You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Attila Magyar <am...@hortonworks.com> on 2017/02/01 16:09:58 UTC
Review Request 56175: Setup correct authentication and authorization
mechanism between Yarn Registry and Zookeeper
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56175/
-----------------------------------------------------------
Review request for Ambari, Laszlo Puskas, Robert Levas, and Sebastian Toader.
Bugs: AMBARI-19331
https://issues.apache.org/jira/browse/AMBARI-19331
Repository: ambari
Description
-------
YARN registry and yarn leader election znodes must be protected by sasl ACLs when kerberos enabled. The sasl ACLs should be removed after disabling kerberos.
Diffs
-----
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py aed8abc
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py a659dd1
ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json 29cc00a
ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py 4d47925
ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py 4d8d95e
ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json eaffec6
Diff: https://reviews.apache.org/r/56175/diff/
Testing
-------
Manual testing:
- created a cluster with yarn and hive
- enabled hive interactive mode
- enabled kerberos
- checked that hive interactive started successfully
- checked acls on /registry
- disabled kerberos
- checked acls on /registry
unittests are running ....
Thanks,
Attila Magyar
Re: Review Request 56175: Setup correct authentication and
authorization mechanism between Yarn Registry and Zookeeper
Posted by Sebastian Toader <st...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56175/#review163823
-----------------------------------------------------------
Ship it!
Ship It!
- Sebastian Toader
On Feb. 1, 2017, 5:09 p.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56175/
> -----------------------------------------------------------
>
> (Updated Feb. 1, 2017, 5:09 p.m.)
>
>
> Review request for Ambari, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-19331
> https://issues.apache.org/jira/browse/AMBARI-19331
>
>
> Repository: ambari
>
>
> Description
> -------
>
> YARN registry and yarn leader election znodes must be protected by sasl ACLs when kerberos enabled. The sasl ACLs should be removed after disabling kerberos.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py aed8abc
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py a659dd1
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json 29cc00a
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py 4d47925
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py 4d8d95e
> ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json eaffec6
>
> Diff: https://reviews.apache.org/r/56175/diff/
>
>
> Testing
> -------
>
> Manual testing:
> - created a cluster with yarn and hive
> - enabled hive interactive mode
> - enabled kerberos
> - checked that hive interactive started successfully
> - checked acls on /registry
> - disabled kerberos
> - checked acls on /registry
>
> unittests are running ....
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 56175: Setup correct authentication and
authorization mechanism between Yarn Registry and Zookeeper
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56175/#review163848
-----------------------------------------------------------
Ship it!
Ship It!
- Alejandro Fernandez
On Feb. 1, 2017, 4:43 p.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56175/
> -----------------------------------------------------------
>
> (Updated Feb. 1, 2017, 4:43 p.m.)
>
>
> Review request for Ambari, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-19331
> https://issues.apache.org/jira/browse/AMBARI-19331
>
>
> Repository: ambari
>
>
> Description
> -------
>
> YARN registry and yarn leader election znodes must be protected by sasl ACLs when kerberos enabled. The sasl ACLs should be removed after disabling kerberos.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py aed8abc
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py a659dd1
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json 29cc00a
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py 4d47925
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py 4d8d95e
> ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json eaffec6
>
> Diff: https://reviews.apache.org/r/56175/diff/
>
>
> Testing
> -------
>
> Manual testing:
> - created a cluster with yarn and hive
> - enabled hive interactive mode
> - enabled kerberos
> - checked that hive interactive started successfully
> - checked acls on /registry
> - disabled kerberos
> - checked acls on /registry
>
> Unittest run successfully (1 unrelated failure)
>
> Failed tests:
> AsyncCallableServiceTest.testCallableServiceShouldCancelTaskWhenTimeoutExceeded:94
> Unexpected method call ScheduledExecutorService.schedule(EasyMock for interface java.util.concurrent.Callable, 500, MILLISECONDS):
>
> Tests run: 4884, Failures: 1, Errors: 0, Skipped: 39
> Ran 270 tests in 6.748s
>
>
> ambari-agent:
> Ran 451 tests in 95.436s
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 56175: Setup correct authentication and
authorization mechanism between Yarn Registry and Zookeeper
Posted by Mahadev Konar <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56175/#review163840
-----------------------------------------------------------
Ship it!
Ship It!
- Mahadev Konar
On Feb. 1, 2017, 4:43 p.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56175/
> -----------------------------------------------------------
>
> (Updated Feb. 1, 2017, 4:43 p.m.)
