You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Eugene Chekanskiy <ec...@hortonworks.com> on 2017/11/09 12:53:39 UTC
Review Request 63698: Implement many-to-many relation between keytabs
and principals
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/
-----------------------------------------------------------
Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.
Bugs: AMBARI-22390
https://issues.apache.org/jira/browse/AMBARI-22390
Repository: ambari
Description
-------
Now it is possible to put mulitple different principals to same keytab:
* copy keytap entry from existant identity:
1. define principal with new unique name(identity1) and reference to principal that you want to update(identity0)
2. redefine principal record of identity
3. Good luck, now principals from identity1 and identity0 will be located in keytab file from identity0
* just define new keytab entry in identity with same keytab file. If owners are different for same keytab in different identities warning will be printed, if owners and goups are different, or group does not have "r" permission for file, error will be printed, so make sure that users that need this keytab are in group that can access it
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java f91383117f
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java 1dc8ca8ec7
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 59d532753d
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 3491f18931
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java f66d273665
ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json 166adbd7d0
ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json f2dd9e7e3d
ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json bf763de6d9
ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json 95d735b972
ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json b4e93ddc77
ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json 575b9fa42f
ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json 89f19d4927
Diff: https://reviews.apache.org/r/63698/diff/1/
Testing
-------
mvn clean test, cluster deploy
Thanks,
Eugene Chekanskiy
Re: Review Request 63698: Implement many-to-many relation between
keytabs and principals
Posted by Eugene Chekanskiy <ec...@hortonworks.com>.
> On Nov. 9, 2017, 1:53 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
> > Lines 142 (patched)
> > <https://reviews.apache.org/r/63698/diff/1/?file=1886093#file1886093line142>
> >
> > Will this prevent keytab files for headless principals from being regenerated when a regenerate all keytab files operation is being performed?
Thanks, that is an error, we need regenerate by default, but check for isService only if host filter is exists.
- Eugene
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/#review190583
-----------------------------------------------------------
On Nov. 9, 2017, 2:34 p.m., Eugene Chekanskiy wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63698/
> -----------------------------------------------------------
>
> (Updated Nov. 9, 2017, 2:34 p.m.)
>
>
> Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.
>
>
> Bugs: AMBARI-22390
> https://issues.apache.org/jira/browse/AMBARI-22390
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Now it is possible to put mulitple different principals to same keytab:
>
> * copy keytap entry from existant identity:
> 1. define principal with new unique name(identity1) and reference to principal that you want to update(identity0)
> 2. redefine principal record of identity
> 3. Good luck, now principals from identity1 and identity0 will be located in keytab file from identity0
> * just define new keytab entry in identity with same keytab file. If owners are different for same keytab in different identities warning will be printed, if owners and goups are different, or group does not have "r" permission for file, error will be printed, so make sure that users that need this keytab are in group that can access it
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java f91383117f
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java 1dc8ca8ec7
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 59d532753d
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 3491f18931
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java f66d273665
> ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json 166adbd7d0
> ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json f2dd9e7e3d
> ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json bf763de6d9
> ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json 95d735b972
> ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json b4e93ddc77
> ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json 575b9fa42f
> ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json 89f19d4927
>
>
> Diff: https://reviews.apache.org/r/63698/diff/2/
>
>
> Testing
> -------
>
> mvn clean test, cluster deploy
>
>
> Thanks,
>
> Eugene Chekanskiy
>
>
Re: Review Request 63698: Implement many-to-many relation between
keytabs and principals
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/#review190583
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
Lines 142 (patched)
<https://reviews.apache.org/r/63698/#comment268062>
Will this prevent keytab files for headless principals from being regenerated when a regenerate all keytab files operation is being performed?
ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json
Line 26 (original), 26 (patched)
<https://reviews.apache.org/r/63698/#comment268063>
This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop".
Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue.
ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json
Line 26 (original), 26 (patched)
<https://reviews.apache.org/r/63698/#comment268064>
This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop".
Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue.
ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json
Line 107 (original), 107 (patched)
<https://reviews.apache.org/r/63698/#comment268068>
This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop".
Assuming most of the the time {{livy-env/livy_user}} and {{livy2-env/livy_user}} are the same this should not be an issue.
ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json
Line 26 (original), 26 (patched)
<https://reviews.apache.org/r/63698/#comment268065>
This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop".
Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue.
ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json
Line 26 (original), 26 (patched)
<https://reviews.apache.org/r/63698/#comment268066>
This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop".
Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue.
ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json
Line 26 (original), 26 (patched)
<https://reviews.apache.org/r/63698/#comment268067>
This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop".
Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue.
ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json
Line 106 (original), 106 (patched)
<https://reviews.apache.org/r/63698/#comment268069>
This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop".
