> On May 5, 2016, 5:30 p.m., Robert Nettleton wrote:
> > The patch looks fine to me, just needs a minor fix listed below.
> >
> > Regarding the open question, I don't think there is much that can be done
> > in the short term on this one. The Ambari Integration code must use a
> > separate admin user to access LogSearch, so avoid the potential round-trip
> > authentication from LogSearch.
> >
> > My recommendation is that this password setting still be set to required,
> > especially considering that the LogSearch server itself may be configured
> > to only use file-based authentication. In either case, file-based or
> > Ambari-based, the Ambari LogSearch Integration layer will still need the
> > separate credential.
> >
> > Thanks.
>
> Oliver Szabo wrote:
> ok. after the ambari server credential stuff goes in, maybe we will need
> a new property to use ambari-server as credential server (by default: true),
> in that patch external_auth comes from a property anyway (in
> logsearch.properties)
I don't think we'll need the new property you just mentioned in this comment:
"maybe we will need a new property to use ambari-server as credential server"
Due to the performance issues related to the round-trip between Ambari Server
and LogSearch, the Ambari LogSearch Integration (REST) layer will likely always
use a separate credential, since the Logsearch Server will use different
authentication sources based on user id. We need this in order to keep a REST
call in Ambari to LogSearch from triggering an authentication check back to the
Ambari REST resource, which is an unnecessary drain on resources without any
benefit.
I don't forsee the integration code using the Ambari admin credential to
authenticate, for the reasons I've outlined above.
Thanks.
- Robert
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47022/#review131870
---
On May 5, 2016, 6:26 p.m., Oliver Szabo wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47022/
> ---
>
> (Updated May 5, 2016, 6:26 p.m.)
>
>
> Review request for Ambari, Robert Nettleton and Sumit Mohanty.
>
>
> Bugs: AMBARI-16275
> https://issues.apache.org/jira/browse/AMBARI-16275
>
>
> Repository: ambari
>
>
> Description
> ---
>
> Change default username for Logsearch UI.
> Open question: if ambari_admin is used as default user, and that outcome is
> ambari user can be used on Logsearch UI, then adding a required password can
> be misleading.
>
>
> Diffs
> -
>
>
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-admin-json.xml
> ca818b9
>
> Diff: https://reviews.apache.org/r/47022/diff/
>
>
> Testing
> ---
>
> Total run:1014
> Total errors:0
> Total failures:0
>
>
> Thanks,
>
> Oliver Szabo
>
>