Review Request 31656: Kerberos: Kerberos Service Check needs to generate and destroy it's own unique identity for testing

[Robert Levas <rl...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/
-----------------------------------------------------------

Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.


Bugs: AMBARI-9852
    https://issues.apache.org/jira/browse/AMBARI-9852


Repository: ambari


Description
-------

The Kerberos _service check_ needs to generate it's own unique identity to use for testing and then destroy it when complete.  This will ensure that any _known_ identities (such as the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters or if the service check is run after Kerberos is enabled. 

The service check must perform the following steps:

1. Create a unique principal in the relevant KDC (server)
2. Test that the principal can be used to authenticate via kinit (agent)
3. Destroy the principal (server)


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 2bf0cbf 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py 3705cfe 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py ee4a4c3 
  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java e16f22f 

Diff: https://reviews.apache.org/r/31656/diff/


Testing
-------

Manual testing in several scenarios

#Jenkins test results: PENDING


Thanks,

Robert Levas

Re: Review Request 31656: Kerberos: Kerberos Service Check needs to generate and destroy it's own unique identity for testing

[Robert Nettleton <rn...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/#review74950
-----------------------------------------------------------

Ship it!


Ship It!

- Robert Nettleton


On March 3, 2015, 4:49 a.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31656/
> -----------------------------------------------------------
> 
> (Updated March 3, 2015, 4:49 a.m.)
> 
> 
> Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.
> 
> 
> Bugs: AMBARI-9852
>     https://issues.apache.org/jira/browse/AMBARI-9852
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The Kerberos _service check_ needs to generate it's own unique identity to use for testing and then destroy it when complete.  This will ensure that any _known_ identities (such as the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters or if the service check is run after Kerberos is enabled. 
> 
> The service check must perform the following steps:
> 
> 1. Create a unique principal in the relevant KDC (server)
> 2. Test that the principal can be used to authenticate via kinit (agent)
> 3. Destroy the principal (server)
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 2bf0cbf 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py 3705cfe 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py ee4a4c3 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java e16f22f 
> 
> Diff: https://reviews.apache.org/r/31656/diff/
> 
> 
> Testing
> -------
> 
> Manual testing in several scenarios
> 
> #Jenkins test results:
> 
> Running org.apache.ambari.server.controller.KerberosHelperTest
> Tests run: 24, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.797 sec
> 
> Ambari server test suite:
> Tests run: 2764, Failures: 0, Errors: 0, Skipped: 15
> 
> 
> Running tests for stack:2.2 service:KERBEROS
> test_configure_cross_realm_trust (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_managed_kdc (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_unmanaged_ad (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_unmanaged_kdc (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_cross_realm_trust (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_managed_kdc (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_ad (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_kdc (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_kdc_and_krb5conf (test_kerberos_client.TestKerberosClient) ... ok
> test_delete_keytab (test_kerberos_client.TestKerberosClient) ... ok
> test_get_property (test_kerberos_client.TestKerberosClient) ... ok
> test_set_keytab (test_kerberos_client.TestKerberosClient) ... ok
> 
> ----------------------------------------------------------------------
> Ran 12 tests in 0.177s
> 
> **Note: Overall Jenkins test run failed due to errors unrelated to this patch.**
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 31656: Kerberos: Kerberos Service Check needs to generate and destroy it's own unique identity for testing

[Emil Anca <ea...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/#review74952
-----------------------------------------------------------

Ship it!


Ship It!

- Emil Anca


On March 3, 2015, 4:49 a.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31656/
> -----------------------------------------------------------
> 
> (Updated March 3, 2015, 4:49 a.m.)
> 
> 
> Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.
> 
> 
> Bugs: AMBARI-9852
>     https://issues.apache.org/jira/browse/AMBARI-9852
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The Kerberos _service check_ needs to generate it's own unique identity to use for testing and then destroy it when complete.  This will ensure that any _known_ identities (such as the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters or if the service check is run after Kerberos is enabled. 
> 
> The service check must perform the following steps:
> 
> 1. Create a unique principal in the relevant KDC (server)
> 2. Test that the principal can be used to authenticate via kinit (agent)
> 3. Destroy the principal (server)
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 2bf0cbf 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py 3705cfe 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py ee4a4c3 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java e16f22f 
> 
> Diff: https://reviews.apache.org/r/31656/diff/
> 
> 
> Testing
> -------
> 
> Manual testing in several scenarios
> 
> #Jenkins test results:
> 
> Running org.apache.ambari.server.controller.KerberosHelperTest
> Tests run: 24, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.797 sec
> 
> Ambari server test suite:
> Tests run: 2764, Failures: 0, Errors: 0, Skipped: 15
> 
> 
> Running tests for stack:2.2 service:KERBEROS
> test_configure_cross_realm_trust (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_managed_kdc (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_unmanaged_ad (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_unmanaged_kdc (test_kerberos_server.TestKerberosServer) ... ok
> test_configure_cross_realm_trust (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_managed_kdc (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_ad (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_kdc (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_kdc_and_krb5conf (test_kerberos_client.TestKerberosClient) ... ok
> test_delete_keytab (test_kerberos_client.TestKerberosClient) ... ok
> test_get_property (test_kerberos_client.TestKerberosClient) ... ok
> test_set_keytab (test_kerberos_client.TestKerberosClient) ... ok
> 
> ----------------------------------------------------------------------
> Ran 12 tests in 0.177s
> 
> **Note: Overall Jenkins test run failed due to errors unrelated to this patch.**
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 31656: Kerberos: Kerberos Service Check needs to generate and destroy it's own unique identity for testing