Assuming most of the the time {{livy-env/livy_user}} and {{livy2-env/livy_user}} are the same this should not be an issue.
ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json
Line 26 (original), 26 (patched)
<https://reviews.apache.org/r/63698/#comment268071>
This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop".
Assuming most of the the time {{spark-env/spark_user}} and {{spark2-env/spark_user}} are the same this should not be an issue.
ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json
Line 106 (original), 106 (patched)
<https://reviews.apache.org/r/63698/#comment268070>
This may not be a good idea since it opens up the keytab file to all users of the group - which is typically "hadoop".
Assuming most of the the time {{livy-env/livy_user}} and {{livy2-env/livy_user}} are the same this should not be an issue.
- Robert Levas
On Nov. 9, 2017, 7:53 a.m., Eugene Chekanskiy wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63698/
> -----------------------------------------------------------
>
> (Updated Nov. 9, 2017, 7:53 a.m.)
>
>
> Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.
>
>
> Bugs: AMBARI-22390
> https://issues.apache.org/jira/browse/AMBARI-22390
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Now it is possible to put mulitple different principals to same keytab:
>
> * copy keytap entry from existant identity:
> 1. define principal with new unique name(identity1) and reference to principal that you want to update(identity0)
> 2. redefine principal record of identity
> 3. Good luck, now principals from identity1 and identity0 will be located in keytab file from identity0
> * just define new keytab entry in identity with same keytab file. If owners are different for same keytab in different identities warning will be printed, if owners and goups are different, or group does not have "r" permission for file, error will be printed, so make sure that users that need this keytab are in group that can access it
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java f91383117f
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java 1dc8ca8ec7
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 59d532753d
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 3491f18931
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java f66d273665
> ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json 166adbd7d0
> ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json f2dd9e7e3d
> ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json bf763de6d9
> ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json 95d735b972
> ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json b4e93ddc77
> ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json 575b9fa42f
> ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json 89f19d4927
>
>
> Diff: https://reviews.apache.org/r/63698/diff/1/
>
>
> Testing
> -------
>
> mvn clean test, cluster deploy
>
>
> Thanks,
>
> Eugene Chekanskiy
>
>
Re: Review Request 63698: Implement many-to-many relation between
keytabs and principals
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/#review190821
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Levas
On Nov. 13, 2017, 10:03 a.m., Eugene Chekanskiy wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63698/
> -----------------------------------------------------------
>
> (Updated Nov. 13, 2017, 10:03 a.m.)
>
>
> Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.
>
>
> Bugs: AMBARI-22390
> https://issues.apache.org/jira/browse/AMBARI-22390
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Now it is possible to put mulitple different principals to same keytab:
>
> * copy keytap entry from existant identity:
> 1. define principal with new unique name(identity1) and reference to principal that you want to update(identity0)
> 2. redefine principal record of identity
> 3. Good luck, now principals from identity1 and identity0 will be located in keytab file from identity0
> * just define new keytab entry in identity with same keytab file. If owners are different for same keytab in different identities warning will be printed, if owners and goups are different, or group does not have "r" permission for file, error will be printed, so make sure that users that need this keytab are in group that can access it
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java f91383117f
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java 1dc8ca8ec7
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 59d532753d
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 3491f18931
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java f66d273665
>
>
> Diff: https://reviews.apache.org/r/63698/diff/3/
>
>
> Testing
> -------
>
> mvn clean test, cluster deploy
>
>
> Thanks,
>
> Eugene Chekanskiy
>
>
Re: Review Request 63698: Implement many-to-many relation between
keytabs and principals
Posted by Dmitro Lisnichenko <dl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/#review190824
-----------------------------------------------------------
Ship it!
Ship It!
- Dmitro Lisnichenko
On Nov. 13, 2017, 5:03 p.m., Eugene Chekanskiy wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63698/
> -----------------------------------------------------------
>
> (Updated Nov. 13, 2017, 5:03 p.m.)
>
>
> Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.
>
>
> Bugs: AMBARI-22390
> https://issues.apache.org/jira/browse/AMBARI-22390
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Now it is possible to put mulitple different principals to same keytab:
>
> * copy keytap entry from existant identity:
> 1. define principal with new unique name(identity1) and reference to principal that you want to update(identity0)
> 2. redefine principal record of identity
> 3. Good luck, now principals from identity1 and identity0 will be located in keytab file from identity0
> * just define new keytab entry in identity with same keytab file. If owners are different for same keytab in different identities warning will be printed, if owners and goups are different, or group does not have "r" permission for file, error will be printed, so make sure that users that need this keytab are in group that can access it
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java f91383117f
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java 1dc8ca8ec7
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 59d532753d
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 3491f18931
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java f66d273665
>
>
> Diff: https://reviews.apache.org/r/63698/diff/3/
>
>
> Testing
> -------
>
> mvn clean test, cluster deploy
>
>
> Thanks,
>
> Eugene Chekanskiy
>
>
Re: Review Request 63698: Implement many-to-many relation between
keytabs and principals
Posted by Eugene Chekanskiy <ec...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/
-----------------------------------------------------------
(Updated Nov. 13, 2017, 3:03 p.m.)
Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.
Bugs: AMBARI-22390
https://issues.apache.org/jira/browse/AMBARI-22390
Repository: ambari
Description
-------
Now it is possible to put mulitple different principals to same keytab:
* copy keytap entry from existant identity:
1. define principal with new unique name(identity1) and reference to principal that you want to update(identity0)
2. redefine principal record of identity
3. Good luck, now principals from identity1 and identity0 will be located in keytab file from identity0
* just define new keytab entry in identity with same keytab file. If owners are different for same keytab in different identities warning will be printed, if owners and goups are different, or group does not have "r" permission for file, error will be printed, so make sure that users that need this keytab are in group that can access it
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java f91383117f
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java 1dc8ca8ec7
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 59d532753d
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 3491f18931
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java f66d273665
Diff: https://reviews.apache.org/r/63698/diff/3/
Changes: https://reviews.apache.org/r/63698/diff/2-3/
Testing
-------
mvn clean test, cluster deploy
Thanks,
Eugene Chekanskiy
Re: Review Request 63698: Implement many-to-many relation between
keytabs and principals
Posted by Eugene Chekanskiy <ec...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/
-----------------------------------------------------------
(Updated Nov. 9, 2017, 2:34 p.m.)
Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.
Bugs: AMBARI-22390
https://issues.apache.org/jira/browse/AMBARI-22390
Repository: ambari
Description
-------
Now it is possible to put mulitple different principals to same keytab:
* copy keytap entry from existant identity:
1. define principal with new unique name(identity1) and reference to principal that you want to update(identity0)
2. redefine principal record of identity
3. Good luck, now principals from identity1 and identity0 will be located in keytab file from identity0
* just define new keytab entry in identity with same keytab file. If owners are different for same keytab in different identities warning will be printed, if owners and goups are different, or group does not have "r" permission for file, error will be printed, so make sure that users that need this keytab are in group that can access it
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java f91383117f
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java 1dc8ca8ec7
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 59d532753d
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 3491f18931
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java f66d273665
ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json 166adbd7d0
ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json f2dd9e7e3d
ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json bf763de6d9
ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json 95d735b972
ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json b4e93ddc77
ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json 575b9fa42f
ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json 89f19d4927
Diff: https://reviews.apache.org/r/63698/diff/2/
Changes: https://reviews.apache.org/r/63698/diff/1-2/
Testing
-------
mvn clean test, cluster deploy
Thanks,
Eugene Chekanskiy
Re: Review Request 63698: Implement many-to-many relation between
keytabs and principals
Posted by Dmitro Lisnichenko <dl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63698/#review190582
-----------------------------------------------------------
Ship it!
Ship It!
- Dmitro Lisnichenko
On Nov. 9, 2017, 2:53 p.m., Eugene Chekanskiy wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63698/
> -----------------------------------------------------------
>
> (Updated Nov. 9, 2017, 2:53 p.m.)
>
>
> Review request for Ambari, Attila Magyar, Dmitro Lisnichenko, and Robert Levas.
>
>
> Bugs: AMBARI-22390
> https://issues.apache.org/jira/browse/AMBARI-22390
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Now it is possible to put mulitple different principals to same keytab:
>
> * copy keytap entry from existant identity:
> 1. define principal with new unique name(identity1) and reference to principal that you want to update(identity0)
> 2. redefine principal record of identity
> 3. Good luck, now principals from identity1 and identity0 will be located in keytab file from identity0
> * just define new keytab entry in identity with same keytab file. If owners are different for same keytab in different identities warning will be printed, if owners and goups are different, or group does not have "r" permission for file, error will be printed, so make sure that users that need this keytab are in group that can access it
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java f91383117f
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java 1dc8ca8ec7
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 59d532753d
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 3491f18931
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java f66d273665
> ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json 166adbd7d0
> ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json f2dd9e7e3d
> ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json bf763de6d9
> ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json 95d735b972
> ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json b4e93ddc77
> ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK/kerberos.json 575b9fa42f
> ambari-server/src/main/resources/stacks/HDP/2.6/services/SPARK2/kerberos.json 89f19d4927
>
>
> Diff: https://reviews.apache.org/r/63698/diff/1/
>
>
> Testing
> -------
>
> mvn clean test, cluster deploy
>
>
> Thanks,
>
> Eugene Chekanskiy
>
>