You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Jonathan Hurley <jh...@hortonworks.com> on 2015/02/19 03:43:45 UTC
Review Request 31177: WebHCat Server Status Alert Does Not Work After
Enabling Kerberos
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/
-----------------------------------------------------------
Review request for Ambari, Nate Cole and Tom Beerbower.
Bugs: AMBARI-9697
https://issues.apache.org/jira/browse/AMBARI-9697
Repository: ambari
Description
-------
After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:
1) The lack of any kinit and curl combination when the cluster is kerberized
2) Assuming that cluster-env/security_enabled means SSL (which is does not!)
Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization.
It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.
Diffs
-----
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de
ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de
Diff: https://reviews.apache.org/r/31177/diff/
Testing
-------
Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly.
Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.
Thanks,
Jonathan Hurley
Re: Review Request 31177: WebHCat Server Status Alert Does Not Work
After Enabling Kerberos
Posted by Jonathan Hurley <jh...@hortonworks.com>.
> On Feb. 19, 2015, 7:30 a.m., Nate Cole wrote:
> > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py, lines 35-39
> > <https://reviews.apache.org/r/31177/diff/1/?file=868654#file868654line35>
> >
> > Service isn't called Templeton anymore (property names aside). OK_MESSAGE should say WebHCat.
The query URL still uses templeton :)
I've updated strings and variables where necessary.
> On Feb. 19, 2015, 7:30 a.m., Nate Cole wrote:
> > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py, lines 117-123
> > <https://reviews.apache.org/r/31177/diff/1/?file=868654#file868654line117>
> >
> > We've repeated this pattern so much. Time for an r_m function? Curl(host, [kinit], [keytab], [principal] [timeout] , etc) ?
I'm trying to stay away from r_m as much as possible since we've seen changes to r_m break scripts sometimes. Also, this curl and the other curl after it are very different. One only returns the http status code while the other only returns the stdout.
- Jonathan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/#review73133
-----------------------------------------------------------
On Feb. 18, 2015, 9:43 p.m., Jonathan Hurley wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31177/
> -----------------------------------------------------------
>
> (Updated Feb. 18, 2015, 9:43 p.m.)
>
>
> Review request for Ambari, Nate Cole and Tom Beerbower.
>
>
> Bugs: AMBARI-9697
> https://issues.apache.org/jira/browse/AMBARI-9697
>
>
> Repository: ambari
>
>
> Description
> -------
>
> After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:
>
> 1) The lack of any kinit and curl combination when the cluster is kerberized
> 2) Assuming that cluster-env/security_enabled means SSL (which is does not!)
>
> Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization.
>
> It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de
> ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de
>
> Diff: https://reviews.apache.org/r/31177/diff/
>
>
> Testing
> -------
>
> Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly.
>
> Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.
>
>
> Thanks,
>
> Jonathan Hurley
>
>
Re: Review Request 31177: WebHCat Server Status Alert Does Not Work
After Enabling Kerberos
Posted by Nate Cole <nc...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/#review73133
-----------------------------------------------------------
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
<https://reviews.apache.org/r/31177/#comment119362>
Service isn't called Templeton anymore (property names aside). OK_MESSAGE should say WebHCat.
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py
<https://reviews.apache.org/r/31177/#comment119364>
We've repeated this pattern so much. Time for an r_m function? Curl(host, [kinit], [keytab], [principal] [timeout] , etc) ?
- Nate Cole
On Feb. 18, 2015, 9:43 p.m., Jonathan Hurley wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31177/
> -----------------------------------------------------------
>
> (Updated Feb. 18, 2015, 9:43 p.m.)
>
>
> Review request for Ambari, Nate Cole and Tom Beerbower.
>
>
> Bugs: AMBARI-9697
> https://issues.apache.org/jira/browse/AMBARI-9697
>
>
> Repository: ambari
>
>
> Description
> -------
>
> After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:
>
> 1) The lack of any kinit and curl combination when the cluster is kerberized
> 2) Assuming that cluster-env/security_enabled means SSL (which is does not!)
