You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Amruta Borkar <ar...@us.ibm.com> on 2017/01/11 00:53:47 UTC
Re: Review Request 53213: Exporting blueprint from kerberos enabled
cluster,
exports hardcoded values cluster name and realm in principal_name property
> On Oct. 31, 2016, 4:27 p.m., Robert Levas wrote:
> > This seems dangerous.
> >
> > I think it would be a better option to make this explicit by using a configuration attribute. For example:
> >
> > '''
> > <value-attributes>
> > ...
> > <type>kerberos_principal</type>
> > ...
> > </value-attributes>
> > '''
> >
> > However I am not sure if this data is available at the time you would need it.
>
> Amruta Borkar wrote:
> Hello Robert,
> Would it be ok if a new property type is defined to identify kerberos principal EX: <property-type>kerberos-principal<property-type> rather than defining it in <value-attribute> ? As we currently use <property-type>password<property-type> to identify and filter out password references while blueprint export.
>
> Robert Levas wrote:
> I think that will work too but we might need some more expertice on this. After making the change, can you add Jayush Luniya and Jaimin Jetly to the review? Also, make sure you update `configuration-schema.xsd` and `org.apache.ambari.server.state.PropertyInfo.PropertyType`
>
> Amruta Borkar wrote:
> Updated the the patch based on suggestions. Also adding Jayush Luniya and Jaimin Jetly.
Hello Jayush, Jaimin
Could you please review this?
Thank you
- Amruta
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53213/#review154274
-----------------------------------------------------------
On Nov. 9, 2016, 12:11 a.m., Amruta Borkar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/53213/
> -----------------------------------------------------------
>
> (Updated Nov. 9, 2016, 12:11 a.m.)
>
>
> Review request for Ambari, Di Li, Jaimin Jetly, Jayush Luniya, Robert Levas, and Robert Nettleton.
>
>
> Bugs: AMBARI-18692
> https://issues.apache.org/jira/browse/AMBARI-18692
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Exporting blueprint from kerberos enabled cluster, exports hardcoded values cluster name and realm in principal_name property.
> When the same blueprint is used to create another cluster with different name, service start fail with following error:
> "resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt /etc/security/keytabs/hdfs.headless.keytab [keytab_name_in_blueprint] eturned 1. kinit: Keytab contains no suitable keys for [keytab_name_in_blueprint] while getting initial credentials"
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java f890326
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/Stack.java 16f75ee
> ambari-server/src/main/java/org/apache/ambari/server/state/PropertyInfo.java 81de76c
> ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/configuration/accumulo-env.xml 1d330dd
> ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/configuration/infra-solr-env.xml d7ae236
> ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-hbase-security-site.xml 2be101b
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/application-properties.xml 9efa4f9
> ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml 8712c7d
> ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/configuration/hbase-env.xml 24bd563
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hadoop-env.xml afaaee8
> ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka-env.xml e8a76b6
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 7016437
> ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/knox-env.xml 2e5a026
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logfeeder-env.xml ee885e3
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-env.xml c5b9b4e
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml 36ebc8c
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-tagsync-site.xml a0bd322
> ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-ugsync-site.xml d267b75
> ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-site.xml 1bce4e6
> ambari-server/src/main/resources/common-services/SPARK/1.2.1/configuration/spark-defaults.xml b85cf50
> ambari-server/src/main/resources/common-services/SPARK/1.2.1/configuration/spark-env.xml 71a42f7
> ambari-server/src/main/resources/common-services/SPARK2/2.0.0/configuration/spark2-defaults.xml a5115af
> ambari-server/src/main/resources/common-services/SPARK2/2.0.0/configuration/spark2-env.xml b78fd79
> ambari-server/src/main/resources/common-services/STORM/0.9.1/configuration/storm-env.xml 5d0b2ff
> ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-env.xml c03d2dc
> ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/configuration/zookeeper-env.xml 696b28a
> ambari-server/src/main/resources/configuration-schema.xsd daba29f
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java 5bedb9d
>
> Diff: https://reviews.apache.org/r/53213/diff/
>
>
> Testing
> -------
>
> Tested manually. Suitable keytabs are generated automatically when not mentioned in blueprint. Service starts succeeded with a blueprint exported with the code change.
> Modified existing unit test cases.
>
>
> Thanks,
>
> Amruta Borkar
>
>