[
https://issues.apache.org/jira/browse/AMBARI-8542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14234336#comment-14234336
]
Hadoop QA commented on AMBARI-8542:
-----------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12685117/AMBARI-8542_01.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 7 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
ambari-server.
Test results:
https://builds.apache.org/job/Ambari-trunk-test-patch/811//testReport/
Console output:
https://builds.apache.org/job/Ambari-trunk-test-patch/811//console
This message is automatically generated.
> Provide a way to parse and handle Kerberos descriptors
> ------------------------------------------------------
>
> Key: AMBARI-8542
> URL: https://issues.apache.org/jira/browse/AMBARI-8542
> Project: Ambari
> Issue Type: Task
> Components: ambari-server, stacks
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: kerberos, kerberos_descriptor, stack
> Fix For: 2.0.0
>
> Attachments: AMBARI-8542_01.patch
>
>
> Provide the ability to read in Kerberos descriptor files (kerberos.json) from
> the stack at various levels (stack-level, service-level) and to merge them
> into a single hierarchy. The composite Kerberos descriptor data will be used
> to control the UI (Kerberos Wizard - see AMBARI-7450).
> An example stack-level Kerberos Descriptor:
> {code}
> {
> "properties": {
> "realm": "${cluster-env/kerberos_domain}",
> "keytab_dir": "/etc/security/keytabs"
> },
> "identities": [
> {
> "name": "spnego",
> "principal": {
> "value": "HTTP/_HOST@${realm}"
> },
> "keytab": {
> "file": "${keytab_dir}/spnego.service.keytab",
> "owner": {
> "name": "root",
> "access": "r"
> },
> "group": {
> "name": "${cluster-env/user_group}",
> "access": "r"
> }
> }
> }
> ],
> "configurations": [
> ]
> }
> {code}
> An example service-level Kerberos Descriptor - HDFS:
> {code}
> {
> "configurations": [
> {
> "core-site": {
> "hadoop.security.authentication": "kerberos",
> "hadoop.rpc.protection": "authentication; integrity; privacy",
> "hadoop.security.authorization": "true"
> }
> }
> ],
> "components": [
> {
> "name": "NAMENODE",
> "identities": [
> {
> "name" : "namenode_nn",
> "principal": {
> "value": "nn/_HOST@${realm}",
> "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
> },
> "keytab": {
> "file": "${keytab_dir}/nn.service.keytab",
> "owner": {
> "name": "${hadoop-env/hdfs_user}",
> "access": "r"
> },
> "group": {
> "name": "${cluster-env/user_group}",
> "access": ""
> },
> "configuration": "hdfs-site/dfs.namenode.keytab.file"
> }
> },
> {
> "name" : "namenode_host",
> "principal": {
> "value": "host/_HOST@${realm}",
> "configuration": "hdfs-site/dfs.namenode.kerberos.https.principal"
> },
> "keytab": {
> "file": "${keytab_dir}/host.keytab",
> "owner": {
> "name": "${hadoop-env/hdfs_user}",
> "access": "r"
> },
> "group": {
> "name": "${cluster-env/user_group}",
> "access": ""
> },
> "configuration": "hdfs-site/dfs.namenode.keytab.file"
> }
> },
> {
> "name" : "/spnego",
> "principal": {
> "configuration":
> "hdfs-site/dfs.web.authentication.kerberos.principal"
> },
> "keytab": {
> "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
> }
> }
> ]
> },
> {
> "name": "DATANODE",
> "identities": [
> {
> "name" : "datanode_dn",
> "principal": {
> "value": "dn/_HOST@${realm}",
> "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
> },
> "keytab": {
> "file": "${keytab_dir}/dn.service.keytab",
> "owner": {
> "name": "${hadoop-env/hdfs_user}",
> "access": "r"
> },
> "group": {
> "name": "${cluster-env/user_group}",
> "access": ""
> },
> "configuration": "hdfs-site/dfs.namenode.keytab.file"
> }
> },
> {
> "name" : "datanode_host",
> "principal": {
> "value": "host/_HOST@${realm}",
> "configuration": "hdfs-site/dfs.datanode.kerberos.https.principal"
> },
> "keytab": {
> "file": "${keytab_dir}/host.keytab.file",
> "owner": {
> "name": "${hadoop-env/hdfs_user}",
> "access": "r"
> },
> "group": {
> "name": "${cluster-env/user_group}",
> "access": ""
> },
> "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
> }
> }
> ]
> },
> {
> "name": "SECONDARY_NAMENODE",
> "identities": [
> {
> "name" : "secondary_namenode_nn",
> "principal": {
> "value": "nn/_HOST@${realm}",
> "configuration":
> "hdfs-site/dfs.namenode.secondary.kerberos.principal"
> },
> "keytab": {
> "file": "${keytab_dir}/snn.service.keytab",
> "owner": {
> "name": "${hadoop-env/hdfs_user}",
> "access": "r"
> },
> "group": {
> "name": "${cluster-env/user_group}",
> "access": ""
> },
> "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
> }
> },
> {
> "name" : "secondary_namenode_host",
> "principal": {
> "value": "host/_HOST@${realm}",
> "configuration":
> "hdfs-site/dfs.namenode.secondary.kerberos.https.principal"
> },
> "keytab": {
> "file": "${keytab_dir}/host.keytab.file",
> "owner": {
> "name": "${hadoop-env/hdfs_user}",
> "access": "r"
> },
> "group": {
> "name": "${cluster-env/user_group}",
> "access": ""
> },
> "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
> }
> },
> {
> "name" : "/spnego",
> "principal": {
> "configuration":
> "hdfs-site/dfs.web.authentication.kerberos.principal"
> },
> "keytab": {
> "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
> }
> }
> ]
> }
> ]
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
