You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/08/21 22:07:29 UTC

Review Request 37690: Adding host via blueprint fails on secure cluster

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/
-----------------------------------------------------------

Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.


Bugs: AMBARI-12772
    https://issues.apache.org/jira/browse/AMBARI-12772


Repository: ambari


Description
-------

#STR
Install cluster via blueprints
Enable Kerberos security
Add host via blueprints

#Result
Adding hosts freeze forever
In ambari-server.log:
```
The KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:
{
  "session_attributes" : {
    "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
  }
```
#Cause
This is caused because the KDC administrative credentials are not available when needed during the add host process.  If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.  

#Solution
Store the KDC credentials to a _more secure_ global credential store that is accessible no matter what the context is.  This storage facility is in-memory and has a retention period of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.

*Note:* This patch is rather large due to refactoring the CredentialStoreService and releated classes in an effort to make way for future features related to storing sensitive data.


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java ef6fc58 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java 708d267 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java 8351a99 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java 8ea7ca2 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java d93faec 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java 219c14b 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java 19997e7 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 425aa06 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 389f1b8 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java d3e3fa4 
  ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java 2a1ac3c 
  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 5d84fbc 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java 51f2220 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java 0652a52 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java 993601b 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 9ad3da6 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java 305b122 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 44a68ae 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 8fc5325 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 8c096b0 

Diff: https://reviews.apache.org/r/37690/diff/


Testing
-------

Manually tested the following on trunk and branch-2.1:  
- backwards compatibailiy with storing and retrieving the master key and key store data
- adding a host on a non-kerberized cluster
- adding a host on a kerberized cluster
- credential retention timeout

#Local test results:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 49:19.549s
[INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
[INFO] Final Memory: 66M/1436M
[INFO] ------------------------------------------------------------------------


Thanks,

Robert Levas

Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Posted by Jonathan Hurley <jh...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/#review97442
-----------------------------------------------------------

Ship it!


Two minor changes, otherwise looks great.


ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java (line 70)
<https://reviews.apache.org/r/37690/#comment153317>

    As Ambari becomes more asynchronous, it's probably a good idea to created threads/thread pools with names that can be easiliy identified during a thread dump. I think you can pass in a threadfactory here so that this cache cleaning thread can be named.



ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java (lines 75 - 76)
<https://reviews.apache.org/r/37690/#comment153318>

    Instead of String.format(), you can just use {} here instead; it can prevent runtime formatting exceptions.


- Jonathan Hurley


On Sept. 1, 2015, 8:27 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37690/
> -----------------------------------------------------------
> 
> (Updated Sept. 1, 2015, 8:27 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.
> 
> 
> Bugs: AMBARI-12772
>     https://issues.apache.org/jira/browse/AMBARI-12772
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> #STR
> Install cluster via blueprints
> Enable Kerberos security
> Add host via blueprints
> 
> #Result
> Adding hosts freeze forever
> In ambari-server.log:
> ```
> The KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:
> {
>   "session_attributes" : {
>     "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
>   }
> ```
> #Cause
> This is caused because the KDC administrative credentials are not available when needed during the add host process.  If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.  
> 
> #Solution
> Store the KDC credentials to a _more secure_ global credential store that is accessible no matter what the context is.  This storage facility is in-memory and has a retention period of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.
> 
> *Note:* This patch is rather large due to refactoring the CredentialStoreService and releated classes in an effort to make way for future features related to storing sensitive data.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 6d98c01 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java 708d267 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java 8351a99 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java 8ea7ca2 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java d93faec 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java 219c14b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java 19997e7 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 425aa06 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 389f1b8 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java d3e3fa4 
>   ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java 2a1ac3c 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 5d84fbc 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java 51f2220 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java 0652a52 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java 993601b 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 9ad3da6 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java 305b122 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 44a68ae 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 8fc5325 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 8c096b0 
> 
> Diff: https://reviews.apache.org/r/37690/diff/
> 
> 
> Testing
> -------
> 
> Manually tested the following on trunk and branch-2.1:  
> - backwards compatibailiy with storing and retrieving the master key and key store data
> - adding a host on a non-kerberized cluster
> - adding a host on a kerberized cluster
> - credential retention timeout
> 
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 49:19.549s
> [INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
> [INFO] Final Memory: 66M/1436M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Posted by Robert Nettleton <rn...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/#review97685
-----------------------------------------------------------

Ship it!


