You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2015/02/02 23:55:26 UTC
[jira] [Commented] (AMBARI-9261) Ensure enable/disable Kerberos
logic should invoke only when state of security flag is changed
[ https://issues.apache.org/jira/browse/AMBARI-9261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14302263#comment-14302263 ]
Hudson commented on AMBARI-9261:
--------------------------------
FAILURE: Integrated in Ambari-trunk-Commit-docker #841 (See [https://builds.apache.org/job/Ambari-trunk-Commit-docker/841/])
AMBARI-9261. Ensure enable/disable Kerberos logic should invoke only when state of security flag is changed (rlevas) (rlevas: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=859279a37d098bd4da89ec2e7c08c837f8698f15)
* ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
Revert "AMBARI-9261. Ensure enable/disable Kerberos logic should invoke only when state of security flag is changed (rlevas)" (yusaku: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=4a3e05a9d4bb9f1a8c714e5b707772d540caabe8)
* ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
AMBARI-9261. Ensure enable/disable Kerberos logic should invoke only when state of security flag is changed (rlevas) (rlevas: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=3985154fe7dab84276976b6761fa9442ee991fc1)
* ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
> Ensure enable/disable Kerberos logic should invoke only when state of security flag is changed
> ----------------------------------------------------------------------------------------------
>
> Key: AMBARI-9261
> URL: https://issues.apache.org/jira/browse/AMBARI-9261
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Blocker
> Labels: kerberos, security
> Fix For: 2.0.0
>
> Attachments: AMBARI-9261_01.patch, AMBARI-9261_02.patch
>
>
> The logic to enable or disable Kerberos is typically invoked when the Cluster resource is updated. This occurs for several reasons, not all of them indicate the state of Kerberos should be altered.
> By processing all updated to the Cluster resource, the enable/disable Kerberos may get invoked when not necessary causing _noise_ on the task list and potentially generating an error condition if the KDC administrator credentials are not available. Certain states of the system will trigger the enable/disable Kerberos logic to perform tasks requiring the KDC administrator credentials. If not explicitly handing the security state change, this behavior is not desired.
> To solve the issue, test the request on the update Cluster resource to see if the security state property (cluster-env/security_enabled) has been altered, if so invoke enable/disable Kerberos logic; else do not invoke enable/disable Kerberos logic.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)