You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Attila Magyar <am...@hortonworks.com> on 2017/07/04 14:38:04 UTC
Review Request 60637: Cleanup relevant Kerberos identities when a
service is removed
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60637/
-----------------------------------------------------------
Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and Sebastian Toader.
Bugs: AMBARI-21392
https://issues.apache.org/jira/browse/AMBARI-21392
Repository: ambari
Description
-------
Upon removing a service from the cluster, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files.
Care must be taken not to remove any principals or keytab files that are still in use in the cluster.
entry point is: KerberosIdentityCleaner>>serviceRemoved
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java aa098b6
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cc0c048
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b30f8f6
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java 0a8462f
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java 5b55339
ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java aca00a8
ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 5084703
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java 0a89c1d
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java 41d1f65
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java 2023793
ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java d22c92e
Diff: https://reviews.apache.org/r/60637/diff/1/
Testing
-------
added new unittests.
end2end tested manually:
- created a cluster with spark1 and spark2
- enabled kerberos
- removed spark1
- checked that spark identity was NOT removed (because it was still used by spark2)
- removed spark2
- checked that the spark identity was removed
existing tests: PENDING
Thanks,
Attila Magyar
Re: Review Request 60637: Cleanup relevant Kerberos identities when a
service is removed
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60637/#review180216
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Levas
On July 6, 2017, 7:08 a.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60637/
> -----------------------------------------------------------
>
> (Updated July 6, 2017, 7:08 a.m.)
>
>
> Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-21392
> https://issues.apache.org/jira/browse/AMBARI-21392
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Upon removing a service from the cluster, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files.
> Care must be taken not to remove any principals or keytab files that are still in use in the cluster.
>
> entry point is: KerberosIdentityCleaner>>serviceRemoved
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java aa098b6
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cc0c048
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b30f8f6
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java 0a8462f
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java 5b55339
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java aca00a8
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ClusterDAO.java a23b914
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ClusterConfigEntity.java 34f3034
> ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java b4f7120
> ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 5084703
> ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java 06b6217
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java 0a89c1d
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java 41d1f65
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java 2023793
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java d22c92e
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 406349a
>
>
> Diff: https://reviews.apache.org/r/60637/diff/4/
>
>
> Testing
> -------
>
> added new unittests.
> end2end tested manually:
> - created a cluster with spark1 and spark2
> - enabled kerberos
> - removed spark1
> - checked that spark identity was NOT removed (because it was still used by spark2)
> - removed spark2
> - checked that the spark identity was removed
>
> existing tests:
>
> Tests run: 4800, Failures: 0, Errors: 0, Skipped: 35
>
> ----------------------------------------------------------------------
> Ran 245 tests in 7.085s
>
> OK
> ----------------------------------------------------------------------
> Total run:1145
> Total errors:0
> Total failures:0
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 60637: Cleanup relevant Kerberos identities when a
service is removed
Posted by Attila Magyar <am...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60637/
-----------------------------------------------------------
(Updated July 6, 2017, 11:08 a.m.)
Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and Sebastian Toader.
Changes
-------
Fixed principal names with placeholder variables in their names.
Bugs: AMBARI-21392
https://issues.apache.org/jira/browse/AMBARI-21392
Repository: ambari
Description
-------
Upon removing a service from the cluster, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files.
Care must be taken not to remove any principals or keytab files that are still in use in the cluster.
entry point is: KerberosIdentityCleaner>>serviceRemoved
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java aa098b6
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cc0c048
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b30f8f6
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java 0a8462f
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java 5b55339
ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java aca00a8
ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ClusterDAO.java a23b914
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ClusterConfigEntity.java 34f3034
ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java b4f7120
ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 5084703
ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java 06b6217
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java 0a89c1d
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java 41d1f65
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java 2023793
ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java d22c92e
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 406349a
Diff: https://reviews.apache.org/r/60637/diff/4/
Changes: https://reviews.apache.org/r/60637/diff/3-4/
Testing
-------
added new unittests.
end2end tested manually:
- created a cluster with spark1 and spark2
- enabled kerberos
- removed spark1
- checked that spark identity was NOT removed (because it was still used by spark2)
- removed spark2
- checked that the spark identity was removed
existing tests: PENDING
Thanks,
Attila Magyar
Re: Review Request 60637: Cleanup relevant Kerberos identities when a
service is removed
Posted by Robert Levas <rl...@hortonworks.com>.
> On July 5, 2017, 11:21 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java
> > Lines 59 (patched)
> > <https://reviews.apache.org/r/60637/diff/3/?file=1769225#file1769225line65>
> >
> > This is Java8-specific code. Was it officially declared that Java7 is to be dropped for Ambari?
>
> Attila Magyar wrote:
> I suppose yes because the ambari server is now compiled to 1.8 source level on the trunk.
I see. The ambari-server pom file was updated yesterday to force JDK version 1.8.
```
<jdk.version>1.8</jdk.version>
```
Dropping this issue.
