subject:"Review Request 63698\: Implement many\-to\-many relation between keytabs and principals"

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

2017-11-13 Thread Dmitro Lisnichenko


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/#review190824
---


Ship it!




Ship It!

- Dmitro Lisnichenko


On Nov. 13, 2017, 5:03 p.m., Eugene Chekanskiy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63698/
> ---
> 
> (Updated Nov. 13, 2017, 5:03 p.m.)
> 
> 
> Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert 
> Levas.
> 
> 
> Bugs: AMBARI-22390
> https://issues.apache.org/jira/browse/AMBARI-22390
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Now it is possible to put mulitple different principals to same keytab:
> 
> * copy keytap entry from existant identity:
> 1. define principal with new unique name(identity1) and reference to 
> principal that you want to update(identity0)
>   2. redefine principal record of identity
>   3. Good luck, now principals from identity1 and identity0 will be located 
> in keytab file from identity0
> * just define new keytab entry in identity with same keytab file. If owners 
> are different for same keytab in different identities warning will be 
> printed, if owners and goups are different, or group does not have "r" 
> permission for file, error will be printed, so make sure that users that need 
> this keytab are in group that can access it
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  f91383117f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
>  1dc8ca8ec7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
>  59d532753d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
>  3491f18931 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java
>  f66d273665 
> 
> 
> Diff: https://reviews.apache.org/r/63698/diff/3/
> 
> 
> Testing
> ---
> 
> mvn clean test, cluster deploy
> 
> 
> Thanks,
> 
> Eugene Chekanskiy
> 
>

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

2017-11-13 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/#review190821
---


Ship it!




Ship It!

- Robert Levas


On Nov. 13, 2017, 10:03 a.m., Eugene Chekanskiy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63698/
> ---
> 
> (Updated Nov. 13, 2017, 10:03 a.m.)
> 
> 
> Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert 
> Levas.
> 
> 
> Bugs: AMBARI-22390
> https://issues.apache.org/jira/browse/AMBARI-22390
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Now it is possible to put mulitple different principals to same keytab:
> 
> * copy keytap entry from existant identity:
> 1. define principal with new unique name(identity1) and reference to 
> principal that you want to update(identity0)
>   2. redefine principal record of identity
>   3. Good luck, now principals from identity1 and identity0 will be located 
> in keytab file from identity0
> * just define new keytab entry in identity with same keytab file. If owners 
> are different for same keytab in different identities warning will be 
> printed, if owners and goups are different, or group does not have "r" 
> permission for file, error will be printed, so make sure that users that need 
> this keytab are in group that can access it
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  f91383117f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
>  1dc8ca8ec7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
>  59d532753d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
>  3491f18931 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java
>  f66d273665 
> 
> 
> Diff: https://reviews.apache.org/r/63698/diff/3/
> 
> 
> Testing
> ---
> 
> mvn clean test, cluster deploy
> 
> 
> Thanks,
> 
> Eugene Chekanskiy
> 
>

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

2017-11-13 Thread Eugene Chekanskiy


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/
---

(Updated Nov. 13, 2017, 3:03 p.m.)


Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.


Bugs: AMBARI-22390
https://issues.apache.org/jira/browse/AMBARI-22390


Repository: ambari


Description
---

Now it is possible to put mulitple different principals to same keytab:

* copy keytap entry from existant identity:
1. define principal with new unique name(identity1) and reference to principal 
that you want to update(identity0)
  2. redefine principal record of identity
  3. Good luck, now principals from identity1 and identity0 will be located in 
keytab file from identity0
* just define new keytab entry in identity with same keytab file. If owners are 
different for same keytab in different identities warning will be printed, if 
owners and goups are different, or group does not have "r" permission for file, 
error will be printed, so make sure that users that need this keytab are in 
group that can access it


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 f91383117f 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
 1dc8ca8ec7 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
 59d532753d 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
 3491f18931 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java
 f66d273665 


Diff: https://reviews.apache.org/r/63698/diff/3/

Changes: https://reviews.apache.org/r/63698/diff/2-3/


Testing
---

mvn clean test, cluster deploy


Thanks,

Eugene Chekanskiy

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

2017-11-09 Thread Eugene Chekanskiy



> On Nov. 9, 2017, 1:53 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
> > Lines 142 (patched)
> > 
> >
> > Will this prevent keytab files for headless principals from being 
> > regenerated when a regenerate all keytab files operation is being performed?

Thanks, that is an error, we need regenerate by default, but check for 
isService only if host filter is exists.


