Re: Review Request 49286: AmbariServer looks for ldap_url, container_dn in blueprint even for MIT security type
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49286/#review139905 --- Ship it! Ship It! - Alejandro Fernandez On June 27, 2016, 11:13 p.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49286/ > --- > > (Updated June 27, 2016, 11:13 p.m.) > > > Review request for Ambari, Alejandro Fernandez, Denys Buzhor, Jonathan > Hurley, and Yusaku Sako. > > > Bugs: AMBARI-17320 > https://issues.apache.org/jira/browse/AMBARI-17320 > > > Repository: ambari > > > Description > --- > > `ldap_url` and `container_dn` are expected for MIT security type. They > should only be required for AD integration. > > # Example BP > ``` > { > "configurations": [ > { > "cluster-env": { > "properties": { > "command_retry_max_time_in_sec": "1200" > } > } > }, > { > "kerberos-env": { > "properties": { > "realm": "EXAMPLE.COM", > "kdc_type": "mit-kdc", > "kdc_hosts": "kdc.example.com", > "admin_server_host": "kdc.example.com", > "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5", > "service_check_principal_name": "cl1-QutreRP8p3" > } > } > }, > { > "krb5-conf": { > "properties": { > "domains": "", > "manage_krb5_conf": "true" > } > } > } > ], > "host_groups": [ > { > "name": "host1", > "cardinality": "1", > "components": [ > { > "name": "DATANODE" > }, > { > "name": "NFS_GATEWAY" > }, > { > "name": "HDFS_CLIENT" > }, > { > "name": "NODEMANAGER" > }, > { > "name": "YARN_CLIENT" > }, > { > "name": "MAPREDUCE2_CLIENT" > }, > { > "name": "HBASE_REGIONSERVER" > }, > { > "name": "HBASE_CLIENT" > }, > { > "name": "PHOENIX_QUERY_SERVER" > }, > { > "name": "HIVE_CLIENT" > }, > { > "name": "HCAT" > }, > { > "name": "OOZIE_CLIENT" > }, > { > "name": "ZOOKEEPER_CLIENT" > }, > { > "name": "SUPERVISOR" > }, > { > "name": "FALCON_CLIENT" > }, > { > "name": "FLUME_HANDLER" > }, > { > "name": "METRICS_MONITOR" > }, > { > "name": "RANGER_TAGSYNC" > }, > { > "name": "TEZ_CLIENT" > }, > { > "name": "PIG" > }, > { > "name": "SQOOP" > }, > { > "name": "SLIDER" > }, > { > "name": "KERBEROS_CLIENT" > }, > { > "name": "MAHOUT" > }, > { > "name": "HST_AGENT" > }, > { > "name": "LOGSEARCH_LOGFEEDER" > }, > { > "name": "LOGSEARCH_SOLR_CLIENT" > } > ] > } > ], > "Blueprints": { > "blueprint_name": "bp1", > "stack_name": "HDP", > "stack_version": "2.5" > } > } > ``` > > ``` > curl -H "X-Requested-By:ambari" -u admin:admin -i -X POST -d @./bp1.json > http://localhost:8080/api/v1/blueprints/bp1 > HTTP/1.1 100 Continue > > HTTP/1.1 400 Bad Request > Date: Mon, 20 Jun 2016 19:02:27 GMT > X-Frame-Options: DENY > X-XSS-Protection: 1; mode=block > Set-Cookie: AMBARISESSIONID=1a4dqzhedwoog4xg8jbu36e2q;Path=/;HttpOnly > Expires: Thu, 01 Jan 1970 00:00:00 GMT > User: admin > Content-Type: text/plain > Content-Length: 227 > Server: Jetty(9.2.11.v20150529) > > { > "status" : 400, > "message" : "Blueprint configuration validation failed: Missing required > properties. Specify a value for these properties in the blueprint > configuration. {host1={kerberos-env=[ldap_url, container_dn]}}" > } > ``` > > # Solution > Remove the `require-input` flag from the offending properties. This UI > appears to handle making the fields required if necessary. Eventually a > conditionally-required-input type should be created to handle this > dynamically. > > > Diffs > - > > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 98d2ada > > Diff: https://reviews.apa
