You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Bolke de Bruin <bd...@gmail.com> on 2016/02/28 20:54:19 UTC
Review Request 44148: Add FreeIPA support to Ambari.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/
-----------------------------------------------------------
Review request for Ambari.
Bugs: AMBARI-6432
https://issues.apache.org/jira/browse/AMBARI-6432
Repository: ambari
Description
-------
FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
It has been requested to have this implemented in several tickets.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
ambari-web/app/controllers/main/admin/kerberos.js c021c89
ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
ambari-web/app/controllers/main/service/info/configs.js a22bb48
ambari-web/app/data/HDP2/site_properties.js 3ea6c68
ambari-web/app/messages.js 1cefce2
ambari-web/app/views/common/controls_view.js d355ffe
Diff: https://reviews.apache.org/r/44148/diff/
Testing
-------
FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
Thanks,
Bolke de Bruin
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Bolke de Bruin <bd...@gmail.com>.
> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java, line 438
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273817#file1273817line438>
> >
> > Should this timeout be configurable?
Fixed in new version
> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java, line 198
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273817#file1273817line198>
> >
> > Provide the name of the script to indicate that this is IPA
Fixed in new version
> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java, line 543
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273817#file1273817line543>
> >
> > FYI, indentation on this file is 2 spaces.
Fixed in new version
> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java, line 764
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273817#file1273817line764>
> >
> > May want to log this.
In new version.
> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-web/app/controllers/main/admin/kerberos/step2_controller.js, line 257
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273825#file1273825line257>
> >
> > Can we convert to lower
>
> Bolke de Bruin wrote:
> We can, but that is inconsistent with other options?
Ah you caught a bug actually it seems. Fixed that.
- Bolke
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review121285
-----------------------------------------------------------
On feb 29, 2016, 9:49 p.m., Bolke de Bruin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
>
> (Updated feb 29, 2016, 9:49 p.m.)
>
>
> Review request for Ambari and Robert Levas.
>
>
> Bugs: AMBARI-6432
> https://issues.apache.org/jira/browse/AMBARI-6432
>
>
> Repository: ambari
>
>
> Description
> -------
>
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
>
> It has been requested to have this implemented in several tickets.
>
> To test.
>
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
> ambari-web/app/controllers/main/admin/kerberos.js c021c89
> ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
> ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
> ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
> ambari-web/app/controllers/main/service/info/configs.js a22bb48
> ambari-web/app/data/HDP2/site_properties.js 3ea6c68
> ambari-web/app/messages.js 1cefce2
> ambari-web/app/views/common/controls_view.js d355ffe
>
> Diff: https://reviews.apache.org/r/44148/diff/
>
>
> Testing
> -------
>
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
>
>
> Thanks,
>
> Bolke de Bruin
>
>
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Bolke de Bruin <bd...@gmail.com>.
> On Feb. 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java, line 491
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273817#file1273817line491>
> >
> > We should never be printing password, even old ones.
this writes to kinit and is required (password chat). it is not printed
> On Feb. 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java, line 502
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273817#file1273817line502>
> >
> > Shouldn't print the password!
again same as above this is send to kinit and is required
- Bolke
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review121285
-----------------------------------------------------------
On Feb. 29, 2016, 10:09 a.m., Bolke de Bruin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
>
> (Updated Feb. 29, 2016, 10:09 a.m.)
>
>
> Review request for Ambari.
>
>
> Bugs: AMBARI-6432
> https://issues.apache.org/jira/browse/AMBARI-6432
>
>
> Repository: ambari
>
>
> Description
> -------
>
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
>
> It has been requested to have this implemented in several tickets.
>
> To test.
>
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
> ambari-web/app/controllers/main/admin/kerberos.js c021c89
> ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
> ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
> ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
> ambari-web/app/controllers/main/service/info/configs.js a22bb48
> ambari-web/app/data/HDP2/site_properties.js 3ea6c68
> ambari-web/app/messages.js 1cefce2
> ambari-web/app/views/common/controls_view.js d355ffe
>
> Diff: https://reviews.apache.org/r/44148/diff/
>
>
> Testing
> -------
>
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
>
>
> Thanks,
>
> Bolke de Bruin
>
>
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Bolke de Bruin <bd...@gmail.com>.