Ship It!

- Robert Nettleton


On Sept. 2, 2015, 4:55 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37690/
> -----------------------------------------------------------
> 
> (Updated Sept. 2, 2015, 4:55 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.
> 
> 
> Bugs: AMBARI-12772
>     https://issues.apache.org/jira/browse/AMBARI-12772
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> #STR
> Install cluster via blueprints
> Enable Kerberos security
> Add host via blueprints
> 
> #Result
> Adding hosts freeze forever
> In ambari-server.log:
> ```
> The KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:
> {
>   "session_attributes" : {
>     "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
>   }
> ```
> #Cause
> This is caused because the KDC administrative credentials are not available when needed during the add host process.  If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.  
> 
> #Solution
> Store the KDC credentials to a _more secure_ global credential store that is accessible no matter what the context is.  This storage facility is in-memory and has a retention period of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.
> 
> *Note:* This patch is rather large due to refactoring the CredentialStoreService and releated classes in an effort to make way for future features related to storing sensitive data.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 6d98c01 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java 708d267 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java 8351a99 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java 8ea7ca2 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java d93faec 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java 219c14b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java 19997e7 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 425aa06 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 389f1b8 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java d3e3fa4 
>   ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java 2a1ac3c 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 5d84fbc 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java 51f2220 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java 0652a52 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java 993601b 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 9ad3da6 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java 305b122 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 44a68ae 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 8fc5325 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 8c096b0 
> 
> Diff: https://reviews.apache.org/r/37690/diff/
> 
> 
> Testing
> -------
> 
> Manually tested the following on trunk and branch-2.1:  
> - backwards compatibailiy with storing and retrieving the master key and key store data
> - adding a host on a non-kerberized cluster
> - adding a host on a kerberized cluster
> - credential retention timeout
> 
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 49:19.549s
> [INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
> [INFO] Final Memory: 66M/1436M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Posted by Jonathan Hurley <jh...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/#review97656
-----------------------------------------------------------

Ship it!


Ship It!

- Jonathan Hurley


On Sept. 2, 2015, 12:55 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37690/
> -----------------------------------------------------------
> 
> (Updated Sept. 2, 2015, 12:55 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.
> 
> 
> Bugs: AMBARI-12772
>     https://issues.apache.org/jira/browse/AMBARI-12772
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> #STR
> Install cluster via blueprints
> Enable Kerberos security
> Add host via blueprints
> 
> #Result
> Adding hosts freeze forever
> In ambari-server.log:
> ```
> The KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:
> {
>   "session_attributes" : {
>     "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
>   }
> ```
> #Cause
> This is caused because the KDC administrative credentials are not available when needed during the add host process.  If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.  
> 
> #Solution
> Store the KDC credentials to a _more secure_ global credential store that is accessible no matter what the context is.  This storage facility is in-memory and has a retention period of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.
> 
> *Note:* This patch is rather large due to refactoring the CredentialStoreService and releated classes in an effort to make way for future features related to storing sensitive data.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 6d98c01 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java 708d267 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java 8351a99 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java 8ea7ca2 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java d93faec 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java 219c14b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java 19997e7 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 425aa06 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 389f1b8 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java d3e3fa4 
>   ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java 2a1ac3c 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 5d84fbc 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java 51f2220 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java 0652a52 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java 993601b 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 9ad3da6 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java 305b122 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 44a68ae 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 8fc5325 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 8c096b0 
> 
> Diff: https://reviews.apache.org/r/37690/diff/
> 
> 
> Testing
> -------
> 
> Manually tested the following on trunk and branch-2.1:  
> - backwards compatibailiy with storing and retrieving the master key and key store data
> - adding a host on a non-kerberized cluster
> - adding a host on a kerberized cluster
> - credential retention timeout
> 
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 49:19.549s
> [INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
> [INFO] Final Memory: 66M/1436M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Posted by Robert Levas <rl...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/
-----------------------------------------------------------

(Updated Sept. 2, 2015, 12:55 p.m.)


Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.


Changes
-------

- Added named threads to the scheduled cleanup process in the InMemoryCredentialStoreService
- Used logger-specific string formatter rather than String.format in InMemoryCredentialStoreService


Bugs: AMBARI-12772
    https://issues.apache.org/jira/browse/AMBARI-12772


Repository: ambari


Description
-------

#STR
Install cluster via blueprints
Enable Kerberos security
Add host via blueprints

#Result
Adding hosts freeze forever
In ambari-server.log:
```
The KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:
{
  "session_attributes" : {
    "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
  }
```
#Cause
This is caused because the KDC administrative credentials are not available when needed during the add host process.  If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.  

#Solution
Store the KDC credentials to a _more secure_ global credential store that is accessible no matter what the context is.  This storage facility is in-memory and has a retention period of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.

*Note:* This patch is rather large due to refactoring the CredentialStoreService and releated classes in an effort to make way for future features related to storing sensitive data.


Diffs (updated)
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 6d98c01 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java 708d267 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java 8351a99 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java 8ea7ca2 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java d93faec 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java 219c14b 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java 19997e7 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 425aa06 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 389f1b8 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java d3e3fa4 
  ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java 2a1ac3c 
  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 5d84fbc 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java 51f2220 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java 0652a52 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java 993601b 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 9ad3da6 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java 305b122 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 44a68ae 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 8fc5325 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 8c096b0 

Diff: https://reviews.apache.org/r/37690/diff/


Testing
-------

Manually tested the following on trunk and branch-2.1:  
- backwards compatibailiy with storing and retrieving the master key and key store data
- adding a host on a non-kerberized cluster
- adding a host on a kerberized cluster
- credential retention timeout

#Local test results:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 49:19.549s
[INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
[INFO] Final Memory: 66M/1436M
[INFO] ------------------------------------------------------------------------


Thanks,

Robert Levas

Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Posted by Robert Levas <rl...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/
-----------------------------------------------------------

(Updated Sept. 1, 2015, 8:27 p.m.)


Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.


Bugs: AMBARI-12772
    https://issues.apache.org/jira/browse/AMBARI-12772


Repository: ambari


Description
-------

#STR
Install cluster via blueprints
Enable Kerberos security
Add host via blueprints

#Result
Adding hosts freeze forever
In ambari-server.log:
```
The KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:
{
  "session_attributes" : {
    "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
  }
```
#Cause
This is caused because the KDC administrative credentials are not available when needed during the add host process.  If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.  

#Solution
Store the KDC credentials to a _more secure_ global credential store that is accessible no matter what the context is.  This storage facility is in-memory and has a retention period of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.

*Note:* This patch is rather large due to refactoring the CredentialStoreService and releated classes in an effort to make way for future features related to storing sensitive data.


Diffs (updated)
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 6d98c01 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java 708d267 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java 8351a99 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java 8ea7ca2 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java d93faec 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java 219c14b 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java 19997e7 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 425aa06 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 389f1b8 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java d3e3fa4 
  ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java 2a1ac3c 
  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 5d84fbc 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java 51f2220 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java 0652a52 
  ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java 993601b 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 9ad3da6 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java 305b122 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 44a68ae 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 8fc5325 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 8c096b0 

Diff: https://reviews.apache.org/r/37690/diff/


Testing
-------

Manually tested the following on trunk and branch-2.1:  
- backwards compatibailiy with storing and retrieving the master key and key store data
- adding a host on a non-kerberized cluster
- adding a host on a kerberized cluster
- credential retention timeout

#Local test results:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 49:19.549s
[INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
[INFO] Final Memory: 66M/1436M
[INFO] ------------------------------------------------------------------------


Thanks,

Robert Levas

Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Posted by Jonathan Hurley <jh...@hortonworks.com>.