- Robert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60637/#review179634
-----------------------------------------------------------
On July 4, 2017, 11:20 a.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60637/
> -----------------------------------------------------------
>
> (Updated July 4, 2017, 11:20 a.m.)
>
>
> Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-21392
> https://issues.apache.org/jira/browse/AMBARI-21392
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Upon removing a service from the cluster, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files.
> Care must be taken not to remove any principals or keytab files that are still in use in the cluster.
>
> entry point is: KerberosIdentityCleaner>>serviceRemoved
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java aa098b6
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cc0c048
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b30f8f6
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java 0a8462f
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java 5b55339
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java aca00a8
> ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 5084703
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java 0a89c1d
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java 41d1f65
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java 2023793
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java d22c92e
>
>
> Diff: https://reviews.apache.org/r/60637/diff/3/
>
>
> Testing
> -------
>
> added new unittests.
> end2end tested manually:
> - created a cluster with spark1 and spark2
> - enabled kerberos
> - removed spark1
> - checked that spark identity was NOT removed (because it was still used by spark2)
> - removed spark2
> - checked that the spark identity was removed
>
> existing tests: PENDING
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 60637: Cleanup relevant Kerberos identities when a
service is removed
Posted by Attila Magyar <am...@hortonworks.com>.
> On July 5, 2017, 3:21 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java
> > Lines 59 (patched)
> > <https://reviews.apache.org/r/60637/diff/3/?file=1769225#file1769225line65>
> >
> > This is Java8-specific code. Was it officially declared that Java7 is to be dropped for Ambari?
I suppose yes because the ambari server is now compiled to 1.8 source level on the trunk.
- Attila
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60637/#review179634
-----------------------------------------------------------
On July 4, 2017, 3:20 p.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60637/
> -----------------------------------------------------------
>
> (Updated July 4, 2017, 3:20 p.m.)
>
>
> Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-21392
> https://issues.apache.org/jira/browse/AMBARI-21392
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Upon removing a service from the cluster, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files.
> Care must be taken not to remove any principals or keytab files that are still in use in the cluster.
>
> entry point is: KerberosIdentityCleaner>>serviceRemoved
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java aa098b6
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cc0c048
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b30f8f6
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java 0a8462f
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java 5b55339
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java aca00a8
> ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 5084703
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java 0a89c1d
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java 41d1f65
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java 2023793
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java d22c92e
>
>
> Diff: https://reviews.apache.org/r/60637/diff/3/
>
>
> Testing
> -------
>
> added new unittests.
> end2end tested manually:
> - created a cluster with spark1 and spark2
> - enabled kerberos
> - removed spark1
> - checked that spark identity was NOT removed (because it was still used by spark2)
> - removed spark2
> - checked that the spark identity was removed
>
> existing tests: PENDING
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 60637: Cleanup relevant Kerberos identities when a
service is removed
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60637/#review179634
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java
Lines 59 (patched)
<https://reviews.apache.org/r/60637/#comment254441>
This is Java8-specific code. Was it officially declared that Java7 is to be dropped for Ambari?
- Robert Levas
On July 4, 2017, 11:20 a.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60637/
> -----------------------------------------------------------
>
> (Updated July 4, 2017, 11:20 a.m.)
>
>
> Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-21392
> https://issues.apache.org/jira/browse/AMBARI-21392
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Upon removing a service from the cluster, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files.
> Care must be taken not to remove any principals or keytab files that are still in use in the cluster.
>
> entry point is: KerberosIdentityCleaner>>serviceRemoved
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java aa098b6
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cc0c048
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b30f8f6
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java 0a8462f
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java 5b55339
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java aca00a8
> ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 5084703
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java 0a89c1d
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java 41d1f65
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java 2023793
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java d22c92e
>
>
> Diff: https://reviews.apache.org/r/60637/diff/3/
>
>
> Testing
> -------
>
> added new unittests.
> end2end tested manually:
> - created a cluster with spark1 and spark2
> - enabled kerberos
> - removed spark1
> - checked that spark identity was NOT removed (because it was still used by spark2)
> - removed spark2
> - checked that the spark identity was removed
>
> existing tests: PENDING
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 60637: Cleanup relevant Kerberos identities when a
service is removed
Posted by Sebastian Toader <st...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60637/#review179583
-----------------------------------------------------------
Ship it!
Ship It!
- Sebastian Toader
On July 4, 2017, 5:20 p.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60637/
> -----------------------------------------------------------
>
> (Updated July 4, 2017, 5:20 p.m.)
>
>
> Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-21392
> https://issues.apache.org/jira/browse/AMBARI-21392
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Upon removing a service from the cluster, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files.
> Care must be taken not to remove any principals or keytab files that are still in use in the cluster.