> On feb 29, 2016, 6:56 p.m., Alejandro Fernandez wrote:
> > ambari-web/app/controllers/main/admin/kerberos/step2_controller.js, line 257
> > <https://reviews.apache.org/r/44148/diff/3/?file=1273825#file1273825line257>
> >
> > Can we convert to lower
We can, but that is inconsistent with other options?
- Bolke
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review121285
-----------------------------------------------------------
On feb 29, 2016, 10:09 a.m., Bolke de Bruin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
>
> (Updated feb 29, 2016, 10:09 a.m.)
>
>
> Review request for Ambari.
>
>
> Bugs: AMBARI-6432
> https://issues.apache.org/jira/browse/AMBARI-6432
>
>
> Repository: ambari
>
>
> Description
> -------
>
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
>
> It has been requested to have this implemented in several tickets.
>
> To test.
>
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
> ambari-web/app/controllers/main/admin/kerberos.js c021c89
> ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
> ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
> ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
> ambari-web/app/controllers/main/service/info/configs.js a22bb48
> ambari-web/app/data/HDP2/site_properties.js 3ea6c68
> ambari-web/app/messages.js 1cefce2
> ambari-web/app/views/common/controls_view.js d355ffe
>
> Diff: https://reviews.apache.org/r/44148/diff/
>
>
> Testing
> -------
>
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
>
>
> Thanks,
>
> Bolke de Bruin
>
>
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review121285
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 198)
<https://reviews.apache.org/r/44148/#comment182963>
Provide the name of the script to indicate that this is IPA
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 438)
<https://reviews.apache.org/r/44148/#comment182966>
Should this timeout be configurable?
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 491)
<https://reviews.apache.org/r/44148/#comment182967>
We should never be printing password, even old ones.
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 502)
<https://reviews.apache.org/r/44148/#comment182968>
Shouldn't print the password!
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 528)
<https://reviews.apache.org/r/44148/#comment182969>
Each stream should have its own try-catch block.
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 543)
<https://reviews.apache.org/r/44148/#comment182970>
FYI, indentation on this file is 2 spaces.
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 764)
<https://reviews.apache.org/r/44148/#comment182971>
May want to log this.
ambari-web/app/controllers/main/admin/kerberos/step2_controller.js (line 257)
<https://reviews.apache.org/r/44148/#comment182961>
Can we convert to lower
- Alejandro Fernandez
On Feb. 29, 2016, 10:09 a.m., Bolke de Bruin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
>
> (Updated Feb. 29, 2016, 10:09 a.m.)
>
>
> Review request for Ambari.
>
>
> Bugs: AMBARI-6432
> https://issues.apache.org/jira/browse/AMBARI-6432
>
>
> Repository: ambari
>
>
> Description
> -------
>
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
>
> It has been requested to have this implemented in several tickets.
>
> To test.
>
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
> ambari-web/app/controllers/main/admin/kerberos.js c021c89
> ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
> ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
> ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
> ambari-web/app/controllers/main/service/info/configs.js a22bb48
> ambari-web/app/data/HDP2/site_properties.js 3ea6c68
> ambari-web/app/messages.js 1cefce2
> ambari-web/app/views/common/controls_view.js d355ffe
>
> Diff: https://reviews.apache.org/r/44148/diff/
>
>
> Testing
> -------
>
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
>
>
> Thanks,
>
> Bolke de Bruin
>
>
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review121288
-----------------------------------------------------------
Please ensure Robert Levas has taken a look at the code review. Thank you for adding IPA.
- Alejandro Fernandez
On Feb. 29, 2016, 10:09 a.m., Bolke de Bruin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
>
> (Updated Feb. 29, 2016, 10:09 a.m.)
>
>
> Review request for Ambari.
>
>
> Bugs: AMBARI-6432
> https://issues.apache.org/jira/browse/AMBARI-6432
>
>
> Repository: ambari
>
>
> Description
> -------
>
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
>
> It has been requested to have this implemented in several tickets.
>
> To test.