> On Aug. 24, 2015, 9:22 a.m., Jonathan Hurley wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java, lines 958-974
> > <https://reviews.apache.org/r/37690/diff/1/?file=1047803#file1047803line958>
> >
> >     Instead of using a separate timer and single-threaded executor, could you use a Guice Cache that auto expires after the set amount of time? This would also let you vary the amount of time each entry lives in the store.
> 
> Robert Levas wrote:
>     I like that idea... I am looking into implementing this now. Thanks!
> 
> Robert Levas wrote:
>     Regarding a _Guice Cache_, are you referring to Google's Guava Cache (https://code.google.com/p/guava-libraries/wiki/CachesExplained) or something built into Guice?

Yes, that's what I was referring to. Sorry, after a certain amount of stupid library names, I start to mix them up :)


- Jonathan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/#review96142
-----------------------------------------------------------


On Aug. 21, 2015, 4:07 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37690/
> -----------------------------------------------------------
> 
> (Updated Aug. 21, 2015, 4:07 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.
> 
> 
> Bugs: AMBARI-12772
>     https://issues.apache.org/jira/browse/AMBARI-12772
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> #STR
> Install cluster via blueprints
> Enable Kerberos security
> Add host via blueprints
> 
> #Result
> Adding hosts freeze forever
> In ambari-server.log:
> ```
> The KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:
> {
>   "session_attributes" : {
>     "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
>   }
> ```
> #Cause
> This is caused because the KDC administrative credentials are not available when needed during the add host process.  If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.  
> 
> #Solution
> Store the KDC credentials to a _more secure_ global credential store that is accessible no matter what the context is.  This storage facility is in-memory and has a retention period of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.
> 
> *Note:* This patch is rather large due to refactoring the CredentialStoreService and releated classes in an effort to make way for future features related to storing sensitive data.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java ef6fc58 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java 708d267 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java 8351a99 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java 8ea7ca2 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java d93faec 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java 219c14b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java 19997e7 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 425aa06 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 389f1b8 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java d3e3fa4 
>   ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java 2a1ac3c 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 5d84fbc 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java 51f2220 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java 0652a52 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java 993601b 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 9ad3da6 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java 305b122 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 44a68ae 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 8fc5325 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 8c096b0 
> 
> Diff: https://reviews.apache.org/r/37690/diff/
> 
> 
> Testing
> -------
> 
> Manually tested the following on trunk and branch-2.1:  
> - backwards compatibailiy with storing and retrieving the master key and key store data
> - adding a host on a non-kerberized cluster
> - adding a host on a kerberized cluster
> - credential retention timeout
> 
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 49:19.549s
> [INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
> [INFO] Final Memory: 66M/1436M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Posted by Robert Levas <rl...@hortonworks.com>.


> On Aug. 24, 2015, 9:22 a.m., Jonathan Hurley wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java, line 225
> > <https://reviews.apache.org/r/37690/diff/1/?file=1047803#file1047803line225>
> >
> >     Should this be injected?

It could be, but this is really only temporary.  Eventually, we will be allowing a user to select whether the KDC administrative credentials are stored in a temporary store like this or perminately in Ambari's file-based credentials store.


> On Aug. 24, 2015, 9:22 a.m., Jonathan Hurley wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java, lines 958-974
> > <https://reviews.apache.org/r/37690/diff/1/?file=1047803#file1047803line958>
> >
> >     Instead of using a separate timer and single-threaded executor, could you use a Guice Cache that auto expires after the set amount of time? This would also let you vary the amount of time each entry lives in the store.

I like that idea... I am looking into implementing this now. Thanks!


