You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Jonathan Maron <jm...@hortonworks.com> on 2015/05/14 16:46:51 UTC
Review Request 34216: Addition of security to Atlas service definition
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34216/
-----------------------------------------------------------
Review request for Ambari, Robert Levas and Sumit Mohanty.
Bugs: https://issues.apache.org/jira/browse/AMBARI-10884
https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/AMBARI-10884
Repository: ambari
Description
-------
Updated kerberos.json and package scripts to support the enablement of the Atlas server security features when a cluster is "kerberized". I changed the service check to leverage 'curl' so that it could be used in conjunction with a 'kinit' invocation during the execution of a service check.
Diffs
-----
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json 210f414
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 61cdec4
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py 2484315
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py 8401a5d
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/service_check.py 1ecb795
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/status_params.py aa7f614
ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 6f1377b
Diff: https://reviews.apache.org/r/34216/diff/
Testing
-------
Ambari unit tests.
Deployed a cluster to local VMs, subsequently enabled kerberos and tested the security check.
As this review progresses I will be performing the following test:
- Launch an unsecured cluster
- Ensure Atlas server comes up and its service check works in an unsecured cluster.
- Secure the cluster.
- Ensure the appropriate settings are persisted for the Atlas server and it restarts.
- Make sure the service check works in a secured environment.
-
Thanks,
Jonathan Maron
Re: Review Request 34216: Addition of security to Atlas service
definition
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34216/#review83826
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Levas
On May 14, 2015, 2:58 p.m., Jonathan Maron wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34216/
> -----------------------------------------------------------
>
> (Updated May 14, 2015, 2:58 p.m.)
>
>
> Review request for Ambari, Robert Levas and Sumit Mohanty.
>
>
> Bugs: https://issues.apache.org/jira/browse/AMBARI-10884
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/AMBARI-10884
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Updated kerberos.json and package scripts to support the enablement of the Atlas server security features when a cluster is "kerberized". I changed the service check to leverage 'curl' so that it could be used in conjunction with a 'kinit' invocation during the execution of a service check.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/alerts.json 7202950
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json 210f414
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 61cdec4
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py 2484315
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py 8401a5d
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/service_check.py 1ecb795
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/status_params.py aa7f614
> ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 6f1377b
>
> Diff: https://reviews.apache.org/r/34216/diff/
>
>
> Testing
> -------
>
> Ambari unit tests.
> Deployed a cluster to local VMs, subsequently enabled kerberos and tested the security check.
>
> As this review progresses I will be performing the following test:
>
> - Launch an unsecured cluster
> - Ensure Atlas server comes up and its service check works in an unsecured cluster.
> - Secure the cluster.
> - Ensure the appropriate settings are persisted for the Atlas server and it restarts.
> - Make sure the service check works in a secured environment.
> -
>
>
> Thanks,
>
> Jonathan Maron
>
>
Re: Review Request 34216: Addition of security to Atlas service
definition
Posted by Jonathan Maron <jm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34216/#review83821
-----------------------------------------------------------
End to end test revealed no issues other that a mis-configuration of web UI alert. Uploaded fix.
- Jonathan Maron
On May 14, 2015, 6:58 p.m., Jonathan Maron wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34216/
> -----------------------------------------------------------
>
> (Updated May 14, 2015, 6:58 p.m.)
>
>
> Review request for Ambari, Robert Levas and Sumit Mohanty.
>
>
> Bugs: https://issues.apache.org/jira/browse/AMBARI-10884
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/AMBARI-10884
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Updated kerberos.json and package scripts to support the enablement of the Atlas server security features when a cluster is "kerberized". I changed the service check to leverage 'curl' so that it could be used in conjunction with a 'kinit' invocation during the execution of a service check.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/alerts.json 7202950
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json 210f414
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 61cdec4
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py 2484315
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py 8401a5d
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/service_check.py 1ecb795
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/status_params.py aa7f614
> ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 6f1377b
>
> Diff: https://reviews.apache.org/r/34216/diff/
>
>
> Testing
> -------
>
> Ambari unit tests.
> Deployed a cluster to local VMs, subsequently enabled kerberos and tested the security check.
>
> As this review progresses I will be performing the following test:
>
> - Launch an unsecured cluster
> - Ensure Atlas server comes up and its service check works in an unsecured cluster.
> - Secure the cluster.
> - Ensure the appropriate settings are persisted for the Atlas server and it restarts.
> - Make sure the service check works in a secured environment.
> -
>
>
> Thanks,
>
> Jonathan Maron
>
>
Re: Review Request 34216: Addition of security to Atlas service
definition
Posted by Jonathan Maron <jm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34216/
-----------------------------------------------------------
(Updated May 14, 2015, 6:58 p.m.)
Review request for Ambari, Robert Levas and Sumit Mohanty.
Changes
-------
Discovered alerts.json isn't correct during end-to-end test
Bugs: https://issues.apache.org/jira/browse/AMBARI-10884
https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/AMBARI-10884
Repository: ambari
Description
-------
Updated kerberos.json and package scripts to support the enablement of the Atlas server security features when a cluster is "kerberized". I changed the service check to leverage 'curl' so that it could be used in conjunction with a 'kinit' invocation during the execution of a service check.
Diffs (updated)
-----
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/alerts.json 7202950
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json 210f414
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 61cdec4
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py 2484315
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py 8401a5d
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/service_check.py 1ecb795
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/status_params.py aa7f614
ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 6f1377b
Diff: https://reviews.apache.org/r/34216/diff/
Testing
-------
Ambari unit tests.
Deployed a cluster to local VMs, subsequently enabled kerberos and tested the security check.
As this review progresses I will be performing the following test:
- Launch an unsecured cluster
- Ensure Atlas server comes up and its service check works in an unsecured cluster.
- Secure the cluster.
- Ensure the appropriate settings are persisted for the Atlas server and it restarts.
- Make sure the service check works in a secured environment.
-
Thanks,
Jonathan Maron
Re: Review Request 34216: Addition of security to Atlas service
definition
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34216/#review83789
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Levas
On May 14, 2015, 10:46 a.m., Jonathan Maron wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34216/
> -----------------------------------------------------------
>
> (Updated May 14, 2015, 10:46 a.m.)
>
>
> Review request for Ambari, Robert Levas and Sumit Mohanty.
>
>
> Bugs: https://issues.apache.org/jira/browse/AMBARI-10884
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/AMBARI-10884
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Updated kerberos.json and package scripts to support the enablement of the Atlas server security features when a cluster is "kerberized". I changed the service check to leverage 'curl' so that it could be used in conjunction with a 'kinit' invocation during the execution of a service check.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json 210f414
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 61cdec4
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py 2484315
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py 8401a5d
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/service_check.py 1ecb795
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/status_params.py aa7f614
> ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 6f1377b
>
> Diff: https://reviews.apache.org/r/34216/diff/
>
>
> Testing
> -------
>
> Ambari unit tests.
> Deployed a cluster to local VMs, subsequently enabled kerberos and tested the security check.
>
> As this review progresses I will be performing the following test:
>
> - Launch an unsecured cluster
> - Ensure Atlas server comes up and its service check works in an unsecured cluster.
> - Secure the cluster.
> - Ensure the appropriate settings are persisted for the Atlas server and it restarts.
> - Make sure the service check works in a secured environment.
> -
>
>
> Thanks,
>
> Jonathan Maron
>
>