>
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
> ambari-web/app/controllers/main/admin/kerberos.js c021c89
> ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
> ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
> ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
> ambari-web/app/controllers/main/service/info/configs.js a22bb48
> ambari-web/app/data/HDP2/site_properties.js 3ea6c68
> ambari-web/app/messages.js 1cefce2
> ambari-web/app/views/common/controls_view.js d355ffe
>
> Diff: https://reviews.apache.org/r/44148/diff/
>
>
> Testing
> -------
>
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
>
>
> Thanks,
>
> Bolke de Bruin
>
>
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Bolke de Bruin <bd...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/
-----------------------------------------------------------
(Updated mrt 1, 2016, 7:22 p.m.)
Review request for Ambari and Robert Levas.
Changes
-------
Addressed issues mentioned.
* Refactored code to make sure not to overwrite existing credential cache
* password expiry now 'moves'
Bugs: AMBARI-6432
https://issues.apache.org/jira/browse/AMBARI-6432
Repository: ambari
Description
-------
FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
It has been requested to have this implemented in several tickets.
To test.
* Have a working IPA server available
* Create a group "ambari-managed-principals" (configurable)
* Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
* Enroll all hosts into ipa
* make sure the ipa-admintools are available on the ambari host
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java 947b336
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
ambari-web/app/controllers/main/admin/kerberos.js c021c89
ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
ambari-web/app/controllers/main/service/info/configs.js a22bb48
ambari-web/app/data/HDP2/site_properties.js 5ad24fc
ambari-web/app/messages.js a74c5bc
ambari-web/app/views/common/controls_view.js d355ffe
Diff: https://reviews.apache.org/r/44148/diff/
Testing
-------
FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
Thanks,
Bolke de Bruin
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Bolke de Bruin <bd...@gmail.com>.
> On feb 29, 2016, 9:51 p.m., Alejandro Fernandez wrote:
> > +1, please also get approval from Robert Levas
Thanks. Will do. I have added him to the reviewers.
- Bolke
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review121325
-----------------------------------------------------------
On feb 29, 2016, 9:49 p.m., Bolke de Bruin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
>
> (Updated feb 29, 2016, 9:49 p.m.)
>
>
> Review request for Ambari and Robert Levas.
>
>
> Bugs: AMBARI-6432
> https://issues.apache.org/jira/browse/AMBARI-6432
>
>
> Repository: ambari
>
>
> Description
> -------
>
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
>
> It has been requested to have this implemented in several tickets.
>
> To test.
>
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
> ambari-web/app/controllers/main/admin/kerberos.js c021c89
> ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
> ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
> ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
> ambari-web/app/controllers/main/service/info/configs.js a22bb48
> ambari-web/app/data/HDP2/site_properties.js 3ea6c68
> ambari-web/app/messages.js 1cefce2
> ambari-web/app/views/common/controls_view.js d355ffe
>
> Diff: https://reviews.apache.org/r/44148/diff/
>
>
> Testing
> -------
>
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
>
>
> Thanks,
>
> Bolke de Bruin
>
>
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review121325
-----------------------------------------------------------
+1, please also get approval from Robert Levas
- Alejandro Fernandez
On Feb. 29, 2016, 9:49 p.m., Bolke de Bruin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
>
> (Updated Feb. 29, 2016, 9:49 p.m.)
>
>
> Review request for Ambari and Robert Levas.
>
>
> Bugs: AMBARI-6432
> https://issues.apache.org/jira/browse/AMBARI-6432
>
>
> Repository: ambari
>
>
> Description
> -------
>
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
>
> It has been requested to have this implemented in several tickets.
>
> To test.
>
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
> ambari-web/app/controllers/main/admin/kerberos.js c021c89
> ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
> ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
> ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
> ambari-web/app/controllers/main/service/info/configs.js a22bb48
> ambari-web/app/data/HDP2/site_properties.js 3ea6c68
> ambari-web/app/messages.js 1cefce2
> ambari-web/app/views/common/controls_view.js d355ffe
>
> Diff: https://reviews.apache.org/r/44148/diff/
>
>
> Testing
> -------
>
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
>
>
> Thanks,
>
> Bolke de Bruin
>
>
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Bolke de Bruin <bd...@gmail.com>.
> On mrt 1, 2016, 1:51 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java, line 865
> > <https://reviews.apache.org/r/44148/diff/4/?file=1274675#file1274675line865>
> >
> > Why not use the default implemenation of this? It appears you are using the Ambari-generated password when creating the account, so the default impl should work fine.
