[jira] [Commented] (AMBARI-12450) Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed

[Hudson (JIRA)]

    [ 
https://issues.apache.org/jira/browse/AMBARI-12450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14635309#comment-14635309
 ] 

Hudson commented on AMBARI-12450:
---------------------------------

SUCCESS: Integrated in Ambari-trunk-Commit #3140 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/3140/])
AMBARI-12450. Kerberos: ServiceResourceProvider queries for KDC connectivity 
when not needed (rlevas) (rlevas: 
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=78286e21aa35e13e05ecc3a552579c42842cc800)
* 
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java
* 
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BaseProvider.java
* 
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java


> Kerberos: ServiceResourceProvider queries for KDC connectivity when not needed
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-12450
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12450
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0, 2.0.1, 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos, rest_api
>             Fix For: 2.1.1
>
>         Attachments: AMBARI-12450_01.patch
>
>
> When querying for information about services installed in a Kerberized 
> cluster via the REST API, the ServiceResourceProvider always attempts to 
> contact the KDC (or Active Directory) if the KERBEROS service is selected 
> within the query. 
> This can be seen about every 15 seconds,  when the UI queries for the state 
> of the services in a Kerberized cluster using the following query:
> {noformat}
> GET  
> /api/v1/clusters/{cluster_name}/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state&minimal_response=true
> {noformat}
> The result from this query does not contain the KDC connectivity attributes 
> (which is expected), yet the detail are obtained.  
> This issue causes excess overhead in Ambari as well as on the relevant KDC or 
> Active Directory. Also the kdamin.log fills up with messages like:
> {noformat:title=/var/log/kadmind.log}
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: kadm5_init, 
> admin/ad...@example.com, success, client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:31:42 some-host-1 kadmind[2383](Notice): Request: 
> kadm5_get_principal, admin/ad...@example.com, success, 
> client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128
> Jun 29 14:31:42 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: kadm5_init, 
> admin/ad...@example.com, success, client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:32:49 some-host-1 kadmind[2383](Notice): Request: 
> kadm5_get_principal, admin/ad...@example.com, success, 
> client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128
> Jun 29 14:32:49 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: kadm5_init, 
> admin/ad...@example.com, success, client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:34:35 some-host-1 kadmind[2383](Notice): Request: 
> kadm5_get_principal, admin/ad...@example.com, success, 
> client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128
> Jun 29 14:34:35 some-host-1 kadmind[2383](info): closing down fd 29
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: kadm5_init, 
> admin/ad...@example.com, success, client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128, vers=3, flavor=6
> Jun 29 14:35:28 some-host-1 kadmind[2383](Notice): Request: 
> kadm5_get_principal, admin/ad...@example.com, success, 
> client=admin/ad...@example.com, 
> service=kadmin/some-host-1.c.pramod-thangali.inter...@example.com, 
> addr=10.240.70.128
> Jun 29 14:35:28 some-host-1 kadmind[2383](info): closing down fd 29
> {noformat}
> *Solution*
> Only query for the KDC attributes when explicitly or implicitly queried. This 
> can be done by conditionally setting the relevant properties near 
> {{org/apache/ambari/server/controller/internal/ServiceResourceProvider.java:1394}}
>  by inspecting the request for relevant identifiers using something like the 
> following:
> {code}
> requestedIds.contains(propertyId) || isPropertyCategoryRequested(propertyId, 
> requestedIds);
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)