>
> entry point is: KerberosIdentityCleaner>>serviceRemoved
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java aa098b6
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cc0c048
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b30f8f6
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java 0a8462f
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java 5b55339
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java aca00a8
> ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 5084703
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java 0a89c1d
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java 41d1f65
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java 2023793
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java d22c92e
>
>
> Diff: https://reviews.apache.org/r/60637/diff/3/
>
>
> Testing
> -------
>
> added new unittests.
> end2end tested manually:
> - created a cluster with spark1 and spark2
> - enabled kerberos
> - removed spark1
> - checked that spark identity was NOT removed (because it was still used by spark2)
> - removed spark2
> - checked that the spark identity was removed
>
> existing tests: PENDING
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 60637: Cleanup relevant Kerberos identities when a
service is removed
Posted by Attila Doroszlai <ad...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60637/#review179614
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java
Lines 1 (patched)
<https://reviews.apache.org/r/60637/#comment254422>
missing license
- Attila Doroszlai
On July 4, 2017, 5:20 p.m., Attila Magyar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60637/
> -----------------------------------------------------------
>
> (Updated July 4, 2017, 5:20 p.m.)
>
>
> Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and Sebastian Toader.
>
>
> Bugs: AMBARI-21392
> https://issues.apache.org/jira/browse/AMBARI-21392
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Upon removing a service from the cluster, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files.
> Care must be taken not to remove any principals or keytab files that are still in use in the cluster.
>
> entry point is: KerberosIdentityCleaner>>serviceRemoved
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java aa098b6
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cc0c048
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b30f8f6
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java 0a8462f
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java 5b55339
> ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java aca00a8
> ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 5084703
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java 0a89c1d
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java 41d1f65
> ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java 2023793
> ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java d22c92e
>
>
> Diff: https://reviews.apache.org/r/60637/diff/3/
>
>
> Testing
> -------
>
> added new unittests.
> end2end tested manually:
> - created a cluster with spark1 and spark2
> - enabled kerberos
> - removed spark1
> - checked that spark identity was NOT removed (because it was still used by spark2)
> - removed spark2
> - checked that the spark identity was removed
>
> existing tests: PENDING
>
>
> Thanks,
>
> Attila Magyar
>
>
Re: Review Request 60637: Cleanup relevant Kerberos identities when a
service is removed
Posted by Attila Magyar <am...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60637/
-----------------------------------------------------------
(Updated July 4, 2017, 3:20 p.m.)
Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and Sebastian Toader.
Changes
-------
-for
Bugs: AMBARI-21392
https://issues.apache.org/jira/browse/AMBARI-21392
Repository: ambari
Description
-------
Upon removing a service from the cluster, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files.
Care must be taken not to remove any principals or keytab files that are still in use in the cluster.
entry point is: KerberosIdentityCleaner>>serviceRemoved
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java aa098b6
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cc0c048
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b30f8f6
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java 0a8462f
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java 5b55339
ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java aca00a8
ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 5084703
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java 0a89c1d
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java 41d1f65
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java 2023793
ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java d22c92e
Diff: https://reviews.apache.org/r/60637/diff/3/
Changes: https://reviews.apache.org/r/60637/diff/2-3/
Testing
-------
added new unittests.
end2end tested manually:
- created a cluster with spark1 and spark2
- enabled kerberos
- removed spark1
- checked that spark identity was NOT removed (because it was still used by spark2)
- removed spark2
- checked that the spark identity was removed
existing tests: PENDING
Thanks,
Attila Magyar
Re: Review Request 60637: Cleanup relevant Kerberos identities when a
service is removed
Posted by Attila Magyar <am...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60637/
-----------------------------------------------------------
(Updated July 4, 2017, 3:06 p.m.)
Review request for Ambari, Balázs Bence Sári, Laszlo Puskas, Robert Levas, and Sebastian Toader.
Changes
-------
+comment
Bugs: AMBARI-21392
https://issues.apache.org/jira/browse/AMBARI-21392
Repository: ambari
Description
-------
Upon removing a service from the cluster, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files.
Care must be taken not to remove any principals or keytab files that are still in use in the cluster.
entry point is: KerberosIdentityCleaner>>serviceRemoved
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java aa098b6
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cc0c048
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b30f8f6
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java 0a8462f
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/RemovableIdentities.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/UsedIdentities.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/events/ServiceComponentUninstalledEvent.java 5b55339
ambari-server/src/main/java/org/apache/ambari/server/events/ServiceRemovedEvent.java aca00a8
ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java 5084703
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java 0a89c1d
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java 41d1f65
ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java 2023793
ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java d22c92e
Diff: https://reviews.apache.org/r/60637/diff/2/
Changes: https://reviews.apache.org/r/60637/diff/1-2/
Testing
-------
added new unittests.
end2end tested manually:
- created a cluster with spark1 and spark2
- enabled kerberos
- removed spark1
- checked that spark identity was NOT removed (because it was still used by spark2)
- removed spark2
- checked that the spark identity was removed
existing tests: PENDING
Thanks,
Attila Magyar