You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/01/29 06:19:35 UTC

[jira] [Updated] (AMBARI-9385) Implement Keytab regeneration

     [ https://issues.apache.org/jira/browse/AMBARI-9385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Levas updated AMBARI-9385:
---------------------------------
    Attachment: AMBARI-9385_01.patch

* Added the ability to handle directives related to updating a cluster resources with the security_type of KERBEROS.
* Handles directive {{regenerate_keytabs}} to regenerate keytabs on an previously Kerberized cluster

Patch File [^AMBARI-9385_01.patch]

> Implement Keytab regeneration
> -----------------------------
>
>                 Key: AMBARI-9385
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9385
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos, keytabs
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-9385_01.patch
>
>
> Create API entry point to initiate Kerberos keytab regeneration for the cluster:
> {code}
> PUT /api/v1/clusters/{clustername}?kerberos_regenerate_keytabs="true"
> {code}
> The entry point should invoke code to determine which principals need to be updated and then generate the following stages:
> # Update Principal Passwords
> # Generate Keytabs
> # Distribute Keytab
> This could be done in a method within {{org.apache.ambari.server.controller.KerberosHelper}} named {{regenerateKeytabs}} and flow similarly to {{org.apache.ambari.server.controller.KerberosHelper#toggleKerberos}}
> A Server-side action implementation already exists for generating keytabs - see {{org.apache.ambari.server.serveraction.kerberos.CreateKeytabFilesServerAction}}.
> A process is already in place to distribute keytabs - {{org/apache/ambari/server/controller/KerberosHelper.java:1192}}
> A new Server-side action _may_ need to be created to update relavant principal passwords, however {{org.apache.ambari.server.serveraction.kerberos.CreatePrincipalsServerAction}} may work for this, unaltered.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)