[jira] [Resolved] (AMBARI-11752) Kerberos: adjust ambari headless principals for unique names

Mon, 08 Jun 2015 07:35:47 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-11752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas resolved AMBARI-11752.
-----------------------------------
    Resolution: Fixed

Committed to trunk
{noformat}
commit ecb2b05e0ea9482245255ecd219ad95162495739
Author: Robert Levas <[email protected]>
Date:   Mon Jun 8 10:31:24 2015 -0400
{noformat}

Committed to branch-2.1
{noformat}
commit 0bad2efd49ef56d837b7399ff34ecfbf5fd5c5ef
Author: Robert Levas <[email protected]>
Date:   Mon Jun 8 10:32:47 2015 -0400
{noformat}

> Kerberos: adjust ambari headless principals for unique names
> ------------------------------------------------------------
>
>                 Key: AMBARI-11752
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11752
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos, kerberos_descriptor
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-11752_01.patch
>
>
> 1) Rollup all headless principal names up to Ambari Principals tab. Currently 
> looks like Storm and Spark are on second tab, under their section, not under 
> Ambari tab with ambari-qa, hdfs, hbase, etc. Also make sure the UI has user 
> readable labels like the others for consistency (see the screen shot. 
> spark.history.kerberos.principal should be "Spark user principal" for 
> example).
> 2) By default, all of these to be cluster-name scoped by default. 
> {code}-${cluster_name}{code} It does no harm for those that don't care... And 
> for those that care about headless principal names to be unique, this ends up 
> being done by default (and saves the user from having to remember to set it 
> this way).
> Ultimately when users want to add variables to their principal names they 
> will be doing it across the board - whatever we can do to make it easier for 
> users to do so, would be better.  If we had all principals in one pane they 
> can quickly add all of them and visually validate.
> *Solution*
> Update the details for all _user_ ({{identities/type = user}}) Kerberos 
> Identity entries in {{kerberos.json}} files to add the following to the 
> principal name
> {code}
> -${cluster_name}
> {code}
> For example:
> {code}
> ${hadoop-env/hdfs_user}@${realm}
> {code}
> to
> {code}
> ${hadoop-env/hdfs_user}-${cluster_name}@${realm}
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to