You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/03/03 02:38:38 UTC
Review Request 31656: Kerberos: Kerberos Service Check needs to
generate and destroy it's own unique identity for testing
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/
-----------------------------------------------------------
Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.
Bugs: AMBARI-9852
https://issues.apache.org/jira/browse/AMBARI-9852
Repository: ambari
Description
-------
The Kerberos _service check_ needs to generate it's own unique identity to use for testing and then destroy it when complete. This will ensure that any _known_ identities (such as the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters or if the service check is run after Kerberos is enabled.
The service check must perform the following steps:
1. Create a unique principal in the relevant KDC (server)
2. Test that the principal can be used to authenticate via kinit (agent)
3. Destroy the principal (server)
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 2bf0cbf
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py 3705cfe
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py ee4a4c3
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java e16f22f
Diff: https://reviews.apache.org/r/31656/diff/
Testing
-------
Manual testing in several scenarios
#Jenkins test results: PENDING
Thanks,
Robert Levas
Re: Review Request 31656: Kerberos: Kerberos Service Check needs to
generate and destroy it's own unique identity for testing
Posted by Robert Nettleton <rn...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/#review74950
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Nettleton
On March 3, 2015, 4:49 a.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31656/
> -----------------------------------------------------------
>
> (Updated March 3, 2015, 4:49 a.m.)
>
>
> Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.
>
>
> Bugs: AMBARI-9852
> https://issues.apache.org/jira/browse/AMBARI-9852
>
>
> Repository: ambari
>
>
> Description
> -------
>
> The Kerberos _service check_ needs to generate it's own unique identity to use for testing and then destroy it when complete. This will ensure that any _known_ identities (such as the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters or if the service check is run after Kerberos is enabled.
>
> The service check must perform the following steps:
>
> 1. Create a unique principal in the relevant KDC (server)
> 2. Test that the principal can be used to authenticate via kinit (agent)
> 3. Destroy the principal (server)
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 2bf0cbf
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py 3705cfe
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py ee4a4c3
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java e16f22f
>
> Diff: https://reviews.apache.org/r/31656/diff/
>
>
> Testing
> -------
>
> Manual testing in several scenarios
>
> #Jenkins test results:
>
> Running org.apache.ambari.server.controller.KerberosHelperTest
> Tests run: 24, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.797 sec
>
> Ambari server test suite:
> Tests run: 2764, Failures: 0, Errors: 0, Skipped: 15
>
>
> Running tests for stack:2.2 service:KERBEROS
> test_configure_cross_realm_trust (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_managed_kdc (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_unmanaged_ad (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_unmanaged_kdc (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_cross_realm_trust (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_managed_kdc (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_ad (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_kdc (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_kdc_and_krb5conf (test_kerberos_client.TestKerberosClient) ... ok
> test_delete_keytab (test_kerberos_client.TestKerberosClient) ... ok
> test_get_property (test_kerberos_client.TestKerberosClient) ... ok
> test_set_keytab (test_kerberos_client.TestKerberosClient) ... ok
>
> ----------------------------------------------------------------------
> Ran 12 tests in 0.177s
>
> **Note: Overall Jenkins test run failed due to errors unrelated to this patch.**
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 31656: Kerberos: Kerberos Service Check needs to
generate and destroy it's own unique identity for testing
Posted by Emil Anca <ea...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/#review74952
-----------------------------------------------------------
Ship it!
Ship It!
- Emil Anca
On March 3, 2015, 4:49 a.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31656/
> -----------------------------------------------------------
>
> (Updated March 3, 2015, 4:49 a.m.)
>
>
> Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.
>
>
> Bugs: AMBARI-9852
> https://issues.apache.org/jira/browse/AMBARI-9852
>
>
> Repository: ambari
>
>
> Description
> -------
>
> The Kerberos _service check_ needs to generate it's own unique identity to use for testing and then destroy it when complete. This will ensure that any _known_ identities (such as the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters or if the service check is run after Kerberos is enabled.
>
> The service check must perform the following steps:
>
> 1. Create a unique principal in the relevant KDC (server)
> 2. Test that the principal can be used to authenticate via kinit (agent)
> 3. Destroy the principal (server)
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 2bf0cbf
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py 3705cfe
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py ee4a4c3
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java e16f22f
>
> Diff: https://reviews.apache.org/r/31656/diff/
>
>
> Testing
> -------
>
> Manual testing in several scenarios
>
> #Jenkins test results:
>
> Running org.apache.ambari.server.controller.KerberosHelperTest
> Tests run: 24, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.797 sec
>
> Ambari server test suite:
> Tests run: 2764, Failures: 0, Errors: 0, Skipped: 15
>
>
> Running tests for stack:2.2 service:KERBEROS
> test_configure_cross_realm_trust (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_managed_kdc (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_unmanaged_ad (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_unmanaged_kdc (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_cross_realm_trust (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_managed_kdc (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_ad (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_kdc (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_kdc_and_krb5conf (test_kerberos_client.TestKerberosClient) ... ok
> test_delete_keytab (test_kerberos_client.TestKerberosClient) ... ok
> test_get_property (test_kerberos_client.TestKerberosClient) ... ok
> test_set_keytab (test_kerberos_client.TestKerberosClient) ... ok
>
> ----------------------------------------------------------------------
> Ran 12 tests in 0.177s
>
> **Note: Overall Jenkins test run failed due to errors unrelated to this patch.**
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 31656: Kerberos: Kerberos Service Check needs to
generate and destroy it's own unique identity for testing
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/
-----------------------------------------------------------
(Updated March 2, 2015, 11:49 p.m.)
Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.
Bugs: AMBARI-9852
https://issues.apache.org/jira/browse/AMBARI-9852
Repository: ambari
Description
-------
The Kerberos _service check_ needs to generate it's own unique identity to use for testing and then destroy it when complete. This will ensure that any _known_ identities (such as the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters or if the service check is run after Kerberos is enabled.
The service check must perform the following steps:
1. Create a unique principal in the relevant KDC (server)
2. Test that the principal can be used to authenticate via kinit (agent)
3. Destroy the principal (server)
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 2bf0cbf
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py 3705cfe
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py ee4a4c3
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java e16f22f
Diff: https://reviews.apache.org/r/31656/diff/
Testing (updated)
-------
Manual testing in several scenarios
#Jenkins test results:
Running org.apache.ambari.server.controller.KerberosHelperTest
Tests run: 24, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.797 sec
Ambari server test suite:
Tests run: 2764, Failures: 0, Errors: 0, Skipped: 15
Running tests for stack:2.2 service:KERBEROS
test_configure_cross_realm_trust (test_kerberos_server.TestKerberosServer) ... ok
test_configure_managed_kdc (test_kerberos_server.TestKerberosServer) ... ok
test_configure_unmanaged_ad (test_kerberos_server.TestKerberosServer) ... ok
test_configure_unmanaged_kdc (test_kerberos_server.TestKerberosServer) ... ok
test_configure_cross_realm_trust (test_kerberos_client.TestKerberosClient) ... ok
test_configure_managed_kdc (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_ad (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_kdc (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_kdc_and_krb5conf (test_kerberos_client.TestKerberosClient) ... ok
test_delete_keytab (test_kerberos_client.TestKerberosClient) ... ok
test_get_property (test_kerberos_client.TestKerberosClient) ... ok
test_set_keytab (test_kerberos_client.TestKerberosClient) ... ok
----------------------------------------------------------------------
Ran 12 tests in 0.177s
**Note: Overall Jenkins test run failed due to errors unrelated to this patch.**
Thanks,
Robert Levas
Re: Review Request 31656: Kerberos: Kerberos Service Check needs to
generate and destroy it's own unique identity for testing
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/
-----------------------------------------------------------
(Updated March 2, 2015, 11:48 p.m.)
Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.
Bugs: AMBARI-9852
https://issues.apache.org/jira/browse/AMBARI-9852
Repository: ambari
Description
-------
The Kerberos _service check_ needs to generate it's own unique identity to use for testing and then destroy it when complete. This will ensure that any _known_ identities (such as the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters or if the service check is run after Kerberos is enabled.
The service check must perform the following steps:
1. Create a unique principal in the relevant KDC (server)
2. Test that the principal can be used to authenticate via kinit (agent)
3. Destroy the principal (server)
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 2bf0cbf
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py 3705cfe
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py ee4a4c3
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java e16f22f
Diff: https://reviews.apache.org/r/31656/diff/
Testing (updated)
-------
Manual testing in several scenarios
#Jenkins test results:
Running org.apache.ambari.server.controller.KerberosHelperTest
Tests run: 24, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.797 sec
Running tests for stack:2.2 service:KERBEROS
test_configure_cross_realm_trust (test_kerberos_server.TestKerberosServer) ... ok
test_configure_managed_kdc (test_kerberos_server.TestKerberosServer) ... ok
test_configure_unmanaged_ad (test_kerberos_server.TestKerberosServer) ... ok
test_configure_unmanaged_kdc (test_kerberos_server.TestKerberosServer) ... ok
test_configure_cross_realm_trust (test_kerberos_client.TestKerberosClient) ... ok
test_configure_managed_kdc (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_ad (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_kdc (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_kdc_and_krb5conf (test_kerberos_client.TestKerberosClient) ... ok
test_delete_keytab (test_kerberos_client.TestKerberosClient) ... ok
test_get_property (test_kerberos_client.TestKerberosClient) ... ok
test_set_keytab (test_kerberos_client.TestKerberosClient) ... ok
----------------------------------------------------------------------
Ran 12 tests in 0.177s
**Note: Overall Jenkins test run failed due to errors unrelated to this patch.**
Thanks,
Robert Levas