A couple of reasons why not to use the default implementation
1) BLOCKING: In case not using the ambari-generated password, which can happen if using the "krbPasswordExpiry' attribute setting, this won't work per comments
2) I think it is better to use the supplied mechanisms for creating a keytab instead of rolling your own (see also point 1) and yes I have seen faulty keytabs being generated by Ambari due to assumptions not being correct.
> On mrt 1, 2016, 1:51 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java, line 500
> > <https://reviews.apache.org/r/44148/diff/4/?file=1274675#file1274675line500>
> >
> > When executing kinit for this purpose, is the credential cache being storing in an alternate location, else will it overwrite the credential cache for Ambari itself?
Good point. I will fix this.
- Bolke
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review121368
-----------------------------------------------------------
On feb 29, 2016, 9:49 p.m., Bolke de Bruin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
>
> (Updated feb 29, 2016, 9:49 p.m.)
>
>
> Review request for Ambari and Robert Levas.
>
>
> Bugs: AMBARI-6432
> https://issues.apache.org/jira/browse/AMBARI-6432
>
>
> Repository: ambari
>
>
> Description
> -------
>
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
>
> It has been requested to have this implemented in several tickets.
>
> To test.
>
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
> ambari-web/app/controllers/main/admin/kerberos.js c021c89
> ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
> ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
> ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
> ambari-web/app/controllers/main/service/info/configs.js a22bb48
> ambari-web/app/data/HDP2/site_properties.js 3ea6c68
> ambari-web/app/messages.js 1cefce2
> ambari-web/app/views/common/controls_view.js d355ffe
>
> Diff: https://reviews.apache.org/r/44148/diff/
>
>
> Testing
> -------
>
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
>
>
> Thanks,
>
> Bolke de Bruin
>
>
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/#review121368
-----------------------------------------------------------
@Yusaku Sako or @Jaimin Jetly should review the UI updates.
We need to ensure that the internal kinits do not cause collisions with Ambari's credential cache. Has this been tested when JAAS is configured for Ambari?
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 65)
<https://reviews.apache.org/r/44148/#comment183040>
This should be calculated rather than hard coded. Also the naming convention indicates that this is a `static` `final` member but is not indicated as such
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 236)
<https://reviews.apache.org/r/44148/#comment183041>
`MIT` --> `IPA`
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 500)
<https://reviews.apache.org/r/44148/#comment183044>
When executing kinit for this purpose, is the credential cache being storing in an alternate location, else will it overwrite the credential cache for Ambari itself?
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 575)
<https://reviews.apache.org/r/44148/#comment183045>
When executing kinit for this purpose, is the credential cache being storing in an alternate location, else will it overwrite the credential cache for Ambari itself?
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java (line 865)
<https://reviews.apache.org/r/44148/#comment183052>
Why not use the default implemenation of this? It appears you are using the Ambari-generated password when creating the account, so the default impl should work fine.
- Robert Levas
On Feb. 29, 2016, 4:49 p.m., Bolke de Bruin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44148/
> -----------------------------------------------------------
>
> (Updated Feb. 29, 2016, 4:49 p.m.)
>
>
> Review request for Ambari and Robert Levas.
>
>
> Bugs: AMBARI-6432
> https://issues.apache.org/jira/browse/AMBARI-6432
>
>
> Repository: ambari
>
>
> Description
> -------
>
> FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
>
> It has been requested to have this implemented in several tickets.
>
> To test.
>
> * Have a working IPA server available
> * Create a group "ambari-managed-principals" (configurable)
> * Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
> * Enroll all hosts into ipa
> * make sure the ipa-admintools are available on the ambari host
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
> ambari-web/app/controllers/main/admin/kerberos.js c021c89
> ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
> ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
> ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
> ambari-web/app/controllers/main/service/info/configs.js a22bb48
> ambari-web/app/data/HDP2/site_properties.js 3ea6c68
> ambari-web/app/messages.js 1cefce2
> ambari-web/app/views/common/controls_view.js d355ffe
>
> Diff: https://reviews.apache.org/r/44148/diff/
>
>
> Testing
> -------
>
> FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
>
>
> Thanks,
>
> Bolke de Bruin
>
>
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Bolke de Bruin <bd...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/
-----------------------------------------------------------
(Updated feb 29, 2016, 9:49 p.m.)
Review request for Ambari and Robert Levas.
