Re: Review Request 47022: Change default username for Logsearch server to ambar_logsearch_admin

[Robert Nettleton]

> On May 5, 2016, 5:30 p.m., Robert Nettleton wrote:
> > The patch looks fine to me, just needs a minor fix listed below.
> > 
> > Regarding the open question, I don't think there is much that can be done 
> > in the short term on this one.  The Ambari Integration code must use a 
> > separate admin user to access LogSearch, so avoid the potential round-trip 
> > authentication from LogSearch.  
> > 
> > My recommendation is that this password setting still be set to required, 
> > especially considering that the LogSearch server itself may be configured 
> > to only use file-based authentication.  In either case, file-based or 
> > Ambari-based, the Ambari LogSearch Integration layer will still need the 
> > separate credential.
> > 
> > Thanks.
> 
> Oliver Szabo wrote:
> ok. after the ambari server credential stuff goes in, maybe we will need 
> a new property to use ambari-server as credential server (by default: true), 
> in that patch external_auth comes from a property anyway (in 
> logsearch.properties)

I don't think we'll need the new property you just mentioned in this comment:

"maybe we will need a new property to use ambari-server as credential server"

Due to the performance issues related to the round-trip between Ambari Server 
and LogSearch, the Ambari LogSearch Integration (REST) layer will likely always 
use a separate credential, since the Logsearch Server will use different 
authentication sources based on user id.  We need this in order to keep a REST 
call in Ambari to LogSearch from triggering an authentication check back to the 
Ambari REST resource, which is an unnecessary drain on resources without any 
benefit.  

I don't forsee the integration code using the Ambari admin credential to 
authenticate, for the reasons I've outlined above. 

Thanks.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47022/#review131870
---


On May 5, 2016, 6:26 p.m., Oliver Szabo wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47022/
> ---
> 
> (Updated May 5, 2016, 6:26 p.m.)
> 
> 
> Review request for Ambari, Robert Nettleton and Sumit Mohanty.
> 
> 
> Bugs: AMBARI-16275
> https://issues.apache.org/jira/browse/AMBARI-16275
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Change default username for Logsearch UI.
> Open question: if ambari_admin is used as default user, and that outcome is 
> ambari user can be used on Logsearch UI, then adding a required password can 
> be misleading.
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-admin-json.xml
>  ca818b9 
> 
> Diff: https://reviews.apache.org/r/47022/diff/
> 
> 
> Testing
> ---
> 
> Total run:1014
> Total errors:0
> Total failures:0
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Re: Review Request 47022: Change default username for Logsearch server to ambar_logsearch_admin

[Oliver Szabo]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47022/
---

(Updated May 5, 2016, 6:26 p.m.)


Review request for Ambari, Robert Nettleton and Sumit Mohanty.


Changes
---

changed title


Summary (updated)
-

Change default username for Logsearch server to ambar_logsearch_admin


Bugs: AMBARI-16275
https://issues.apache.org/jira/browse/AMBARI-16275


Repository: ambari


Description
---

Change default username for Logsearch UI.
Open question: if ambari_admin is used as default user, and that outcome is 
ambari user can be used on Logsearch UI, then adding a required password can be 
misleading.


Diffs
-

  
ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-admin-json.xml
 ca818b9 

Diff: https://reviews.apache.org/r/47022/diff/


Testing
---

Total run:1014
Total errors:0
Total failures:0


Thanks,

Oliver Szabo