Robert Levas created AMBARI-12450:
-------------------------------------
Summary: Kerberos: ServiceResourceProvider queries for KDC
connectivity when not needed
Key: AMBARI-12450
URL: https://issues.apache.org/jira/browse/AMBARI-12450
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.0.0, 2.0.1, 2.1.0
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.1.1
When querying for information about services installed in a Kerberized cluster
via the REST API, the ServiceResourceProvider always attempts to contact the
KDC (or Active Directory) if the KERBEROS service is selected within the query.
This can be seen about every 15 seconds, when the UI queries for the state of
the services in a Kerberized cluster using the following query:
{noformat}
GET
/api/v1/clusters/{cluster_name}/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state&minimal_response=true
{noformat}
The result from this query does not contain the KDC connectivity attributes
(which is expected), yet the detail are obtained.
This issue causes excess overhead in Ambari as well as on the relevant KDC or
Active Directory. Also the kdamin.log fills up with messages like:
{noformat:title=/var/log/kadmind.log}
Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_init,
admin/ad...@example.com, success, client=admin/ad...@example.com,
service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com,
addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request:
kadm5_get_principal, admin/ad...@example.com, success,
client=admin/ad...@example.com,
service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com,
addr=10.240.70.128
Jun 29 14:31:42 some-host-1 kadmind[2383](info): closing down fd 29
Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_init,
admin/ad...@example.com, success, client=admin/ad...@example.com,
service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com,
addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request:
kadm5_get_principal, admin/ad...@example.com, success,
client=admin/ad...@example.com,
service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com,
addr=10.240.70.128
Jun 29 14:32:49 some-host-1 kadmind[2383](info): closing down fd 29
Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_init,
admin/ad...@example.com, success, client=admin/ad...@example.com,
service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com,
addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request:
kadm5_get_principal, admin/ad...@example.com, success,
client=admin/ad...@example.com,
service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com,
addr=10.240.70.128
Jun 29 14:34:35 some-host-1 kadmind[2383](info): closing down fd 29
Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_init,
admin/ad...@example.com, success, client=admin/ad...@example.com,
service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com,
addr=10.240.70.128, vers=3, flavor=6
Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request:
kadm5_get_principal, admin/ad...@example.com, success,
client=admin/ad...@example.com,
service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com,
addr=10.240.70.128
Jun 29 14:35:28 some-host-1 kadmind[2383](info): closing down fd 29
{noformat}
*Solution*
Only query for the KDC attributes when explicitly or implicitly queried. This
can be done by conditionally setting the relevant properties near
{{org/apache/ambari/server/controller/internal/ServiceResourceProvider.java:1394}}
by inspecting the request for relevant identifiers using something like the
following:
{code}
requestedIds.contains(propertyId) || isPropertyCategoryRequested(propertyId,
requestedIds);
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