[Robert Levas <rl...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/
-----------------------------------------------------------

(Updated March 2, 2015, 11:49 p.m.)


Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.


Bugs: AMBARI-9852
    https://issues.apache.org/jira/browse/AMBARI-9852


Repository: ambari


Description
-------

The Kerberos _service check_ needs to generate it's own unique identity to use for testing and then destroy it when complete.  This will ensure that any _known_ identities (such as the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters or if the service check is run after Kerberos is enabled. 

The service check must perform the following steps:

1. Create a unique principal in the relevant KDC (server)
2. Test that the principal can be used to authenticate via kinit (agent)
3. Destroy the principal (server)


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 2bf0cbf 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py 3705cfe 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py ee4a4c3 
  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java e16f22f 

Diff: https://reviews.apache.org/r/31656/diff/


Testing (updated)
-------

Manual testing in several scenarios

#Jenkins test results:

Running org.apache.ambari.server.controller.KerberosHelperTest
Tests run: 24, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.797 sec

Ambari server test suite:
Tests run: 2764, Failures: 0, Errors: 0, Skipped: 15


Running tests for stack:2.2 service:KERBEROS
test_configure_cross_realm_trust (test_kerberos_server.TestKerberosServer) ... ok
test_configure_managed_kdc (test_kerberos_server.TestKerberosServer) ... ok
test_configure_unmanaged_ad (test_kerberos_server.TestKerberosServer) ... ok
test_configure_unmanaged_kdc (test_kerberos_server.TestKerberosServer) ... ok
test_configure_cross_realm_trust (test_kerberos_client.TestKerberosClient) ... ok
test_configure_managed_kdc (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_ad (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_kdc (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_kdc_and_krb5conf (test_kerberos_client.TestKerberosClient) ... ok
test_delete_keytab (test_kerberos_client.TestKerberosClient) ... ok
test_get_property (test_kerberos_client.TestKerberosClient) ... ok
test_set_keytab (test_kerberos_client.TestKerberosClient) ... ok

----------------------------------------------------------------------
Ran 12 tests in 0.177s

**Note: Overall Jenkins test run failed due to errors unrelated to this patch.**


Thanks,

Robert Levas

Re: Review Request 31656: Kerberos: Kerberos Service Check needs to generate and destroy it's own unique identity for testing

[Robert Levas <rl...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/
-----------------------------------------------------------

(Updated March 2, 2015, 11:48 p.m.)


Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.


Bugs: AMBARI-9852
    https://issues.apache.org/jira/browse/AMBARI-9852


Repository: ambari


Description
-------

The Kerberos _service check_ needs to generate it's own unique identity to use for testing and then destroy it when complete.  This will ensure that any _known_ identities (such as the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters or if the service check is run after Kerberos is enabled. 

The service check must perform the following steps:

1. Create a unique principal in the relevant KDC (server)
2. Test that the principal can be used to authenticate via kinit (agent)
3. Destroy the principal (server)


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 2bf0cbf 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py 3705cfe 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py ee4a4c3 
  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java e16f22f 

Diff: https://reviews.apache.org/r/31656/diff/


Testing (updated)
-------

Manual testing in several scenarios

#Jenkins test results:

Running org.apache.ambari.server.controller.KerberosHelperTest
Tests run: 24, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.797 sec

Running tests for stack:2.2 service:KERBEROS
test_configure_cross_realm_trust (test_kerberos_server.TestKerberosServer) ... ok
test_configure_managed_kdc (test_kerberos_server.TestKerberosServer) ... ok
test_configure_unmanaged_ad (test_kerberos_server.TestKerberosServer) ... ok
test_configure_unmanaged_kdc (test_kerberos_server.TestKerberosServer) ... ok
test_configure_cross_realm_trust (test_kerberos_client.TestKerberosClient) ... ok
test_configure_managed_kdc (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_ad (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_kdc (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_kdc_and_krb5conf (test_kerberos_client.TestKerberosClient) ... ok
test_delete_keytab (test_kerberos_client.TestKerberosClient) ... ok
test_get_property (test_kerberos_client.TestKerberosClient) ... ok
test_set_keytab (test_kerberos_client.TestKerberosClient) ... ok

----------------------------------------------------------------------
Ran 12 tests in 0.177s

**Note: Overall Jenkins test run failed due to errors unrelated to this patch.**


Thanks,

Robert Levas