Re: Review Request 37690: Adding host via blueprint fails on secure cluster

Wed, 02 Sep 2015 09:56:27 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37690/
-----------------------------------------------------------

(Updated Sept. 2, 2015, 12:55 p.m.)


Review request for Ambari, Jonathan Hurley, Larry McCay, Robert Nettleton, and 
Sid Wagle.


Changes
-------

- Added named threads to the scheduled cleanup process in the 
InMemoryCredentialStoreService
- Used logger-specific string formatter rather than String.format in 
InMemoryCredentialStoreService


Bugs: AMBARI-12772
    https://issues.apache.org/jira/browse/AMBARI-12772


Repository: ambari


Description
-------

#STR
Install cluster via blueprints
Enable Kerberos security
Add host via blueprints

#Result
Adding hosts freeze forever
In ambari-server.log:
```
The KDC administrator credentials must be set in session by updating the 
relevant Cluster resource.This may be done by issuing a PUT to the 
api/v1/clusters/(cluster name) API entry point with the following payload:
{
  "session_attributes" : {
    "kerberos_admin" : {"principal" : "(PRINCIPAL)", "password" : "(PASSWORD)"}
  }
```
#Cause
This is caused because the KDC administrative credentials are not available 
when needed during the add host process.  If set in the HTTP session, the 
credentials are not accessible since the Kerberos logic is executed outside the 
scope of that HTTP session.  

#Solution
Store the KDC credentials to a _more secure_ global credential store that is 
accessible no matter what the context is.  This storage facility is in-memory 
and has a retention period of 90 minutes.  This solution refactors the current 
CredentialStoreService and MasterKeyService classes to allow for file-based and 
in-memory implementations. It also paves the way for future changes to allow 
for the KDC administrative credentials to be persisted indefinitely.

*Note:* This patch is rather large due to refactoring the 
CredentialStoreService and releated classes in an effort to make way for future 
features related to storing sensitive data.


Diffs (updated)
-----

  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 6d98c01 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
 cb9e6ca 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 708d267 
  
ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java
 8351a99 
  
ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java
 8ea7ca2 
  
ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
 d93faec 
  
ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
 219c14b 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java
 19997e7 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
 425aa06 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
 389f1b8 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
 d3e3fa4 
  
ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
 2a1ac3c 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
 5d84fbc 
  
ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
 51f2220 
  
ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java
 0652a52 
  
ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java
 993601b 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
 9ad3da6 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java
 305b122 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
 44a68ae 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
 8fc5325 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
 8c096b0 

Diff: https://reviews.apache.org/r/37690/diff/


Testing
-------

Manually tested the following on trunk and branch-2.1:  
- backwards compatibailiy with storing and retrieving the master key and key 
store data
- adding a host on a non-kerberized cluster
- adding a host on a kerberized cluster
- credential retention timeout

#Local test results:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 49:19.549s
[INFO] Finished at: Fri Aug 21 15:55:04 EDT 2015
[INFO] Final Memory: 66M/1436M
[INFO] ------------------------------------------------------------------------


Thanks,

Robert Levas

Reply via email to