- Eugene


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/#review190583
---


On Nov. 9, 2017, 2:34 p.m., Eugene Chekanskiy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63698/
> ---
> 
> (Updated Nov. 9, 2017, 2:34 p.m.)
> 
> 
> Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert 
> Levas.
> 
> 
> Bugs: AMBARI-22390
> https://issues.apache.org/jira/browse/AMBARI-22390
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Now it is possible to put mulitple different principals to same keytab:
> 
> * copy keytap entry from existant identity:
> 1. define principal with new unique name(identity1) and reference to 
> principal that you want to update(identity0)
>   2. redefine principal record of identity
>   3. Good luck, now principals from identity1 and identity0 will be located 
> in keytab file from identity0
> * just define new keytab entry in identity with same keytab file. If owners 
> are different for same keytab in different identities warning will be 
> printed, if owners and goups are different, or group does not have "r" 
> permission for file, error will be printed, so make sure that users that need 
> this keytab are in group that can access it
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  f91383117f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
>  1dc8ca8ec7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
>  59d532753d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
>  3491f18931 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java
>  f66d273665 
>   ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json 
> 166adbd7d0 
>   ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json 
> f2dd9e7e3d 
>   ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json 
> bf763de6d9 
>   ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json 
> 95d735b972 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json 
> b4e93ddc77 
>   
> ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json 
> 575b9fa42f 
>   
> ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json 
> 89f19d4927 
> 
> 
> Diff: https://reviews.apache.org/r/63698/diff/2/
> 
> 
> Testing
> ---
> 
> mvn clean test, cluster deploy
> 
> 
> Thanks,
> 
> Eugene Chekanskiy
> 
>

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

2017-11-09 Thread Eugene Chekanskiy


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/
---

(Updated Nov. 9, 2017, 2:34 p.m.)


Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.


Bugs: AMBARI-22390
https://issues.apache.org/jira/browse/AMBARI-22390


Repository: ambari


Description
---

Now it is possible to put mulitple different principals to same keytab:

* copy keytap entry from existant identity:
1. define principal with new unique name(identity1) and reference to principal 
that you want to update(identity0)
  2. redefine principal record of identity
  3. Good luck, now principals from identity1 and identity0 will be located in 
keytab file from identity0
* just define new keytab entry in identity with same keytab file. If owners are 
different for same keytab in different identities warning will be printed, if 
owners and goups are different, or group does not have "r" permission for file, 
error will be printed, so make sure that users that need this keytab are in 
group that can access it


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 f91383117f 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
 1dc8ca8ec7 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
 59d532753d 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
 3491f18931 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java
 f66d273665 
  ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json 
166adbd7d0 
  ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json 
f2dd9e7e3d 
  ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json 
bf763de6d9 
  ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json 
95d735b972 
  ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json 
b4e93ddc77 
  ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json 
575b9fa42f 
  ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json 
89f19d4927 


Diff: https://reviews.apache.org/r/63698/diff/2/

Changes: https://reviews.apache.org/r/63698/diff/1-2/


Testing
---

mvn clean test, cluster deploy


Thanks,

Eugene Chekanskiy

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

2017-11-09 Thread Robert Levas

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/#review190583
---

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
Lines 142 (patched)

Will this prevent keytab files for headless principals from being 
regenerated when a regenerate all keytab files operation is being performed?

ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json
Line 26 (original), 26 (patched)

This may not be a good idea since it opens up the keytab file to all users 
of the group - which is typically "hadoop".  

Assuming most of the the time {{spark-env/spark_user}} and 
{{spark2-env/spark_user}} are the same this should not be an issue.

ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json
Line 26 (original), 26 (patched)

This may not be a good idea since it opens up the keytab file to all users 
of the group - which is typically "hadoop".  

Assuming most of the the time {{spark-env/spark_user}} and 
{{spark2-env/spark_user}} are the same this should not be an issue.

ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json
Line 107 (original), 107 (patched)

This may not be a good idea since it opens up the keytab file to all users 
of the group - which is typically "hadoop".  

Assuming most of the the time {{livy-env/livy_user}} and 
{{livy2-env/livy_user}} are the same this should not be an issue.

ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json
Line 26 (original), 26 (patched)

This may not be a good idea since it opens up the keytab file to all users 
of the group - which is typically "hadoop".  

Assuming most of the the time {{spark-env/spark_user}} and 
{{spark2-env/spark_user}} are the same this should not be an issue.

ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json
Line 26 (original), 26 (patched)

This may not be a good idea since it opens up the keytab file to all users 
of the group - which is typically "hadoop".  

Assuming most of the the time {{spark-env/spark_user}} and 
{{spark2-env/spark_user}} are the same this should not be an issue.

ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json
Line 26 (original), 26 (patched)

This may not be a good idea since it opens up the keytab file to all users 
of the group - which is typically "hadoop".  