Changes
-------
New patch that addresses the mentioned issues for diff 3.
Bugs: AMBARI-6432
https://issues.apache.org/jira/browse/AMBARI-6432
Repository: ambari
Description
-------
FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
It has been requested to have this implemented in several tickets.
To test.
* Have a working IPA server available
* Create a group "ambari-managed-principals" (configurable)
* Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
* Enroll all hosts into ipa
* make sure the ipa-admintools are available on the ambari host
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
ambari-web/app/controllers/main/admin/kerberos.js c021c89
ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
ambari-web/app/controllers/main/service/info/configs.js a22bb48
ambari-web/app/data/HDP2/site_properties.js 3ea6c68
ambari-web/app/messages.js 1cefce2
ambari-web/app/views/common/controls_view.js d355ffe
Diff: https://reviews.apache.org/r/44148/diff/
Testing
-------
FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
Thanks,
Bolke de Bruin
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Bolke de Bruin <bd...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/
-----------------------------------------------------------
(Updated feb 29, 2016, 10:09 a.m.)
Review request for Ambari.
Bugs: AMBARI-6432
https://issues.apache.org/jira/browse/AMBARI-6432
Repository: ambari
Description
-------
FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
It has been requested to have this implemented in several tickets.
To test.
* Have a working IPA server available
* Create a group "ambari-managed-principals" (configurable)
* Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
* Enroll all hosts into ipa
* make sure the ipa-admintools are available on the ambari host
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
ambari-web/app/controllers/main/admin/kerberos.js c021c89
ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
ambari-web/app/controllers/main/service/info/configs.js a22bb48
ambari-web/app/data/HDP2/site_properties.js 3ea6c68
ambari-web/app/messages.js 1cefce2
ambari-web/app/views/common/controls_view.js d355ffe
Diff: https://reviews.apache.org/r/44148/diff/
Testing
-------
FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
Thanks,
Bolke de Bruin
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Bolke de Bruin <bd...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/
-----------------------------------------------------------
(Updated feb 29, 2016, 10:05 a.m.)
Review request for Ambari.
Changes
-------
Update testing requirements
Bugs: AMBARI-6432
https://issues.apache.org/jira/browse/AMBARI-6432
Repository: ambari
Description (updated)
-------
FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
It has been requested to have this implemented in several tickets.
To test.
* Have a working IPA server available
* Create a group "ambari-managed-principals" (configurable)
* Create a password policy for this group or make the krb5PasswordExpiry attribute writable (not per se required for testing)
* Enroll all hosts into ipa
* make sure the ipa-admintools are available on the ambari host
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
ambari-web/app/controllers/main/admin/kerberos.js c021c89
ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
ambari-web/app/controllers/main/service/info/configs.js a22bb48
ambari-web/app/data/HDP2/site_properties.js 3ea6c68
ambari-web/app/messages.js 1cefce2
ambari-web/app/views/common/controls_view.js d355ffe
Diff: https://reviews.apache.org/r/44148/diff/
Testing
-------
FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
Thanks,
Bolke de Bruin
Re: Review Request 44148: Add FreeIPA support to Ambari.
Posted by Bolke de Bruin <bd...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/
-----------------------------------------------------------
(Updated feb 29, 2016, 9:55 a.m.)
Review request for Ambari.
Changes
-------
Move LOG.info to LOG.debug
Bugs: AMBARI-6432
https://issues.apache.org/jira/browse/AMBARI-6432
Repository: ambari
Description
-------
FreeIPA is the active directory equivalent for Linux. This patch adds support for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In addition it either requires wite access to the krbPasswordPassword attribute or a suitable password policy needs to be in place (ipa pwpolicy).
It has been requested to have this implemented in several tickets.
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java be6edc9
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java 5b1372a
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 4cd050e
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java bfd45b7
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml a03dea6
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java PRE-CREATION
ambari-web/app/controllers/main/admin/kerberos.js c021c89
ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed
ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6
ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c
ambari-web/app/controllers/main/service/info/configs.js a22bb48
ambari-web/app/data/HDP2/site_properties.js 3ea6c68
ambari-web/app/messages.js 1cefce2
ambari-web/app/views/common/controls_view.js d355ffe
Diff: https://reviews.apache.org/r/44148/diff/
Testing
-------
FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.
Thanks,
Bolke de Bruin