You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Jonathan Hurley <jh...@hortonworks.com> on 2015/02/19 03:43:45 UTC

Review Request 31177: WebHCat Server Status Alert Does Not Work After Enabling Kerberos

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/
-----------------------------------------------------------

Review request for Ambari, Nate Cole and Tom Beerbower.


Bugs: AMBARI-9697
    https://issues.apache.org/jira/browse/AMBARI-9697


Repository: ambari


Description
-------

After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:

1) The lack of any kinit and curl combination when the cluster is kerberized
2) Assuming that cluster-env/security_enabled means SSL (which is does not!)

Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization. 

It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.


Diffs
-----

  ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de 
  ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de 

Diff: https://reviews.apache.org/r/31177/diff/


Testing
-------

Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly. 

Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.


Thanks,

Jonathan Hurley

Re: Review Request 31177: WebHCat Server Status Alert Does Not Work After Enabling Kerberos

Posted by Jonathan Hurley <jh...@hortonworks.com>.

> On Feb. 19, 2015, 7:30 a.m., Nate Cole wrote:
> > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py, lines 35-39
> > <https://reviews.apache.org/r/31177/diff/1/?file=868654#file868654line35>
> >
> >     Service isn't called Templeton anymore (property names aside).  OK_MESSAGE should say WebHCat.

The query URL still uses templeton :)

I've updated strings and variables where necessary.


> On Feb. 19, 2015, 7:30 a.m., Nate Cole wrote:
> > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py, lines 117-123
> > <https://reviews.apache.org/r/31177/diff/1/?file=868654#file868654line117>
> >
> >     We've repeated this pattern so much.  Time for an r_m function? Curl(host, [kinit], [keytab], [principal] [timeout] , etc) ?

I'm trying to stay away from r_m as much as possible since we've seen changes to r_m break scripts sometimes. Also, this curl and the other curl after it are very different. One only returns the http status code while the other only returns the stdout.


- Jonathan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/#review73133
-----------------------------------------------------------


On Feb. 18, 2015, 9:43 p.m., Jonathan Hurley wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31177/
> -----------------------------------------------------------
> 
> (Updated Feb. 18, 2015, 9:43 p.m.)
> 
> 
> Review request for Ambari, Nate Cole and Tom Beerbower.
> 
> 
> Bugs: AMBARI-9697
>     https://issues.apache.org/jira/browse/AMBARI-9697
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:
> 
> 1) The lack of any kinit and curl combination when the cluster is kerberized
> 2) Assuming that cluster-env/security_enabled means SSL (which is does not!)
> 
> Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization. 
> 
> It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de 
>   ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de 
> 
> Diff: https://reviews.apache.org/r/31177/diff/
> 
> 
> Testing
> -------
> 
> Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly. 
> 
> Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.
> 
> 
> Thanks,
> 
> Jonathan Hurley
> 
>

Re: Review Request 31177: WebHCat Server Status Alert Does Not Work After Enabling Kerberos

Posted by Nate Cole <nc...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/#review73133
-----------------------------------------------------------



ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
<https://reviews.apache.org/r/31177/#comment119362>

    Service isn't called Templeton anymore (property names aside).  OK_MESSAGE should say WebHCat.



ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
<https://reviews.apache.org/r/31177/#comment119364>

    We've repeated this pattern so much.  Time for an r_m function? Curl(host, [kinit], [keytab], [principal] [timeout] , etc) ?


- Nate Cole


On Feb. 18, 2015, 9:43 p.m., Jonathan Hurley wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31177/
> -----------------------------------------------------------
> 
> (Updated Feb. 18, 2015, 9:43 p.m.)
> 
> 
> Review request for Ambari, Nate Cole and Tom Beerbower.
> 
> 
> Bugs: AMBARI-9697
>     https://issues.apache.org/jira/browse/AMBARI-9697
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:
> 
> 1) The lack of any kinit and curl combination when the cluster is kerberized
> 2) Assuming that cluster-env/security_enabled means SSL (which is does not!)
> 
> Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization. 
> 
> It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de 
>   ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de 
> 
> Diff: https://reviews.apache.org/r/31177/diff/
> 
> 
> Testing
> -------
> 
> Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly. 
> 
> Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.
> 
> 
> Thanks,
> 
> Jonathan Hurley
> 
>

Re: Review Request 31177: WebHCat Server Status Alert Does Not Work After Enabling Kerberos

Posted by Tom Beerbower <tb...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/#review73144
-----------------------------------------------------------

Ship it!


Ship It!

- Tom Beerbower


On Feb. 19, 2015, 2:10 p.m., Jonathan Hurley wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31177/
> -----------------------------------------------------------
> 
> (Updated Feb. 19, 2015, 2:10 p.m.)
> 
> 
> Review request for Ambari, Nate Cole and Tom Beerbower.
> 
> 
> Bugs: AMBARI-9697
>     https://issues.apache.org/jira/browse/AMBARI-9697
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:
> 
> 1) The lack of any kinit and curl combination when the cluster is kerberized
> 2) Assuming that cluster-env/security_enabled means SSL (which is does not!)
> 
> Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization. 
> 
> It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de 
>   ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de 
> 
> Diff: https://reviews.apache.org/r/31177/diff/
> 
> 
> Testing
> -------
> 
> Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly. 
> 
> Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.
> 
> 
> Thanks,
> 
> Jonathan Hurley
> 
>

Re: Review Request 31177: WebHCat Server Status Alert Does Not Work After Enabling Kerberos

Posted by Nate Cole <nc...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/#review73140
-----------------------------------------------------------

Ship it!


Ship It!

- Nate Cole


On Feb. 19, 2015, 9:10 a.m., Jonathan Hurley wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31177/
> -----------------------------------------------------------
> 
> (Updated Feb. 19, 2015, 9:10 a.m.)
> 
> 
> Review request for Ambari, Nate Cole and Tom Beerbower.
> 
> 
> Bugs: AMBARI-9697
>     https://issues.apache.org/jira/browse/AMBARI-9697
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:
> 
> 1) The lack of any kinit and curl combination when the cluster is kerberized
> 2) Assuming that cluster-env/security_enabled means SSL (which is does not!)
> 
> Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization. 
> 
> It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de 
>   ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de 
> 
> Diff: https://reviews.apache.org/r/31177/diff/
> 
> 
> Testing
> -------
> 
> Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly. 
> 
> Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.
> 
> 
> Thanks,
> 
> Jonathan Hurley
> 
>

Re: Review Request 31177: WebHCat Server Status Alert Does Not Work After Enabling Kerberos

Posted by Jonathan Hurley <jh...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/
-----------------------------------------------------------

(Updated Feb. 19, 2015, 9:10 a.m.)


Review request for Ambari, Nate Cole and Tom Beerbower.


Bugs: AMBARI-9697
    https://issues.apache.org/jira/browse/AMBARI-9697


Repository: ambari


Description
-------

After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:

1) The lack of any kinit and curl combination when the cluster is kerberized
2) Assuming that cluster-env/security_enabled means SSL (which is does not!)

Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization. 

It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.


Diffs (updated)
-----

  ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de 
  ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de 

Diff: https://reviews.apache.org/r/31177/diff/


Testing
-------

Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly. 

Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.


Thanks,

Jonathan Hurley