Assuming most of the the time {{spark-env/spark_user}} and 
{{spark2-env/spark_user}} are the same this should not be an issue.

ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json
Line 106 (original), 106 (patched)

This may not be a good idea since it opens up the keytab file to all users 
of the group - which is typically "hadoop".  

Assuming most of the the time {{livy-env/livy_user}} and 
{{livy2-env/livy_user}} are the same this should not be an issue.

ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json
Line 26 (original), 26 (patched)

This may not be a good idea since it opens up the keytab file to all users 
of the group - which is typically "hadoop".  

Assuming most of the the time {{spark-env/spark_user}} and 
{{spark2-env/spark_user}} are the same this should not be an issue.

ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json
Line 106 (original), 106 (patched)

This may not be a good idea since it opens up the keytab file to all users 
of the group - which is typically "hadoop".  

Assuming most of the the time {{livy-env/livy_user}} and 
{{livy2-env/livy_user}} are the same this should not be an issue.

- Robert Levas

On Nov. 9, 2017, 7:53 a.m., Eugene Chekanskiy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63698/
> ---
> 
> (Updated Nov. 9, 2017, 7:53 a.m.)
> 
> 
> Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert 
> Levas.
> 
> 
> Bugs: AMBARI-22390
> https://issues.apache.org/jira/browse/AMBARI-22390
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Now it is

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

2017-11-09 Thread Dmitro Lisnichenko


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/#review190582
---


Ship it!




Ship It!

- Dmitro Lisnichenko


On Nov. 9, 2017, 2:53 p.m., Eugene Chekanskiy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63698/
> ---
> 
> (Updated Nov. 9, 2017, 2:53 p.m.)
> 
> 
> Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert 
> Levas.
> 
> 
> Bugs: AMBARI-22390
> https://issues.apache.org/jira/browse/AMBARI-22390
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Now it is possible to put mulitple different principals to same keytab:
> 
> * copy keytap entry from existant identity:
> 1. define principal with new unique name(identity1) and reference to 
> principal that you want to update(identity0)
>   2. redefine principal record of identity
>   3. Good luck, now principals from identity1 and identity0 will be located 
> in keytab file from identity0
> * just define new keytab entry in identity with same keytab file. If owners 
> are different for same keytab in different identities warning will be 
> printed, if owners and goups are different, or group does not have "r" 
> permission for file, error will be printed, so make sure that users that need 
> this keytab are in group that can access it
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  f91383117f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
>  1dc8ca8ec7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
>  59d532753d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
>  3491f18931 
>   
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java
>  f66d273665 
>   ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json 
> 166adbd7d0 
>   ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json 
> f2dd9e7e3d 
>   ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json 
> bf763de6d9 
>   ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json 
> 95d735b972 
>   
> ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json 
> b4e93ddc77 
>   
> ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json 
> 575b9fa42f 
>   
> ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json 
> 89f19d4927 
> 
> 
> Diff: https://reviews.apache.org/r/63698/diff/1/
> 
> 
> Testing
> ---
> 
> mvn clean test, cluster deploy
> 
> 
> Thanks,
> 
> Eugene Chekanskiy
> 
>

Review Request 63698: Implement many-to-many relation between keytabs and principals

2017-11-09 Thread Eugene Chekanskiy


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/
---

Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.


Bugs: AMBARI-22390
https://issues.apache.org/jira/browse/AMBARI-22390


Repository: ambari


Description
---

Now it is possible to put mulitple different principals to same keytab:

* copy keytap entry from existant identity:
1. define principal with new unique name(identity1) and reference to principal 
that you want to update(identity0)
  2. redefine principal record of identity
  3. Good luck, now principals from identity1 and identity0 will be located in 
keytab file from identity0
* just define new keytab entry in identity with same keytab file. If owners are 
different for same keytab in different identities warning will be printed, if 
owners and goups are different, or group does not have "r" permission for file, 
error will be printed, so make sure that users that need this keytab are in 
group that can access it


Diffs
-

  
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 f91383117f 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java
 1dc8ca8ec7 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
 59d532753d 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
 3491f18931 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java
 f66d273665 
  ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json 
166adbd7d0 
  ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json 
f2dd9e7e3d 
  ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json 
bf763de6d9 
  ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json 
95d735b972 
  ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json 
b4e93ddc77 
  ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json 
575b9fa42f 
  ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json 
89f19d4927 


Diff: https://reviews.apache.org/r/63698/diff/1/


Testing
---

mvn clean test, cluster deploy


Thanks,

Eugene Chekanskiy

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

Re: Review Request 63698: Implement many-to-many relation between keytabs and principals

Review Request 63698: Implement many-to-many relation between keytabs and principals

8 matches

Site Navigation

Mail list logo

Footer information