Re: Review Request 49286: AmbariServer looks for ldap_url, container_dn in blueprint even for MIT security type
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49286/#review139779 --- Ship it! Ship It! - Jonathan Hurley On June 27, 2016, 7:13 p.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49286/ > --- > > (Updated June 27, 2016, 7:13 p.m.) > > > Review request for Ambari, Alejandro Fernandez, Denys Buzhor, Jonathan > Hurley, and Yusaku Sako. > > > Bugs: AMBARI-17320 > https://issues.apache.org/jira/browse/AMBARI-17320 > > > Repository: ambari > > > Description > --- > > `ldap_url` and `container_dn` are expected for MIT security type. They > should only be required for AD integration. > > # Example BP > ``` > { > "configurations": [ > { > "cluster-env": { > "properties": { > "command_retry_max_time_in_sec": "1200" > } > } > }, > { > "kerberos-env": { > "properties": { > "realm": "EXAMPLE.COM", > "kdc_type": "mit-kdc", > "kdc_hosts": "kdc.example.com", > "admin_server_host": "kdc.example.com", > "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5", > "service_check_principal_name": "cl1-QutreRP8p3" > } > } > }, > { > "krb5-conf": { > "properties": { > "domains": "", > "manage_krb5_conf": "true" > } > } > } > ], > "host_groups": [ > { > "name": "host1", > "cardinality": "1", > "components": [ > { > "name": "DATANODE" > }, > { > "name": "NFS_GATEWAY" > }, > { > "name": "HDFS_CLIENT" > }, > { > "name": "NODEMANAGER" > }, > { > "name": "YARN_CLIENT" > }, > { > "name": "MAPREDUCE2_CLIENT" > }, > { > "name": "HBASE_REGIONSERVER" > }, > { > "name": "HBASE_CLIENT" > }, > { > "name": "PHOENIX_QUERY_SERVER" > }, > { > "name": "HIVE_CLIENT" > }, > { > "name": "HCAT" > }, > { > "name": "OOZIE_CLIENT" > }, > { > "name": "ZOOKEEPER_CLIENT" > }, > { > "name": "SUPERVISOR" > }, > { > "name": "FALCON_CLIENT" > }, > { > "name": "FLUME_HANDLER" > }, > { > "name": "METRICS_MONITOR" > }, > { > "name": "RANGER_TAGSYNC" > }, > { > "name": "TEZ_CLIENT" > }, > { > "name": "PIG" > }, > { > "name": "SQOOP" > }, > { > "name": "SLIDER" > }, > { > "name": "KERBEROS_CLIENT" > }, > { > "name": "MAHOUT" > }, > { > "name": "HST_AGENT" > }, > { > "name": "LOGSEARCH_LOGFEEDER" > }, > { > "name": "LOGSEARCH_SOLR_CLIENT" > } > ] > } > ], > "Blueprints": { > "blueprint_name": "bp1", > "stack_name": "HDP", > "stack_version": "2.5" > } > } > ``` > > ``` > curl -H "X-Requested-By:ambari" -u admin:admin -i -X POST -d @./bp1.json > http://localhost:8080/api/v1/blueprints/bp1 > HTTP/1.1 100 Continue > > HTTP/1.1 400 Bad Request > Date: Mon, 20 Jun 2016 19:02:27 GMT > X-Frame-Options: DENY > X-XSS-Protection: 1; mode=block > Set-Cookie: AMBARISESSIONID=1a4dqzhedwoog4xg8jbu36e2q;Path=/;HttpOnly > Expires: Thu, 01 Jan 1970 00:00:00 GMT > User: admin > Content-Type: text/plain > Content-Length: 227 > Server: Jetty(9.2.11.v20150529) > > { > "status" : 400, > "message" : "Blueprint configuration validation failed: Missing required > properties. Specify a value for these properties in the blueprint > configuration. {host1={kerberos-env=[ldap_url, container_dn]}}" > } > ``` > > # Solution > Remove the `require-input` flag from the offending properties. This UI > appears to handle making the fields required if necessary. Eventually a > conditionally-required-input type should be created to handle this > dynamically. > > > Diffs > - > > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 98d2ada > > Diff: https://reviews.apache.or