>
> Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization.
>
> It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de
> ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de
>
> Diff: https://reviews.apache.org/r/31177/diff/
>
>
> Testing
> -------
>
> Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly.
>
> Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.
>
>
> Thanks,
>
> Jonathan Hurley
>
>
Re: Review Request 31177: WebHCat Server Status Alert Does Not Work
After Enabling Kerberos
Posted by Tom Beerbower <tb...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/#review73144
-----------------------------------------------------------
Ship it!
Ship It!
- Tom Beerbower
On Feb. 19, 2015, 2:10 p.m., Jonathan Hurley wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31177/
> -----------------------------------------------------------
>
> (Updated Feb. 19, 2015, 2:10 p.m.)
>
>
> Review request for Ambari, Nate Cole and Tom Beerbower.
>
>
> Bugs: AMBARI-9697
> https://issues.apache.org/jira/browse/AMBARI-9697
>
>
> Repository: ambari
>
>
> Description
> -------
>
> After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:
>
> 1) The lack of any kinit and curl combination when the cluster is kerberized
> 2) Assuming that cluster-env/security_enabled means SSL (which is does not!)
>
> Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization.
>
> It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de
> ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de
>
> Diff: https://reviews.apache.org/r/31177/diff/
>
>
> Testing
> -------
>
> Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly.
>
> Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.
>
>
> Thanks,
>
> Jonathan Hurley
>
>
Re: Review Request 31177: WebHCat Server Status Alert Does Not Work
After Enabling Kerberos
Posted by Nate Cole <nc...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/#review73140
-----------------------------------------------------------
Ship it!
Ship It!
- Nate Cole
On Feb. 19, 2015, 9:10 a.m., Jonathan Hurley wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31177/
> -----------------------------------------------------------
>
> (Updated Feb. 19, 2015, 9:10 a.m.)
>
>
> Review request for Ambari, Nate Cole and Tom Beerbower.
>
>
> Bugs: AMBARI-9697
> https://issues.apache.org/jira/browse/AMBARI-9697
>
>
> Repository: ambari
>
>
> Description
> -------
>
> After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:
>
> 1) The lack of any kinit and curl combination when the cluster is kerberized
> 2) Assuming that cluster-env/security_enabled means SSL (which is does not!)
>
> Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization.
>
> It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de
> ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de
>
> Diff: https://reviews.apache.org/r/31177/diff/
>
>
> Testing
> -------
>
> Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly.
>
> Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.
>
>
> Thanks,
>
> Jonathan Hurley
>
>
Re: Review Request 31177: WebHCat Server Status Alert Does Not Work
After Enabling Kerberos
Posted by Jonathan Hurley <jh...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31177/
-----------------------------------------------------------
(Updated Feb. 19, 2015, 9:10 a.m.)
Review request for Ambari, Nate Cole and Tom Beerbower.
Bugs: AMBARI-9697
https://issues.apache.org/jira/browse/AMBARI-9697
Repository: ambari
Description
-------
After enabling Kerberos, the WebHCat Server Status alert is always CRITICAL. This is caused by two problems:
1) The lack of any kinit and curl combination when the cluster is kerberized
2) Assuming that cluster-env/security_enabled means SSL (which is does not!)
Consulted with the Kerberos folks that cluster-env/security_enabled is used to indicate kerberization.
It appears that WebHCat doesn't have an SSL mode; So going back to the 1.7.0 alert with a hard-coded http:// scheme for now.
Diffs (updated)
-----
ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/alerts/alert_webhcat_server.py 44840de
ambari-server/src/main/resources/stacks/BIGTOP/0.8/services/WEBHCAT/package/files/alert_webhcat_server.py 44840de
Diff: https://reviews.apache.org/r/31177/diff/
Testing
-------
Tested in a kerberized cluster to ensure that the changed code fixed the CRITICAL alert. Took the service down to verify that the alert triggered correctly.
Tested the alert in a regular cluster to ensure the non-kerberized path worked as it has in the past.
Thanks,
Jonathan Hurley