[jira] [Updated] (AMBARI-12450) Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed

Fri, 17 Jul 2015 13:01:32 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-12450?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas updated AMBARI-12450:
----------------------------------
    Attachment: AMBARI-12450_01.patch

> Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-12450
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12450
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0, 2.0.1, 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos, rest_api
>             Fix For: 2.1.1
>
>         Attachments: AMBARI-12450_01.patch
>
>
> When querying for information about services installed in a Kerberized 
> cluster via the REST API, the ServiceResourceProvider always attempts to 
> contact the KDC (or Active Directory) if the KERBEROS service is selected 
> within the query. 
> This can be seen about every 15 seconds,  when the UI queries for the state 
> of the services in a Kerberized cluster using the following query:
> {noformat}
> GET  
> /api/v1/clusters/{cluster_name}/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state&minimal_response=true
> {noformat}
> The result from this query does not contain the KDC connectivity attributes 
> (which is expected), yet the detail are obtained.  
> This issue causes excess overhead in Ambari as well as on the relevant KDC or 
> Active Directory. Also the kdamin.log fills up with messages like:
> {noformat:title=/var/log/kadmind.log}
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_init, 
> admin/ad...@example.com, success, client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: 
> kadm5_get_principal, admin/ad...@example.com, success, 
> client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128
> Jun 29 14:31:42 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_init, 
> admin/ad...@example.com, success, client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: 
> kadm5_get_principal, admin/ad...@example.com, success, 
> client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128
> Jun 29 14:32:49 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_init, 
> admin/ad...@example.com, success, client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: 
> kadm5_get_principal, admin/ad...@example.com, success, 
> client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128
> Jun 29 14:34:35 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_init, 
> admin/ad...@example.com, success, client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: 
> kadm5_get_principal, admin/ad...@example.com, success, 
> client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128
> Jun 29 14:35:28 some-host-1 kadmind[2383](info): closing down fd 29
> {noformat}
> *Solution*
> Only query for the KDC attributes when explicitly or implicitly queried. This 
> can be done by conditionally setting the relevant properties near 
> {{org/apache/ambari/server/controller/internal/ServiceResourceProvider.java:1394}}
>  by inspecting the request for relevant identifiers using something like the 
> following:
> {code}
> requestedIds.contains(propertyId) || isPropertyCategoryRequested(propertyId, 
> requestedIds);
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to