----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51724/#review149443 -----------------------------------------------------------
I think this is incorrect. The Metrics Monitor should authenticate with its own service principal, not the SPNEGO principal. That is used for web-based services, like Ambari's web-based interface. There should be an `ams/_HOST` principal for this, instead. ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/config_reader.py (line 112) <https://reviews.apache.org/r/51724/#comment217081> The path to the SPNEGO keytab file and the SPNEGO principal name must not be hard coded. There should be a relevant config property for this and it should be set via the Kerberos descriptor. - Robert Levas On Sept. 8, 2016, 1:27 p.m., Qin Liu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/51724/ > ----------------------------------------------------------- > > (Updated Sept. 8, 2016, 1:27 p.m.) > > > Review request for Ambari, Di Li, Dmytro Sen, and Sid Wagle. > > > Bugs: AMBARI-17898 > https://issues.apache.org/jira/browse/AMBARI-17898 > > > Repository: ambari > > > Description > ------- > > ()This is a subtask of AMBARI-14384 "Ambari Metrics doesn't use SPNEGO to > authenticate". > > In a Kerberos enabled cluster with SPNEGO enabled on Hadoop APIs, Ambari > Metrics Collector (in AMS distributed mode) web-console will be Kerberos HTTP > SPNEGO enabled too. But Ambari Metrics Monitor, a client of Ambari Metrics > Collector, currently does not support Kerberos HTTP SPNEGO authentication. > > /var/log/ambari-metrics-monitor/ambari-metrics-monitor.out: > 2015-12-15 13:26:30,663 [INFO] emitter.py:101 - server: > http://metrics-collector:6188/ws/v1/timeline/metrics > 2015-12-15 13:26:30,671 [WARNING] emitter.py:84 - Error sending metrics to > server. HTTP Error 401: Authentication required > 2015-12-15 13:26:30,671 [WARNING] emitter.py:90 - Retrying after 5 ... > > > Diffs > ----- > > ambari-metrics/ambari-metrics-host-monitoring/conf/unix/metric_monitor.ini > 3e5d861 > > ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/config_reader.py > 02f0ce3 > > ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/emitter.py > 6997108 > > ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/faked_kerberos.py > PRE-CREATION > > ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/spnego_kerberos_auth.py > PRE-CREATION > > ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py > fc95aa7 > > ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/metric_monitor.ini.j2 > 383a0de > > Diff: https://reviews.apache.org/r/51724/diff/ > > > Testing > ------- > > 1. The fix has been tested with HDP-2.5.0.0/branch-2.4 UI (spnego enabled and > non-kerbero scenarios) > - the patch can be applied to branch-2.4 without any changes. > - I was not able to test it on trunk because the current trunk version of > metrics collector was not able to start > 2. The fix has passed existing unittest cases in both trunk and branch-2.4 > 3. I didn't add new unittest cases because I don't know how to create a > kerberos enabled the cluster in unittest cases. - please advise me on this, > thx! > > > Thanks, > > Qin Liu > >