>
>
> Review request for Ambari, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-19331
> https://issues.apache.org/jira/browse/AMBARI-19331
>
>
> Repository: ambari
>
>
> Description
> -------
>
> YARN registry and yarn leader election znodes must be protected by sasl ACLs when kerberos enabled. The sasl ACLs should be removed after disabling kerberos.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py aed8abc
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py a659dd1
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json 29cc00a
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py 4d47925
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py 4d8d95e
> ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json eaffec6
>
> Diff: https://reviews.apache.org/r/56175/diff/
>
>
> Testing
> -------
>
> Manual testing:
> - created a cluster with yarn and hive
> - enabled hive interactive mode
> - enabled kerberos
> - checked that hive interactive started successfully
> - checked acls on /registry
> - disabled kerberos
> - checked acls on /registry
>
> Unittest run successfully (1 unrelated failure)
>
> Failed tests:
> AsyncCallableServiceTest.testCallableServiceShouldCancelTaskWhenTimeoutExceeded:94
> Unexpected method call ScheduledExecutorService.schedule(EasyMock for interface java.util.concurrent.Callable, 500, MILLISECONDS):
>
> Tests run: 4884, Failures: 1, Errors: 0, Skipped: 39
> Ran 270 tests in 6.748s
>
>
> ambari-agent:
> Ran 451 tests in 95.436s
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 56175: Setup correct authentication and
authorization mechanism between Yarn Registry and Zookeeper
Posted by Laszlo Puskas <lp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56175/#review163842
-----------------------------------------------------------
Ship it!
Ship It!
- Laszlo Puskas
On Feb. 1, 2017, 4:43 p.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56175/
> -----------------------------------------------------------
>
> (Updated Feb. 1, 2017, 4:43 p.m.)
>
>
> Review request for Ambari, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-19331
> https://issues.apache.org/jira/browse/AMBARI-19331
>
>
> Repository: ambari
>
>
> Description
> -------
>
> YARN registry and yarn leader election znodes must be protected by sasl ACLs when kerberos enabled. The sasl ACLs should be removed after disabling kerberos.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py aed8abc
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py a659dd1
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json 29cc00a
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py 4d47925
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py 4d8d95e
> ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json eaffec6
>
> Diff: https://reviews.apache.org/r/56175/diff/
>
>
> Testing
> -------
>
> Manual testing:
> - created a cluster with yarn and hive
> - enabled hive interactive mode
> - enabled kerberos
> - checked that hive interactive started successfully
> - checked acls on /registry
> - disabled kerberos
> - checked acls on /registry
>
> Unittest run successfully (1 unrelated failure)
>
> Failed tests:
> AsyncCallableServiceTest.testCallableServiceShouldCancelTaskWhenTimeoutExceeded:94
> Unexpected method call ScheduledExecutorService.schedule(EasyMock for interface java.util.concurrent.Callable, 500, MILLISECONDS):
>
> Tests run: 4884, Failures: 1, Errors: 0, Skipped: 39
> Ran 270 tests in 6.748s
>
>
> ambari-agent:
> Ran 451 tests in 95.436s
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 56175: Setup correct authentication and
authorization mechanism between Yarn Registry and Zookeeper
Posted by Attila Magyar <am...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56175/
-----------------------------------------------------------
(Updated Feb. 1, 2017, 4:43 p.m.)
Review request for Ambari, Laszlo Puskas, Robert Levas, and Sebastian Toader.
Changes
-------
ran unittests
Bugs: AMBARI-19331
https://issues.apache.org/jira/browse/AMBARI-19331
Repository: ambari
Description
-------
YARN registry and yarn leader election znodes must be protected by sasl ACLs when kerberos enabled. The sasl ACLs should be removed after disabling kerberos.
Diffs
-----
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py aed8abc
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py a659dd1
ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json 29cc00a
ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py 4d47925
ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py 4d8d95e
ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json eaffec6
Diff: https://reviews.apache.org/r/56175/diff/
Testing (updated)
-------
Manual testing:
- created a cluster with yarn and hive
- enabled hive interactive mode
- enabled kerberos
- checked that hive interactive started successfully
- checked acls on /registry
- disabled kerberos
- checked acls on /registry
Unittest run successfully (1 unrelated failure)
Failed tests:
AsyncCallableServiceTest.testCallableServiceShouldCancelTaskWhenTimeoutExceeded:94
Unexpected method call ScheduledExecutorService.schedule(EasyMock for interface java.util.concurrent.Callable, 500, MILLISECONDS):
Tests run: 4884, Failures: 1, Errors: 0, Skipped: 39
Ran 270 tests in 6.748s
ambari-agent:
Ran 451 tests in 95.436s
Thanks,
Attila Magyar
Re: Review Request 56175: Setup correct authentication and
authorization mechanism between Yarn Registry and Zookeeper
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56175/#review163828
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Levas
On Feb. 1, 2017, 11:09 a.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56175/
> -----------------------------------------------------------
>
> (Updated Feb. 1, 2017, 11:09 a.m.)
>
>
> Review request for Ambari, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-19331
> https://issues.apache.org/jira/browse/AMBARI-19331
>
>
> Repository: ambari
>
>
> Description
> -------
>
> YARN registry and yarn leader election znodes must be protected by sasl ACLs when kerberos enabled. The sasl ACLs should be removed after disabling kerberos.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py aed8abc
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py a659dd1
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json 29cc00a
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py 4d47925
> ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py 4d8d95e
> ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json eaffec6
>
> Diff: https://reviews.apache.org/r/56175/diff/
>
>
> Testing
> -------
>
> Manual testing:
> - created a cluster with yarn and hive
> - enabled hive interactive mode
> - enabled kerberos
> - checked that hive interactive started successfully
> - checked acls on /registry
> - disabled kerberos
> - checked acls on /registry
>
> unittests are running ....
>
>
> Thanks,
>
> Attila Magyar
>
>