> On Aug. 24, 2015, 9:22 a.m., Jonathan Hurley wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java, line 41
> > <https://reviews.apache.org/r/37690/diff/1/?file=1047807#file1047807line41>
> >
> >     Should this be configurable, exposed by Configuration?

This is leftover from the original implementation. I was trying to change as little as possible but allow for more flexability.


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/#review96142
-----------------------------------------------------------


On Aug. 21, 2015, 4:07 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37690/
> -----------------------------------------------------------
> 
> (Updated Aug. 21, 2015, 4:07 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.
> 
> 
> Bugs: AMBARI-12772
>     https://issues.apache.org/jira/browse/AMBARI-12772
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> #STR
> Install cluster via blueprints
> Enable Kerberos security
> Add host via blueprints
> 
> #Result
> Adding hosts freeze forever
> In ambari-server.log:
> ```
> The KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:
> {
>   "session_attributes" : {
>     "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
>   }
> ```
> #Cause
> This is caused because the KDC administrative credentials are not available when needed during the add host process.  If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.  
> 
> #Solution
> Store the KDC credentials to a _more secure_ global credential store that is accessible no matter what the context is.  This storage facility is in-memory and has a retention period of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.
> 
> *Note:* This patch is rather large due to refactoring the CredentialStoreService and releated classes in an effort to make way for future features related to storing sensitive data.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java ef6fc58 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java 708d267 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java 8351a99 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java 8ea7ca2 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java d93faec 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java 219c14b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java 19997e7 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 425aa06 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 389f1b8 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java d3e3fa4 
>   ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java 2a1ac3c 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 5d84fbc 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java 51f2220 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java 0652a52 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java 993601b 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 9ad3da6 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java 305b122 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 44a68ae 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 8fc5325 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 8c096b0 
> 
> Diff: https://reviews.apache.org/r/37690/diff/
> 
> 
> Testing
> -------
> 
> Manually tested the following on trunk and branch-2.1:  
> - backwards compatibailiy with storing and retrieving the master key and key store data
> - adding a host on a non-kerberized cluster
> - adding a host on a kerberized cluster
> - credential retention timeout
> 
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 49:19.549s
> [INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
> [INFO] Final Memory: 66M/1436M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Posted by Robert Levas <rl...@hortonworks.com>.


> On Aug. 24, 2015, 9:22 a.m., Jonathan Hurley wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java, lines 958-974
> > <https://reviews.apache.org/r/37690/diff/1/?file=1047803#file1047803line958>
> >
> >     Instead of using a separate timer and single-threaded executor, could you use a Guice Cache that auto expires after the set amount of time? This would also let you vary the amount of time each entry lives in the store.
> 
> Robert Levas wrote:
>     I like that idea... I am looking into implementing this now. Thanks!

Regarding a _Guice Cache_, are you referring to Google's Guava Cache (https://code.google.com/p/guava-libraries/wiki/CachesExplained) or something built into Guice?


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/#review96142
-----------------------------------------------------------


On Aug. 21, 2015, 4:07 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37690/
> -----------------------------------------------------------
> 
> (Updated Aug. 21, 2015, 4:07 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.
> 
> 
> Bugs: AMBARI-12772
>     https://issues.apache.org/jira/browse/AMBARI-12772
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> #STR
> Install cluster via blueprints
> Enable Kerberos security
> Add host via blueprints
> 
> #Result
> Adding hosts freeze forever
> In ambari-server.log:
> ```
> The KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:
> {
>   "session_attributes" : {
>     "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
>   }
> ```
> #Cause
> This is caused because the KDC administrative credentials are not available when needed during the add host process.  If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.  
> 
> #Solution
> Store the KDC credentials to a _more secure_ global credential store that is accessible no matter what the context is.  This storage facility is in-memory and has a retention period of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.
> 
> *Note:* This patch is rather large due to refactoring the CredentialStoreService and releated classes in an effort to make way for future features related to storing sensitive data.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java ef6fc58 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java 708d267 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java 8351a99 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java 8ea7ca2 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java d93faec 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java 219c14b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java 19997e7 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 425aa06 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 389f1b8 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java d3e3fa4 
>   ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java 2a1ac3c 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 5d84fbc 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java 51f2220 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java 0652a52 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java 993601b 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 9ad3da6 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java 305b122 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 44a68ae 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 8fc5325 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 8c096b0 
> 
> Diff: https://reviews.apache.org/r/37690/diff/
> 
> 
> Testing
> -------
> 
> Manually tested the following on trunk and branch-2.1:  
> - backwards compatibailiy with storing and retrieving the master key and key store data
> - adding a host on a non-kerberized cluster
> - adding a host on a kerberized cluster
> - credential retention timeout
> 
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 49:19.549s
> [INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
> [INFO] Final Memory: 66M/1436M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Posted by Jonathan Hurley <jh...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/#review96142
-----------------------------------------------------------



ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java (line 223)
<https://reviews.apache.org/r/37690/#comment151412>

    Should this be injected?



ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java (lines 952 - 968)
<https://reviews.apache.org/r/37690/#comment151413>

    Instead of using a separate timer and single-threaded executor, could you use a Guice Cache that auto expires after the set amount of time? This would also let you vary the amount of time each entry lives in the store.



ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java (line 41)
<https://reviews.apache.org/r/37690/#comment151414>

    Should this be configurable, exposed by Configuration?



ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java (lines 115 - 120)
<https://reviews.apache.org/r/37690/#comment151415>

    IOUtils.closeQuietly(inputstream)



ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java (lines 145 - 150)
<https://reviews.apache.org/r/37690/#comment151416>

    IOUtils.closeQuietly(inputstream)


- Jonathan Hurley


On Aug. 21, 2015, 4:07 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37690/
> -----------------------------------------------------------
> 
> (Updated Aug. 21, 2015, 4:07 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and Sid Wagle.
> 
> 
> Bugs: AMBARI-12772
>     https://issues.apache.org/jira/browse/AMBARI-12772
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> #STR
> Install cluster via blueprints
> Enable Kerberos security
> Add host via blueprints
> 
> #Result
> Adding hosts freeze forever
> In ambari-server.log:
> ```
> The KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:
> {
>   "session_attributes" : {
>     "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
>   }
> ```
> #Cause
> This is caused because the KDC administrative credentials are not available when needed during the add host process.  If set in the HTTP session, the credentials are not accessible since the Kerberos logic is executed outside the scope of that HTTP session.  
> 
> #Solution
> Store the KDC credentials to a _more secure_ global credential store that is accessible no matter what the context is.  This storage facility is in-memory and has a retention period of 90 minutes.  This solution refactors the current CredentialStoreService and MasterKeyService classes to allow for file-based and in-memory implementations. It also paves the way for future changes to allow for the KDC administrative credentials to be persisted indefinitely.
> 
> *Note:* This patch is rather large due to refactoring the CredentialStoreService and releated classes in an effort to make way for future features related to storing sensitive data.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java ef6fc58 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java cb9e6ca 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java 708d267 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java 8351a99 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java 8ea7ca2 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java d93faec 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java 219c14b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java 19997e7 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java 425aa06 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 389f1b8 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java d3e3fa4 
>   ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java 2a1ac3c 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 5d84fbc 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java 51f2220 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java 0652a52 
>   ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java 993601b 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 9ad3da6 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java 305b122 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 44a68ae 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 8fc5325 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 8c096b0 
> 
> Diff: https://reviews.apache.org/r/37690/diff/
> 
> 
> Testing
> -------
> 
> Manually tested the following on trunk and branch-2.1:  
> - backwards compatibailiy with storing and retrieving the master key and key store data
> - adding a host on a non-kerberized cluster
> - adding a host on a kerberized cluster
> - credential retention timeout
> 
> #Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 49:19.549s
> [INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
> [INFO] Final Memory: 66M/1436M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>