytab and "HTTP/_HOST@REALM" as the principal.


Diffs
-

  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
 2e857ed 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 41f538e 
  
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json 
c9536f8 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
 20fa50f 

Diff: https://reviews.apache.org/r/47428/diff/


Testing (updated)
---

Unit testing, verified upgrade from 2.2.2


Thanks,

Josh Elser

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-18 Thread Robert Levas



> On May 18, 2016, 5:13 a.m., Robert Levas wrote:
> > Ship It!

We should also have jhurly and/or ncole review as well to get more eyes on this.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/#review133713
---


On May 17, 2016, 11:09 p.m., Josh Elser wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47428/
> ---
> 
> (Updated May 17, 2016, 11:09 p.m.)
> 
> 
> Review request for Ambari and Robert Levas.
> 
> 
> Bugs: AMBARI-16171
> https://issues.apache.org/jira/browse/AMBARI-16171
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> The up-coming version of Phoenix will contain some new functionality to 
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query 
> Server (PQS).
> 
> Presently, Ambari will configure PQS to use the hbase service keytab which 
> will result in the SPNEGO authentication failing as the RFC requires that the 
> "primary" component of the Kerberos principal for the server is "HTTP". Thus, 
> we need to ensure that we switch PQS over to use the spnego.service.keytab as 
> the keytab and "HTTP/_HOST@REALM" as the principal.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
>  2e857ed 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  41f538e 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
>  c9536f8 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  20fa50f 
> 
> Diff: https://reviews.apache.org/r/47428/diff/
> 
> 
> Testing
> ---
> 
> Unit testing, still working through a "real" Ambari upgrade
> 
> 
> Thanks,
> 
> Josh Elser
> 
>

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-18 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/#review133713
---


Ship it!




Ship It!

- Robert Levas


On May 17, 2016, 11:09 p.m., Josh Elser wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47428/
> ---
> 
> (Updated May 17, 2016, 11:09 p.m.)
> 
> 
> Review request for Ambari and Robert Levas.
> 
> 
> Bugs: AMBARI-16171
> https://issues.apache.org/jira/browse/AMBARI-16171
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> The up-coming version of Phoenix will contain some new functionality to 
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query 
> Server (PQS).
> 
> Presently, Ambari will configure PQS to use the hbase service keytab which 
> will result in the SPNEGO authentication failing as the RFC requires that the 
> "primary" component of the Kerberos principal for the server is "HTTP". Thus, 
> we need to ensure that we switch PQS over to use the spnego.service.keytab as 
> the keytab and "HTTP/_HOST@REALM" as the principal.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
>  2e857ed 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  41f538e 
>   
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
>  c9536f8 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  20fa50f 
> 
> Diff: https://reviews.apache.org/r/47428/diff/
> 
> 
> Testing
> ---
> 
> Unit testing, still working through a "real" Ambari upgrade
> 
> 
> Thanks,
> 
> Josh Elser
> 
>

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-17 Thread Josh Elser


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/
---

(Updated May 18, 2016, 3:09 a.m.)


Review request for Ambari and Robert Levas.


Changes
---

New patch which successfully does upgrades from 2.2.2.0 to 2.4.0.0-SNAPSHOT. 
Wouldn't have been possible without lots of great help from Robert Levas 
(thanks again!).


Bugs: AMBARI-16171
https://issues.apache.org/jira/browse/AMBARI-16171


Repository: ambari


Description
---

The up-coming version of Phoenix will contain some new functionality to support 
Kerberos authentication of clients via SPNEGO with the Phoenix Query Server 
(PQS).

Presently, Ambari will configure PQS to use the hbase service keytab which will 
result in the SPNEGO authentication failing as the RFC requires that the 
"primary" component of the Kerberos principal for the server is "HTTP". Thus, 
we need to ensure that we switch PQS over to use the spnego.service.keytab as 
the keytab and "HTTP/_HOST@REALM" as the principal.


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
 2e857ed 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 41f538e 
  
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json 
c9536f8 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
 20fa50f 

Diff: https://reviews.apache.org/r/47428/diff/


Testing
---

Unit testing, still working through a "real" Ambari upgrade


Thanks,

Josh Elser

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-17 Thread Josh Elser


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/
---

(Updated May 17, 2016, 7:58 p.m.)


Review request for Ambari and Robert Levas.


Bugs: AMBARI-16171
https://issues.apache.org/jira/browse/AMBARI-16171


Repository: ambari


Description
---

The up-coming version of Phoenix will contain some new functionality to support 
Kerberos authentication of clients via SPNEGO with the Phoenix Query Server 
(PQS).

Presently, Ambari will configure PQS to use the hbase service keytab which will 
result in the SPNEGO authentication failing as the RFC requires that the 
"primary" component of the Kerberos principal for the server is "HTTP". Thus, 
we need to ensure that we switch PQS over to use the spnego.service.keytab as 
the keytab and "HTTP/_HOST@REALM" as the principal.


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 1f3b1d3 
  
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json 
c9536f8 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
 f36e640 

Diff: https://reviews.apache.org/r/47428/diff/


Testing
---

Unit testing, still working through a "real" Ambari upgrade


Thanks,

Josh Elser

Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

2016-05-16 Thread Josh Elser


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47428/
---

Review request for Ambari and Robert Levas.


Bugs: AMBARI-16171
https://issues.apache.org/jira/browse/AMBARI-16171


Repository: ambari


Description
---

The up-coming version of Phoenix will contain some new functionality to support 
Kerberos authentication of clients via SPNEGO with the Phoenix Query Server 
(PQS).

Presently, Ambari will configure PQS to use the hbase service keytab which will 
result in the SPNEGO authentication failing as the RFC requires that the 
"primary" component of the Kerberos principal for the server is "HTTP". Thus, 
we need to ensure that we switch PQS over to use the spnego.service.keytab as 
the keytab and "HTTP/_HOST@REALM" as the principal.


Diffs
-

  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
 1f3b1d3 
  
ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json 
c9536f8 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
 f36e640 

Diff: https://reviews.apache.org/r/47428/diff/


Testing
---

Unit testing, still working through a "real" Ambari upgrade


Thanks,

Josh Elser

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Re: Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

Review Request 47428: Changes to Phoenix QueryServer Kerberos configuration

16 matches

Site Navigation

Mail list logo

Footer information