Re: Review Request 44148: Add FreeIPA support to Ambari.

Wed, 02 Mar 2016 10:49:20 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44148/
-----------------------------------------------------------

(Updated mrt 2, 2016, 6:48 p.m.)


Review request for Ambari, Jaimin Jetly, Robert Levas, and Yusaku Sako.


Changes
-------

Comments addressed (also from JIRA).


Bugs: AMBARI-6432
    https://issues.apache.org/jira/browse/AMBARI-6432


Repository: ambari


Description
-------

FreeIPA is the active directory equivalent for Linux. This patch adds support 
for FreeIPA. It requires ipa-admintools to be installed on the ambari host. In 
addition it either requires wite access to the krbPasswordPassword attribute or 
a suitable password policy needs to be in place (ipa pwpolicy).

It has been requested to have this implemented in several tickets.

To test.

* Have a working IPA server available
* Create a group "ambari-managed-principals" (configurable)
* Create a password policy for this group or make the krb5PasswordExpiry 
attribute writable (not per se required for testing)
* Enroll all hosts into ipa
* make sure the ipa-admintools are available on the ambari host


Diffs (updated)
-----

  
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 be6edc9 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCType.java
 5b1372a 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
 4cd050e 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerFactory.java
 bfd45b7 
  
ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
 947b336 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
 a03dea6 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
 PRE-CREATION 
  ambari-web/app/controllers/main/admin/kerberos.js c021c89 
  ambari-web/app/controllers/main/admin/kerberos/step1_controller.js b9056ed 
  ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 9b411c6 
  ambari-web/app/controllers/main/admin/kerberos/step5_controller.js 5aa4b8c 
  ambari-web/app/controllers/main/service/info/configs.js a22bb48 
  ambari-web/app/data/HDP2/site_properties.js 5ad24fc 
  ambari-web/app/messages.js a74c5bc 
  ambari-web/app/views/common/controls_view.js d355ffe 

Diff: https://reviews.apache.org/r/44148/diff/


Testing
-------

FreeIPA 4.2 on CentOS 7. Multiple times kerberization and de-kerberization.


Thanks,

Bolke de Bruin

Reply via email to